Group Policy Management Console (GPMC) is a Microsoft Management Console snap-in that provides a graphical user interface that enables Active Directory (AD) administrators to manage Group Policy Objects (GPOs) from one console.
Before GPMC, administrators had to use many tools to create, edit and import settings; back up and manage GPOs; and apply them to specific users or computers in the domain. GPMC provides a view of all GPOs, organizational units (OUs), domains and sites across an enterprise and enables editing settings within individual GPOs. Also, GPMC combines the functionality of such tools as AD Users and Computers, AD Sites and Services, Resultant Set of Policy, Access Control List Editor and GPMC Delegation Wizard.
For developers, GPMC includes a set of programmable interfaces for managing Group Policy with scripts or C/C++, which permits the creating, backing up, restoring, importing, copying, deleting and renaming of GPOs; linking GPOs and Windows Management Instrumentation filters; and completing several reporting tasks.
Enforce is a setting in GPMC that determines whether the policy settings configured in a GPO are actively enforced on computers and users covered by those settings. Whenever GPMC is set to Enforce, it applies all configured policy settings to those computers and users. Whenever it is not set to Enforce, none of the GPO's policy settings are applied, even if configured.
Group Policy settings are inherited from parent containers to child containers in a hierarchical structure by default. If a setting does not define a child container's GPO, it inherits the setting from its parent container's GPO.
When a GPO is enforced, it ensures that its settings are applied across all users and computers within its scope, regardless of any other conflicting GPOs linked to parent containers.
Enforcing a GPO creates a "no override" policy setting on the GPO, which prevents any other GPOs linked to parent containers from overriding the GPO's settings. When enforcing multiple GPOs at various levels in the hierarchy, the GPO with the highest enforcement level precedes any conflicting settings from lower-level GPOs.
The Enforce option must be used with caution because it can result in unexpected consequences, especially when it is not managed correctly. Organizations must Enforce a GPO only when necessary, for example, to ensure that critical settings are applied consistently and without conflict.
To open GPMC on a Windows device, follow these steps:
Alternatively, you can also open GPMC using the following method:
To edit a GPO in AD, follow these steps:
Once you have finished editing, close Group Policy Object Editor and GPMC. It is important to note that changes do not take effect until the GPO links to a site, domain or OU. All affected users or computers must also reboot or update their Group Policy.
Learn how to avoid common Group Policy Object backup and restore problems.
15 Mar 2023