Identity & Access · Beginner

Group Policy (GPO)

Group Policy is the Windows feature that delivers configuration and security settings to domain-joined users and computers. Each Group Policy Object (GPO) is a bundle of settings linked to a site, domain, or organizational unit.

Request a Demo Browse Team Training

For IT leaders

Group Policy debt builds quietly across years; auditing and consolidating GPOs is a recurring high-leverage cleanup.

Why IT teams care

Where this shows up at the team level

Endpoint hardening baselines (CIS, DISA STIG) usually land as GPOs.
Misordered or conflicting GPOs cause user-visible outages that look like "my computer is broken."
Migration to Microsoft Intune / MDM still depends on knowing what the existing GPOs do.

In production

Where teams encounter it

Group Policy Management Console (GPMC) on domain controllers
Linked GPOs at the domain or OU level for users and computers
Migrating selected settings to Intune / Configuration Manager

How it works

How Group Policy actually works

01Each GPO contains computer and user settings; settings apply at startup, login, and refresh intervals.
02GPOs are linked to sites, domains, or OUs; processing order is local, site, domain, OU, with OU last and most specific.
03Filters (security groups, WMI) can narrow which objects receive a GPO.
04Loopback processing, block inheritance, and enforced links create exceptions when needed.

In practice

Common team use cases

Pushing security baselines to all domain-joined machines
Mapping drives, printers, and software for users by department
Enforcing password and account-lockout policies

Build the capability

Each link routes to a hub that goes deeper than this definition.

Related concepts

Close the team gap

Turn this concept into team capability

CBT Nuggets builds expert-led team training that closes the gaps definitions only describe. Talk to sales about a plan that fits your team.

Request a Demo See team pricing