Do you Need a Group Policy?

This article forms part one of three articles which will discuss the importance of group policy for organisations, what Active Directory is, and how to implement best practice for use of these services within an entity.

What is Group Policy?

Group Policy is a method of controlling windows operations and applications permissions.

Group Policy is part of Active Directory, an identity provider essential to controlling identification and access within an organisation. Active Directory helps organisations manage user accounts, and computers centrally reducing overheads.

What’s the Point?

Different organisations take care of different things, from highly complex federal activities, to less complex activities within SME’s. Many of these organisations rely on Microsoft software to complete everything from processing payroll, to setting tasks and engaging with customers. Microsoft can’t account for your organisational activities and how you might want to secure them, the roles of employees, customers, and administrators who might need to access these systems (or be restricted from certain parts) should be reflective of the requirements of each individuals job within the organisation. Employing Group Policy hierarchies allow for this layer of security to be created, restricting and granting access to systems as needed.


How does it Work?

Group Policy operates via Group Policy Objects, or GPO’s, applied in a hierarchal manner. Group Policy is often compromised of several GPO’s. The hierarchy is formed by applying Local Group policy objects first, followed by site, domain, and organisational unit level Group Policy objects.

System administrators create a Group Policy Object by creating a selection of settings within the MMC. The MMC is the Microsoft Management Console. When it comes to organisational security, a GPO is ideal because you can restrict or grant access to an individual based on their job.

The ideal model to grant is the least-privileged possible given the individuals role. GPOs can be compromised of files, folders, applications, and permissions regarding what users can and cannot do on their computers or with their login credentials.

Examples of Group Policy Uses

Folder redirection, designating a group or individual roles based on users/groups level of organisational responsibility, network management, server endpoint security, incident monitoring and response, policy management, identity security and standards.

Local and Centralised Group Policy

Group Policy can be created for a single computer, or a group of computers each managed by a domain computer. The Group Policy objects cannot be centrally managed; however Active Directory can be centrally managed if a user is logging in from a domain-based computer.


Group Policy Objects – local, non-local, and starter

Local: local group policy objects are applied to a Standalone Computer and only affect that computer.

Non-local: These are group policy settings applied to a group of computers.

Starter: Start group policies allow for an administrator to use a pre-configured selection of settings to represent a baseline for future policy implementation.


Cogito Group is an award-winning cybersecurity company specialising in authentication, cloud security, identity management and data protection. Cogito Group protect the authentication methods used to access information through the use of Identity and other security technologies.