Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and user’s settings in an Active Directory environment. A version of Group Policy called Local Group Policy (“LGPO” or “LocalGPO”) also allows Group Policy Object management on standalone and non-domain computers.
Group Policy, in part, controls what users can and cannot do on a computer system: for example, to enforce a password complexity policy that prevents users from choosing an overly simple password, to allow or prevent unidentified users from remote computers to connect to a network share, to block access to the Windows Task Manager or to restrict access to certain folders. A set of such configurations is called a Group Policy Object (GPO).
As part of Microsoft’s IntelliMirror technologies, Group Policy aims to reduce the cost of supporting users. IntelliMirror technologies relate to the management of disconnected machines or roaming users and include roaming user profiles, folder redirection, and offline files.
Local Group Policy Editor
Local Group Policy (LGP, or LocalGPO) is a more basic version of Group Policy for standalone and non-domain computers, that has existed at least since Windows XP Home Edition, and can be applied to domain computers. Prior to Windows Vista, LGP could enforce a Group Policy Object for a single local computer, but could not make policies for individual users or groups. From Windows Vista onward, LGP allow Local Group Policy management for individual users and groups as well, and also allows backup, importing and exporting of policies between standalone machines via “GPO Packs” – group policy containers which include the files needed to import the policy to the destination machine.
Group Policy Preferences
There is a set of group policy setting extensions that were previously known as PolicyMaker. Microsoft bought PolicyMaker and then integrated them with Windows Server 2008. Microsoft has since released a migration tool that allows users to migrate PolicyMaker items to Group Policy Preferences.
Group Policy Preferences adds a number of new configuration items. These items also have a number of additional targeting options that can be used to granularly control the application of these setting items.
Group Policy Preferences are compatible with x86 and x64 versions of Windows XP, Windows Server 2003, and Windows Vista with the addition of the Client Side Extensions (also known as CSE).
Client Side Extensions are now included in Windows Server 2008, Windows 7, and Windows Server 2008 R2