Getting Started with Active Directory

  • Last Created On Dec 09, 2024
  • 10
0 0

With Active Directory, you can give your Windows Server a lot more power. One of its great features is assigning policies. In this tutorial, I will show you how you can assign a policy to a certain group in Windows Server. We stick to a specific group because if all groups would share the same policies, that would negate the purpose of using policies.

Policies are basically “rules”. Say that you have a marketing and a sales department. Now let’s assume you trust the sales department more than the marketing department, and you want to allow them to change the background of their computer. With a policy, you can set that the sales department can change their desktop background, but the marketing department cannot.

Step 1: Creating a group in Active Directory

Before you can assign policies to groups, you need to create the group first. This can be achieved by accessing “Active Directory Users and Computers” on Windows Server. In the sidebar, you will see your domain. Expand it by double-clicking it. You will now see a number of folders. The first thing that we have to do is to create an OU (Organizational Unit). To do this, right-click your domain, go to “New -> Organizational Unit”. Give it an appropriate name, such as “Departments”.

Next, double-click “Departments”. As we do not yet have any users or groups, it will say “There are no items to show in this view”.

Let’s add a group so that we can later assign users to it. To do this, right-click your Organizational Unit (“Departments”) and go to “New -> Group”. Enter a group name (“Marketing”) and Windows will automatically enter the pre-Windows 2000 group name. You can leave the “Group scope” and “Group type” default.

Click “OK”. You have created a group.

Step 2: Add a user

Now that we have a group, we want to add a user so that we can assign the user to the group. To do this, right-click on your Organizational Unit (“Departments”) and go to “New -> User”. You will be asked for a number of things here. The user fields (first name, last name, etc) are straightforward. The user logon name is the user’s username. If you have multiple domains, make sure to select the right one.

Click “OK”, and the user is created.

Step 3: Assigning the user to a group

Go to your Organizational Unit (‘Departments’) and select the user that you want to assign to a group. When you right-click that user, and click “Properties”, a window will show with a lot of tabs. The tab you’re looking for is “Member Of”. When you click on this tab, you will see all the groups in which that user belongs. In order to add a group, which is what we want to do, click “Add”. Now type the group name and click “OK”. If the group exists, the user should now be a member of the group.

Click “OK” to save the changes.

Step 4: GPOs

Now that we have the group(s) and user(s), what we need to do is set policies for that group. To do this, go to the “Group Policy Management Console” (GPMC) on your Windows Server. You might notice it looks similar to “Active Directory Users and Computers” – just a bit more complex.

Right-click your domain in the sidebar, and click “Create a GPO in this domain, and Link it here…”. This will create a new GPO (Group Policy Object). You will now need to choose an appropriate name for your GPO. I suggest you just call it “[Group name] GPO” or “[Group name] OU”. This will create a new GPO.

Now that we have a new GPO, we need to assign groups to that GPO. We can do this by clicking “Add…” under “Security Filtering”. All groups added to that list will use the policies.

Step 5: Using policies

At this point, we want to start actually using policies. To do this, right-click your GPO in the sidebar and click “Edit…”. This will open the GPO editor. You will see two categories here: “Computer Configuration” and “User Configuration”. If you want to see what you can do with the policies, just see what policies are available by expanding the different categories.

Step 6: Updating policies

Sometimes after changing the policies, they immediately have effect. Other times, they don’t. This is why it’s always a smart idea to force updating the policies. To force update the policies, run the following command in a command prompt.

gpupdate /force

Congratulations – your policies will now take effect. For all groups that you create, create a new GPO and assign the group to that. Basically, repeat the steps in the tutorial for additional groups.

Views: 10

Recent Articles

  • How to Install JAX with ROCm Acceleratio...
    96
  • Deploy a PyTorch Workspace on a Vultr Cl...
    71
  • Managing Backup Storage
    82
  • Automating FTP Backups in Windows Server
    71
  • Automating FTP Backups in Linux
    75

Popular Articles

  • Our General Terms & Conditions
    2630
  • Our Privacy Policy
    2476
  • Our Cookies Policy
    275
  • Our Terms of Use
    152
  • How to Install JAX with ROCm Acceleratio...
    96