Active Directory Group Policy is a powerful technology that lets administrators make changes on thousands of desktops with a single keystroke.
Group Policy technology can help IT organizations centrally manage user, desktop, and server configurations. By deploying Group Policy in your enterprise, you can:
Enforce secure password and account policies
Ensure access to network resources
Secure network and wireless communications
Comply with government and industry regulations such as SOX, HIPAA, FISMA, VISA CISP and many others
IT organizations want to leverage this technology but know that making changes to live Group Policy Objects (GPOs) can be risky and have unintended and costly consequences.
Using Group Policy can help secure and unify enterprise operations. Group Policy can also help you meet compliance objectives, especially those that require you to document changes that affect network security or access to sensitive files, such as financial or personnel data.
Most IT organizations do not have the luxury of hiring additional staff to comply with these regulations. To safely leverage Group Policy, you need ways to:
Model changes to GPOs safely without interrupting services
Thoroughly test GPOs and secure approval from all stakeholders before deploying them
Deploy tested GPOs into trusted or untrusted Active Directory domains
Maintain consistent GPOs across business units, regions, or worldwide locations
Roll back to a last‑known good GPO to quickly recover from errors
The following sections provide more information: