Group Policy can be used to define default settings that will be automatically applied to user and computer accounts in Active Directory. Policy settings can be used to manage desktop appearance, assign scripts, redirect folders from local computers to network locations, determine security options and control what software can be installed on particular computers and what software is available to particular groups of users.
Here are a few examples of how Group Policy settings can be used in Active Directory:
Policy settings are stored in Group Policy objects. Group Policy settings from more than one Group Policy object can be applied to a particular site, domain, or organizational unit. For example, if a site contains three domains, one Group Policy object could control computer configurations for the entire site. A separate policy for each domain could determine specific security settings for the computers in each domain. If each domain contains an Accounting and a Marketing organizational unit, additional Group Policy objects could determine what software is installed on the computers used by the Accounting and Marketing groups throughout the entire site.
This ability to automatically configure and secure computers throughout your organization by selectively applied Group Policy objects is a very powerful administrative tool. For more information about controlling software installation with Group Policy and how to create a Group Policy object, see Group Policy.
You can use security groups to filter how Group Policy settings are applied to collections of users and computers belonging to a particular site, domain, or organizational unit. For more information about security groups, see Group types. For general information about Group Policy, see Group Policy overview.