Edit Domain Group Policy



  1. Open Domain Group Policy Editor
  2. Edit Domain Group Policy 2016

GPOs can be created and managed using the Group Policy Management Console (GPMC). The configuration settings can be edited using the Group Policy Object Editor (gpedit) console. The following steps illustrate how to create a GPO:

  • In the Group Policy Management Console tree, click Change Control in the forest and domain in which you want to manage GPOs. On the Contents tab in the details pane, click the Controlled tab. Right-click MyGPO, and then click Save as Template to create a template incorporating all settings currently in MyGPO.
  • Open your local Group Policy editor by typing gpedit.msc in the search field. Go to the following location: Computer Configuration Administrative Templates. You'll find a few subfolders for.
  • Open the GPMC snap-in. Go to Start Menu → Administrative Tools → Group Policy Management Console.

Group policy can be applied at domain level, OU level or at a site level. Navigate the forest to the default domain policies. Step 4 - Edit the Group Policy Right click on the desired GPO to edit the group policy settings. Edit group policy for domain/AD. By Jefferson6478. On Sep 14, 2016 at 22:46 UTC. Active Directory & GPO. Get answers from your. Prequisite: Only users that are Domain Admins or Enterprise Admins, or equivalent, are able to configure password policy on a Domain. Procedure: Navigate to Start – Administrative Tools – Group Policy Management. Expand the relevant domain node. Right click Default Domain Policy and select Edit from the drop down list.

  • In the left pane, expand the Forest container and then the domain container
  • Select the domain for which the policy settings have to created and applied
  • Double-click on the domain to see a list of OUs and other containers in the domain
  • Right-click on the Group Policy Objects container and select New
  • Enter the name of the GPO and click OK

To View and edit the settings of a GPO

The following steps illustrate how to view the various settings configured under a GPO:

  • Open the GPMC snap-in. Go to Start Menu → Administrative Tools → Group Policy Management Console.
  • Right-click on the Group Policy Objects container and select a GPO
  • In the right pane, select the Settings Tab and click Show all
Domain

Open Domain Group Policy Editor

  • If the policy settings are not defined for a GPO, both Computer configuration and User configuration sections will show “No settings defined”
  • To configure policy settings for the GPO, right-click anywhere on the right pane or on the GPO and select Edit
Edit domain group policy 2012
  • The Group Policy Object Editor will open. Browse through the Computer configuration and User configuration settings and define them as necessary

Linking a GPO

Creating a GPO and defining settings for that GPO will not apply them to the target users and computers. To apply the configuration policy settings in a GPO, it has to be linked to a site or a domain or an OU. The following steps illustrate how to link a GPO:

  • Open the GPMC snap-in. Go to Start Menu → Administrative Tools → Group Policy Management Console.

Edit Domain Group Policy 2016

  • In the left pane, expand the Forest container and then the domain container. Browse to the target domain
  • Right-click on the domain or site or an OU and select Link an existing GPO…
  • In the Select GPO dialog box, under Group Policy Objects, select the GPO and click OK.

Now all the policy settings configured for that GPO will be applied to all users and computers present in the site, domain or OU to which the GPO is linked.

Comments

comments

(8 votes, average: 4.13 out of 5)

In the domain environment, it’s not always possible to use Group Policy (GPO) to manage some of the Windows settings and applications’ settings. It’s a fact that you can apply some settings only through the system registry. In an Active Directory domain, you can centralized manage registry keys on domain computers through a GPO. In this article, we will show you how to use Group Policy to manage, add, modify, import, and delete registry keys across a domain.

Windows Server 2008 introduced a special Group Policy extension (Group Policy Preferences — GPP). It allows you to manage registry keys and parameters through the Group Policy. GPP allows you to add, remove, or modify registry parameters, values, and keys on domain-joined computers. Let’s review these possibilities.

Edit domain group policy server 2016

Note. Previously, domain administrators had to create their own administrative GPO templates (.adm/.admx) or .bat Logon scripts to manage registry settings on domain computers. Also, saved *.reg files were often used, which had to be imported to the users’ computers using the reg import or Regedit.exe /s import.reg commands).

How to Add/Set Registry Key via GPO?

Let’s say we need to disable automatic drivers updating on domain computers in a particular OU. We have to modify SearchOrderConfig key in the registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionDriverSearching

There are three options for selecting the registry key on the target PCs:

  • With the built-in GPP registry browser (wizard);
  • Collection Item — creates and organizes registry items in a folder. Useful if you need to add a group of registry keys;
  • Manually, by specifying the registry key and the parameter.

Lets’ try to use GPO Registry Wizard to set the registry parameter value:

  1. Open the Group Policy Management Console (gpmc.msc);
  2. Create a new (or edit an existing) GPO, and link it to the appropriate
  3. Expand the following GPO section: Computer (or User) Configuration > Preferences > Windows Settings > Registry. Select in the context menu: New > Registry Wizard;
  4. Registry Wizard allows you to browse the registry on a local computer. You can connect to the registry on the remote computer, and select the existing registry key and parameter;
  5. Specify the remote computer name (or an IP address) to connect. Use the Registry Browser tree to locate and select an existing registry key/parameter;
  6. In this example, we want to add only one registry item to our GPP — REG_DWORD parameter named SearchOrderConfig;
  7. This parameter with the full reg path and value will be imported into the GPO editor console. You can change its value and the desired action. To set a reg key, use the Update option (look below);
  8. This completes the registry policy setting. The next time Group Policy is updated on computers (or after running the gpupdate command), the specified registry settings will be applied on all computers in the OU.
READ ALSOHow to Add User to Remote Desktop Group?

You can also type the full registry key path and a parameter name manually:

  1. Select New > Registry Item;
  2. In the following fields (Hive, Key path, Value type, Value data) you have to specify the registry hive (HKLM, HKCU, etc.); registry key; parameter name, type, and value;
    Note. You can use the following Hive names: HKEY_CLASSES_ROOT (HKEY_LOCAL_MACHINESoftwareClasses), HKEY_CURRENT_CONFIG (HKEY_LOCAL_MACHINESystemCurrentControlSetHardware ProfilesCurrent), HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER (HKEY_USERS.Default will be used if you’ll set HKCU registry key using Computer Configuration Policy);
  3. As a default, set the policy option to the Update mode.

There are 4 types of operation with the registry items:

Group
  • Create — creates a registry parameter. If the parameter already exists, the value does not change;
  • Update (default) — if the parameter already exists, its value will update by the specified in the GPP. If not, a parameter with the specified value will be created;
  • Replace — if the registry item already exists, deletes and recreates registry item (rarely used);
  • Delete — removes a registry key and all of its values and subkeys.

There are many useful options on the Common tab:

  • Run in logged-on user’s security context — the registry parameter is creating in the context of the current user. If you check this option, the parameter will be created with the current user permissions. If the user doesn’t have local admin permissions, the policy will be applied only to the HKEY_CURRENT_USER hive. But not to the HKEY_LOCAL_MACHINE;
  • Remove this item when it is no longer applied — if you unlink GPO from the AD container, the changed registry settings will return to their initial state;
  • Apply once and do not reapply – apply the policy for each computer only once;
  • Item-level targeting — can be used to target registry settings via GPP based on computer settings, and/or user properties at a granular level.
READ ALSOHow to Backup and Restore GPO?

The final report with policy settings in the GPMC console looks like this:

Note. In Windows XP and Windows Server 2003, the GPP section is absent. To add it to the OS, you have to install the KB943729 update (client-side extensions for Group Policy).

How to Delete Registry Key via GP Preferences?

You can also use GP Preferences to remove a specific key or registry entry on computers in a domain.
For example, you want to delete a certain parameter in the registry key HKEY_CURRENT_USER.

  1. Create a new registry GPP entry in the section User Configuration > Preferences > Windows Settings > Registry;
  2. Use the Registry Browser to select a parameter or key;
  3. In the GPO console, expand the key branch. Open the parameter properties, and change the Action to Delete;
  4. Save the changes;
  5. Now, after updating the group policy settings on clients, the specified parameter will be deleted from the user’s hive.

Tip. If you receive Network Path not found error when viewing the registry of a remote computer using Registry Browse, check if the specified computer is accessible over the network. Also, check if the Remote Registry service is running. If not, use the Services console (services.msc) to start the service.

AuthorRecent PostsCyril KardashevskyI enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.Latest posts by Cyril Kardashevsky (see all)
FacebookTwitterWhatsAppTelegramLinkedInEmail
This site uses cookies to analyze traffic, personalize your experience and serve ads. By continuing browsing this site, we will assume that you are agree with it.