Understanding GPT Replication

In the past few articles, we have seen that each Group Policy Object (GPO) is split into two distinct parts. It is important to understand that these two parts are stored in different locations

    Requires Free Membership to View

    Login

found on every domain controller in the domain. Because the information is stored on one domain controller by default, the information must be replicated to other domain controllers over time. This article will discuss the replication of the Group Policy Template (GPT), and the next article will discuss the Group Policy Container (GPC) replication.

Overview of the GPT

One of the parts of the GPO is the GPT, which is responsible for storing the specific settings created within the GPO. The GPT is stored in the Policies subfolder, which is under the SYSVOL folder on each domain controller. The GPT includes key files and folders including:

  • GPT.ini
  • Machine and User folders
  • GptTmpl.inf
  • Registry.pol
  • Scripts (Logon, Logoff, Startup, and Shutdown) folders

Replication of the GPT

Since the GPT is located under the SYSVOL folder, the replication of these files for each GPO is controlled by the File Replication Service (FRS). FRS is a simple replication service that replicates not only policy information, but also the scripts, legacy system policies, etc that reside under the Sysvol folder. (Note, there are two "sysvol" folders, the top level folder is not shared, but the lower level one is shared as SYSVOL. Two levels under the second sysvol, \\scripts, is shared as NETLOGON. This might seem familiar to those from the old Windows NT structure.)

FRS is a state-based service that triggers replication from one domain controller to another one as soon as a change within the SYSVOL is recognized. FRS, unlike the Active Directory replication service, does not adhere to site boundaries and is not limited to a schedule. This makes the replication of the GPT fast and efficient between domain controllers.

Conclusion

The GPT is essential to the success of a GPO because it holds the settings that are made within the GPO. The GPT stores these settings in a large structure of folders and files. In order for the settings to apply successfully to all computer and user objects, the GPT must be replicated to all domain controllers within the domain.

The GPT is located under the SYSVOL folder, so the FRS handles replication of these folders and files. Because FRS replicates information between domain controllers quickly, the GPT is quick to update on all domain controllers throughout the domain. As we will see in the next article, this behavior is far different from how the Group Policy Container (GPC) replicates.

Derek Melber, MCSE, MVP, and CISM, is the director of compliance solutions for DesktopStandard Corp. He has written the only books on auditing Windows security available at The Institute of Internal Auditors' bookstore. He also wrote the Group Policy Guide for Microsoft Press -- the only book Microsoft has written on Group Policy. You can contact Melber at derekm@desktopstandard.com.

This was first published in January 2006

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top