Logo
programming4us
programming4us
programming4us
programming4us
Windows XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
 
Windows Server

Windows Server 2008 R2 : Elements of Group Policy (part 1) - Group Policy Object Storage and Replication

3/8/2011 10:13:25 PM
Group Policy Objects

The elements of Group Policy start with the Group Policy Objects (GPOs) themselves. GPOs are a predefined set of available settings that can be applied to Active Directory computer and/or user objects. The settings available within a particular GPO are created using a combination of administrative template files included or referenced within that GPO. As the particular computer or user management needs change, additional administrative templates can be imported into a particular GPO to extend its functionality.

Group Policy Object Storage and Replication

GPOs are stored in both the file system and the Active Directory database. Each domain in an Active Directory forest stores a complete copy of that particular domain’s GPOs.

Within Active Directory, the GPO links and version information are stored within the domain naming context partition of the database. Because this partition is only replicated within a single domain, processing GPOs linked across domains, either using sites or just a cross-domain GPO link, can take longer to load and process.

The GPO settings are stored in the file system of all domain controllers within the sysvol folder. The sysvol folder is shared on all domain controllers. Each domain GPO has a corresponding folder located within the sysvol\companyabc.com\Policies subfolder, as shown in Figure 1 as an example of the companyabc.com domain. The GPO folder is named after the globally unique identifier (GUID) assigned to that GPO during creation. The GUID of a GPO is listed when viewing the properties of a domain GPO using the Group Policy Management Console. Within the GPO folder are a common set of subfolders and files, including the User folder, Machine folder, sometimes the ADM folder, and the gpt.ini file.

Figure 1. Examining the sysvol Policies folder.

Group Policy Object Replication

Because GPOs are stored within the Active Directory database and on the domain controller file system, all GPO information is replicated by the domain controllers. The file system portion of the domain GPOs is replicated within the Domain System Volume Distributed File System Replication group by the Distributed File System Replication service.

The Domain System Volume replication schedule is controlled by the DFSR schedule, which, by default, follows the same replication cycle as the Active Directory database. Replication occurs every 5 minutes or immediately between domain controllers in a single Active Directory site and follows the site link schedule between domain controllers in separate sites. Legacy domains will use the File Replication Service instead of DFSR.

User Subfolder

The User subfolder contains the files and folders used to store the settings, software, scripts, and any other policy settings specific to user and user object policies configured within a particular GPO.

Machine Subfolder

The Machine subfolder contains the files and folders used to store the settings, software, scripts, and any other policy settings specific to machine or computer object policies configured within a particular GPO.

ADM Subfolder

The ADM subfolder is created on new GPOs when legacy administrative template files are imported into a GPO. Any GPOs created using Windows 2000 and Windows XP client software, or Windows 2000 Server and Windows Server 2003 system software, will contain an ADM subfolder to store all the legacy administrative template files referenced and imported into the GPO.

registry.pol Files

Within a particular group policy, the settings are segmented into several sections. Many settings with the GPO configure keys and values within the Registry. The configuration status and value of these settings are stored within the registry.pol files in either the User or Machine subfolders. The registry.pol file contains only the configured settings within the GPO to improve processing.

gpt.ini File

When a GPO is created, a folder for the GPO is created within the connected domain controller’s sysvol folder. At the root of that GPO folder is a file named gpt.ini. This file contains the revision number of the GPO. The revision number is used when a GPO is processed by a computer or user object. When a GPO is first processed, the revision number is stored on the system and when subsequent GPO processing occurs, the reference number in the gpt.ini file is compared with the stored value on the local system cache. If the number has not changed, certain portions of the GPO are not processed. There are, however, certain portions of a GPO that are always processed, like scripts.

Each time a GPO is changed, the reference or revision number is increased, and even though the gpt.ini file contains a single number, it actually represents a separate revision number for the computer and user section of the GPO.

The default configuration of not processing certain GPO sections if the revision number has not changed can be overridden. In some cases, even though the GPO has not changed, the intended settings could have been changed by the user or a program and sometimes forcing the entire GPO to always be processed is required.

Other -----------------
- Windows Server 2008 R2 : Group Policies and Policy Management - Security Templates
- Windows Server 2008 R2 : Local Group Policies
- Windows Server 2008 R2 : Group Policy Processing—How Does It Work?
- Understanding DNS in Windows Server 2003 Networks
- Understanding Name Resolution in Windows Server 2003
- Windows Server 2008 R2 Administration : Managing Printers with the Print Management Console
- Windows Server 2008 R2 Administration : Managing Users with Local Security and Group Policies (part 3) - Troubleshooting Group Policy Applications
- Windows Server 2008 R2 Administration : Managing Users with Local Security and Group Policies (part 2) - Configuring and Optimizing Group Policy
- Windows Server 2008 R2 Administration : Managing Users with Local Security and Group Policies (part 1) - Viewing Policies with the Group Policy Management Console & Creating New Group Policies
- Windows Server 2008 R2 Administration : Creating Groups
 
 
Video tutorials
- How To Install Windows 8 On VMware Workstation 9

- How To Install Windows 8

- How To Install Windows Server 2012

- How To Disable Windows 8 Metro UI

- How To Change Account Picture In Windows 8

- How To Unlock Administrator Account in Windows 8

- How To Restart, Log Off And Shutdown Windows 8

- How To Login To Skype Using A Microsoft Account

- How To Enable Aero Glass Effect In Windows 8

- How To Disable Windows Update in Windows 8

- How To Disable Windows 8 Metro UI

- How To Add Widgets To Windows 8 Lock Screen
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
programming4us programming4us
 
programming4us
Women
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone