2.1 Overview

The Group Policy protocols enable a Group Policy administrator to maintain standard operating environments for specific groups of users. As policies, software, and environments change over time, administrators can use Group Policy to update an already-deployed operating environment. Group Policy can also enforce rules that restrict the programs that can be run on company computers. To manage such environments, Group Policy utilizes an architectural model that embraces a dual approach consisting of policy administration and policy application features.

The policy administration feature makes use of an Administrative tool, Administrative tool extensions, a Group Policy data store (Group Policy data store) containing GPOs and data, and a Group Policy server that provides directory service-based access to Group Policy metadata (sections 1.1.5 and 1.1.7.3) and file access to policy settings.

The policy application feature makes use of the Group Policy client, CSEs, and the Group Policy data store on the Group Policy server, from where the Group Policy client for the policy application process (section 1.1.7) obtains GPO metadata and policy settings.

The following diagram shows the basic architecture of the Group Policy protocols. Note that the Administrative tool in this architecture is an implementation-specific interface that the Group Policy administrator uses to manage Group Policy.

Figure 2: Group Policy architecture

The main components of the Group Policy protocols are described in section 2.1.2.

Group Policy components are typically installed in a distributed environment. The following diagram shows a basic deployment of Group Policy components in a distributed environment that consists of three computers.

Figure 3: Group Policy distributed environment