Group Policy Application Process

Group Policy Application Process

 
When the policy application process has to retrieve Group Policy information to apply to the Group Policy client, it uses a pull approach. For instance, the Group Policy client polls the Group Policy server to look for new policy settings supplied by the Group Policy administrator that impact either the client machine itself or a domain user who is actively logged into the client computer.
 
The application of Group Policy is provided in two forms to satisfy these requirements. The first is called computer policy mode, and it has an impact on both the client computer and every user that logs on to it. The second is called user policy mode, and it only has an impact on the users who log on to the client computer. For user policy mode, the policy target is a domain user account, for which policy settings are received. In computer policy mode, a domain computer account serves as the policy target, from which the policy settings are retrieved.

Group Policy Application process:

 
The application of Group Policy is triggered by specific events, such as a user logon or computer startup. Following is a summary of specified actions of the Group Policy client that are carried out by the core Group Policy engine running on the Group Policy client:
 
  • DC discovery: The group policy client looks out for a Domain Controller (DC) and connects to the Active Directory.
  • DN discovery: The Group Policy client looks for the policy target's DN, which is used to search for GPOs that are relevant.
  • Domain SOM search: A domain SOM search defines hierarchical levels from which GPOs apply to policy targets; these levels include the domain, site, and organizational unit (OU) levels. The Group Policy Client target account is affected by any GPOs that are associated with the domain, as the Group Policy Client searches the Group Policy server for any such GPOs.
  • Site SOM search: The Group Policy client queries the Group Policy server for any GPOs that are linked to the site container, which therefore applies to the Group Policy client policy target account.
  • GPO filter evaluation: Each GPO is examined by the Group Policy client to determine its functioning version, disabled or enabled state, empty status, and security privileges. These verifications establish whether the GPO is approved or disapproved for application to the Group Policy client.
  • WMI filter evaluation: The Windows Management Instrumentation (WMI) are filters that restrict the set of GPOs that can be used by Group Policy extensions and are retrieved by the Group Policy client from the Group Policy server.
  • Link speed discovery: The Group Policy client attempts to estimate the network speed of its connection to the Group Policy server.
  • Extension protocol sequences: The Group Policy client decides which CSEs for user policy mode and computer policy mode apply to it, and then it executes a protocol sequence to have each CSE apply its settings to the Group Policy client.
  • Policy change event: The Group Policy client raises a local Policy Change event at the end of policy application to indicate that a policy has changed. 

    • Related Articles

    • Best Practices for Configuring Group Policy Objects

      GPO Best Practices Group Policy makes dealing with your operating system easier and more effective. In addition, this allows you further control over network accounts. This makes your network safer from outsiders. Moreover, it reduces the trusted ...
    • Group Policy

      In a nutshell, a Group Policy is a collection of settings, which determine how a unit of users/computers should behave. The Two Types of Group Policies: Administrators can use Group Policies to enforce a set of configuration settings to both the ...
    • Group Policy Object

      Administrators frequently turn to group policy objects to control user accounts and user activity in an Active Directory environment. In this video, we deep-dive into GPO basics such as why group policies are needed, the components of group policies, ...
    • Group Policy Results

      It is always a good practice to know what policy settings are being applied to a user or computer, since GPO imposes a lot of restrictions and customizations on the user and computer. So, if something is amiss, a review of the policy settings will ...
    • Group Policy Objects

      Group Policy settings are stored in the form of Group Policy Objects (GPOs). GPOs can be created like any other active directory object and is linked to a Site, domain or OU in which the policy settings have to be applied. The GPO stores its ...