Server Basics 10: How to configure group policy (Part 2)

In first part of this “configure group policy” tutorial we went through group policy, and learned how to deploy an app through Group Policy. In this second part we will learn how to alter Windows settings through group policy.

I will not go through every detail in this tutorial since I covered all of the steps mentioned here in previous parts.

Before we begin

We will first create new OU on our domain controller (ServerBasicsAD) in Active Directory Users and Computers. I will name it ClientPCs and move ServerBascisCL1 and CL2 to it from Computers OU.

We will set for our Clients CL1 and CL2 Audit account logon events to Success/Failure and same for Audit logon events.

We will do it for both Development and Sales departments.

Configuration

Head on to Group Policy Configuration Management | Select ClientPCs and create a new group policy object. I will name it LogonEventsAudit.

Right click on it and select Edit

Navigate to the Computer Configuration | Policies | Windows Settings | Security Settings | Local Policies | Audit Policy | click on Audit account logon events | select Define these policy settings, and set them to Success and Failure

Apply | OK

Repeat for Audit logon events

Close all the windows, navigate to LogonEventsAudit object and go to Settings tab and confirm that these values are set.

Go to ServerBasicsCL1 PC, login, start command prompt (as Administrator) and enter following command

gpupdate /force

It should successfully update policy.

Now, lets go to Control Panel | Administrative tools | Local Security Policy | Local Policies | Audit Policy

Changes are applied!!

Now, lets go to the ServerBasicsCL2 and repeat the same gpupdate /force command

Also great success.

This way, you can set a lot of settings and rules for your client centralized, from one place. It really is very convenient. You will just have to know where to find option you want in Group Policy.

Conclusion

We are done with group policy. You learned how to deploy Group Policy by department (Development, Sales) or through out your company (by using ClientPCs). This is very powerful and convenient tool which will save you a lot of time, so use it.

In the beginning at the ServerBasics 02 I wrote that you don’t need to manually set every server or client PC – when you establish domain – Group Policy will do that for you.

Ok, we now know a little bit about domain and essential services so we can move on into something else.

Disclaimer