2.5.3 Administering Group Policy — Administrative Tool
Context of use
The Group Policy administrator initiates a task that is defined in the goal for this use case.
The goal of this use case is to create, update, and delete Group Policy content.
Discover the Group Policy server.
Ensure read and write access to the Group Policy server.
Manage Group Policy.
Group Policy Server: A domain controller implementing Active Directory [MS-ADOD] that contains a database of GPO that Group Policy administrators can read and write to. The Group Policy server responds to requests from the Group Policy administrator. The primary interests of the Group Policy server are to:
Support Administrative tool operations, such as creating, retrieving, modifying, and deleting GPOs that apply to groups of domain user and computer accounts in Active Directory
Store policy settings and attributes configured by the Group Policy administrator
Group Policy administrator: An individual who ensures that the Group Policy server is storing policies that align with business and organizational requirements. The primary interests of the Group Policy administrator are to:
Ensure that policy settings are stored on the Group Policy server.
Create, retrieve, modify, or delete Group Policy content on the Group Policy server.
The Administrative tool can access the Group Policy server.
The Group Policy server is a read/write domain controller.
Main Success Scenario
The main success scenario can be summarized as follows:
Trigger: The Group Policy administrator starts the Administrative tool. When a trigger occurs (section 184.108.40.206), the Administrative tool successfully connects to the Group Policy server.
The Administrative tool can query for policy information on the Group Policy server and successfully retrieve the prioritized GPO list based on query results.
The Administrative tool displays the prioritized GPO list.
The Group Policy administrator updates, creates, or deletes policy information with the Administrative tool.
The Administrative tool successfully writes updated information to the Group Policy server.