2.5.3 Administering Group Policy — Administrative Tool

Context of use

The Group Policy administrator initiates a task that is defined in the goal for this use case.


The goal of this use case is to create, update, and delete Group Policy content.


Administrative tool: A tool that the Group Policy administrator uses to manage GPOs. This is the primary actor. The primary interests of the Administrative tool are to:

  • Discover the Group Policy server.

  • Ensure read and write access to the Group Policy server.

  • Manage Group Policy.

Group Policy Server: A domain controller implementing Active Directory [MS-ADOD] that contains a database of GPO that Group Policy administrators can read and write to. The Group Policy server responds to requests from the Group Policy administrator. The primary interests of the Group Policy server are to:

  • Support Administrative tool operations, such as creating, retrieving, modifying, and deleting GPOs that apply to groups of domain user and computer accounts in Active Directory

  • Store policy settings and attributes configured by the Group Policy administrator


Group Policy administrator: An individual who ensures that the Group Policy server is storing policies that align with business and organizational requirements. The primary interests of the Group Policy administrator are to:

  • Ensure that policy settings are stored on the Group Policy server.

  • Create, retrieve, modify, or delete Group Policy content on the Group Policy server.


  • The Administrative tool can access the Group Policy server.

  • The Group Policy server is a read/write domain controller.

Main Success Scenario

The main success scenario can be summarized as follows:

  1. Trigger: The Group Policy administrator starts the Administrative tool. When a trigger occurs (section, the Administrative tool successfully connects to the Group Policy server.

  2. The Administrative tool can query for policy information on the Group Policy server and successfully retrieve the prioritized GPO list based on query results.

  3. The Administrative tool displays the prioritized GPO list.

  4. The Group Policy administrator updates, creates, or deletes policy information with the Administrative tool.

  5. The Administrative tool successfully writes updated information to the Group Policy server.


  • None.