The Group Policy Management Console is the Microsoft Management Console (MMC) snap-in that administrators use to create GPOs and manage their deployment to AD DS objects. The Group Policy Management Editor is a separate snap-in that opens GPOs and enables you to modify their settings.
There are several different ways of working with these two tools, depending on what youwant to accomplish. You can create a GPO and then link it to a domain, site, or OU, or you can create and link a GPO in a single step. Windows Server 2012 R2 implements the tools as the Group Policy Management feature and installs them automatically with the AD DS role.
You can install the feature manually on a member server by using the Add Roles And Features Wizard in Server Manager. The Group Policy Management tools are also included in the Remote Server Administration Tools package for Windows workstations.

Creating and linking nonlocal GPOs
If you decide to leave the default Windows GPOs unaltered, the first steps in deploying your own customized Group Policy settings are to create one or more new GPOs and link them to appropriate AD DS objects.
To use the Group Policy Management Console to create a new GPO and link it to an OU object in AD DS, use the following procedure.
1. Open the Active Directory Administrative Center and create an OU called Sales in your domain.
2. In Server Manager, from the Tools menu, select Group Policy Management. The Group Policy Management Console appears, as shown in Figure 6-1.

Group Policy Management Console

FIGURE 6-1 The Group Policy Management Console
3. Expand the forest container and browse to your domain. Then expand the domain container and select the Group Policy Objects folder. The GPOs that currently exist in the domain appear on the Contents tab.
4. Right-click the Group Policy Objects folder and, from the shortcut menu, select New. The New GPO dialog box appears.
5. In the Name text box, type a name for the new GPO and click OK. The new GPO appears in the Contents list.

6. In the left pane, right-click the domain, site, or OU object to which you want to link the new GPO and, from the shortcut menu, select Link An Existing GPO. The Select GPO dialog box appears.
7. Select the GPO you want to link to the object and click OK. The GPO appears on the object’s Linked Group Policy Objects tab, as shown in Figure 6-2.

Group Policy Management Console

FIGURE 6-2 The Linked Group Policy Objects tab

8. Close the Group Policy Management Console.
You can also create and link a GPO to an Active Directory container in a single step, by right-clicking an object and selecting Create A GPO In This Domain And Link It Here from the shortcut menu.
If you link a GPO to a domain object, it applies to all users and computers in the domain. On a larger scale, if you link a GPO to a site that contains multiple domains, the Group Policy settings are applied to all the domains and the child objects beneath them. This process is referred to as GPO inheritance.

Using security filtering
Linking a GPO to a container causes all the users and computers in that container to receive the GPO settings by default. This is because creating the link grants the Read and Apply Group Policy permissions for the GPO to the users and computers in the container.
More precisely, the system grants the permissions to the Authenticated Users special identity, which includes all the users and computers in the domain. However, by using a technique named security filtering, you can modify the default permission assignments so that only certain users and computers receive the permissions and, consequently, the settings in the GPO.
To modify the default security filtering configuration for a GPO, select it in the left pane of the Group Policy Management Console, as shown in Figure 6-3. In the Security Filtering area, you can use the Add button or the Remove button to replace the Authenticated Users special identity with specific user, computer, or group objects. Of the users and computers in the container to which the GPO is linked, only those you select in the Security Filtering pane will receive the settings from the GPO.

Group Policy Management Console

FIGURE 6-3 Security filtering in the Group Policy Management Console

This article is a part of 70-410 Installing and Configuring Windows Server 2012 Prep course, more articles in this course are :

Understanding Active Directory

Active Directory and its Features: Active Directory is the name given to a collection of services created by Microsoft that ...
Read More

Active Directory GUI Installation

Before we get to the installation, there are a few things to check to make sure the server is ready ...
Read More

Understanding DNS Server

DNS Server is being used too maintain and configure the DNS which is a name resolution service. Public DNS services ...
Read More

Maintaining and configuring DNS Forwarding

The act of DNS forwarding refers to the relaying of a DNS request from one server to another one when ...
Read More

Planning for a server installation

In versions of Windows Server prior to Windows Server 2008 R2, installation planning could be a complex task. You had ...
Read More

Choosing installation options

Many enterprise networks today use servers that are dedicated to a particular role. When a server is performing a single ...
Read More

Upgrading servers

An in-place upgrade is the most complicated form of Windows Server 2012 R2 installation. It is also the lengthiest and ...
Read More

Migrating roles

Migration is the preferred method of replacing an existing server with one running Windows Server 2012 R2. Unlike an in-place ...
Read More

Completing postinstallation tasks

As part of the new emphasis on cloud-based services in Windows networking, Windows Server 2012 R2 contains a variety of ...
Read More

Using Server Manager

The Server Manager tool in Windows Server 2012 R2 is an application that is the most obvious evidence of a ...
Read More

70-410 Installing and Configuring Windows Server 2012 Prep course includes following practice tests:

Exam 70-410 Installing and Configuring Windows Server 2012 Practice Test 1

Instructions for Exam 70-410 Installing and Configuring Windows Server 2012 Practice Test 1 This page shows the instructions for Exam ...
Read More

Exam 70-410 Installing and Configuring Windows Server 2012 Practice Test 2

Instructions for Exam 70-410 Installing and Configuring Windows Server 2012 Practice Test 2 This page shows the instructions for Exam ...
Read More

Exam 70-410 Installing and Configuring Windows Server 2012 Practice Test 3

Instructions for Exam 70-410 Installing and Configuring Windows Server 2012 Practice Test 3 This page shows the instructions for Exam ...
Read More

Exam 70-410 Installing and Configuring Windows Server 2012 Practice Test 4

Instructions for Exam 70-410 Installing and Configuring Windows Server 2012 Practice Test 4 This page shows the instructions for Exam ...
Read More

Exam 70-410 Installing and Configuring Windows Server 2012 Practice Test 5

Instructions for Exam 70-410 Installing and Configuring Windows Server 2012 Practice Test 5 This page shows the instructions for Exam ...
Read More