In first part of this “configure group policy” tutorial we went through group policy, and learned how to deploy an app through Group Policy. In this second part we will learn how to alter Windows settings through group policy.
I will not go through every detail in this tutorial since I covered all of the steps mentioned here in previous parts.
Before we begin
We will first create new OU on our domain controller (ServerBasicsAD) in Active Directory Users and Computers. I will name it ClientPCs and move ServerBascisCL1 and CL2 to it from Computers OU.
We will set for our Clients CL1 and CL2 Audit account logon events to Success/Failure and same for Audit logon events.
We will do it for both Development and Sales departments.
Configuration
Head on to Group Policy Configuration Management | Select ClientPCs and create a new group policy object. I will name it LogonEventsAudit.
Right click on it and select Edit
Navigate to the Computer Configuration | Policies | Windows Settings | Security Settings | Local Policies | Audit Policy | click on Audit account logon events | select Define these policy settings, and set them to Success and Failure
Apply | OK
Repeat for Audit logon events
Close all the windows, navigate to LogonEventsAudit object and go to Settings tab and confirm that these values are set.
Go to ServerBasicsCL1 PC, login, start command prompt (as Administrator) and enter following command
gpupdate /force
It should successfully update policy.
Now, lets go to Control Panel | Administrative tools | Local Security Policy | Local Policies | Audit Policy
Changes are applied!!
Now, lets go to the ServerBasicsCL2 and repeat the same gpupdate /force command
Also great success.
This way, you can set a lot of settings and rules for your client centralized, from one place. It really is very convenient. You will just have to know where to find option you want in Group Policy.
Conclusion
We are done with group policy. You learned how to deploy Group Policy by department (Development, Sales) or through out your company (by using ClientPCs). This is very powerful and convenient tool which will save you a lot of time, so use it.
In the beginning at the ServerBasics 02 I wrote that you don’t need to manually set every server or client PC – when you establish domain – Group Policy will do that for you.
Ok, we now know a little bit about domain and essential services so we can move on into something else.