Although the name Group Policy Object implies that policies are linked directly to groups,
this is not the case. GPOs can be linked to sites, domains, and organizational units (OUs) to
apply settings to all users and computers within AD DS containers. However, an advanced
technique named security filtering enables you to apply GPO settings to one or more users
or groups within a container by selectively granting the Apply Group Policy and Read
permissions to one or more users or security groups.
The administrative benefits of GPOs are probably their greatest contribution to network
efficiency. Administrators find that Group Policy implementation helps them achieve
centralized management. The following list identifies administrative benefits to Group
– Administrators have control over centralized configuration of user settings, application
installation, and desktop configuration.
– Centralized administration of user files eliminates the need for and cost of trying to
recover files from a damaged drive.
– The need to manually make security changes on each computer is reduced by the
automated, rapid deployment of new settings through Group Policy.
Following are points which will cover in coming sections