Group Policy

Local Security Policy editor in Windows 11

Group Policy is a feature of the Microsoft Windows NT family of operating systems (including Windows 8.1, Windows 10, Windows 11) that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. A set of Group Policy configurations is called a Group Policy Object (GPO). A version of Group Policy called Local Group Policy (LGPO or LocalGPO) allows Group Policy Object management without Active Directory on standalone computers.[1][2]

Active Directory servers disseminate group policies by listing them in their LDAP directory under objects of class groupPolicyContainer. These refer to fileserver paths (attribute gPCFileSysPath) that store the actual group policy objects, typically in an SMB share \\domain.com\SYSVOL shared by the Active Directory server. If a group policy has registry settings, the associated file share will have a file registry.pol with the registry settings that the client needs to apply.[3]

The Policy Editor (gpedit.msc) is not provided on Home versions of Windows XP/Vista/7/8/8.1/10/11.

  1. ^ Cite error: The named reference LGPO was invoked but never defined (see the help page).
  2. ^ Sigman, Jeff. "SCM v2 Beta: LocalGPO Rocks!". Microsoft. Retrieved 2018-11-24.
  3. ^ "[MS-GPOD]: Group Policy Protocols Overview". Microsoft. Section 1.1.5 Group Policy Data Storage. Retrieved 2020-02-22.