Group Policy Object (GPO)
In Active Directory, a Group Policy Object (GPO) is a container for configuration settings that can be applied to users and computers within an organizational network. GPOs are a fundamental part of the Group Policy feature in Windows Server environments, and they allow administrators to define and manage various settings and policies to control the behavior and security of network resources.
When a GPO is created, it contains a collection of policy settings that specify how the targeted computers and users should operate and interact with the network. These settings can encompass a wide range of configurations, including security settings, software installation rules, login scripts, folder redirection, and much more.
GPOs are linked to Organizational Units (OUs) within the Active Directory domain hierarchy. This linkage allows the GPOs to be applied to all users and computers within those OUs, as well as any child OUs within the parent OU structure. Group Policy provides a hierarchical approach to applying settings, with the ability to inherit and override settings at different levels of the organizational structure.
By utilizing GPOs in Active Directory, administrators can streamline the management of network resources, ensure consistent configurations across the organization, enforce security policies, and reduce the burden of manually configuring individual computers and users.
General Group Policy Object Reports
The "General Group Policy Object (GPO) Reports" section comprises a variety of GPO reports that encompass different aspects. These reports encompass information on GPOs with enabled or disabled settings for Users, Computers, or All settings. They also cover reports for GPOs linked to Organizational Units (OU), Domains, or Sites, as well as those not linked to anything. Additionally, the section includes reports that indicate when a GPO was created, updated, or deleted. The reports available in this section include:
Back to Report Library...All Group Policy Objects Report
The "All Group Policy Objects" report generates a comprehensive list of all Group Policy Objects (GPO) within the domain.
All Settings Enabled GPO Report
An "All Settings Enabled GPO" refers to a Group Policy Object (GPO) that has all of its settings and configurations actively enabled. In other words, all the policy settings within this particular GPO are in effect and will be applied to the targeted users and computers within the Active Directory domain.
Users Settings Enabled GPO Report
A "Users Settings Enabled GPO" refers to a specific Group Policy Object (GPO) that has policy settings configured and enabled for user accounts within the Active Directory domain. These policy settings apply to users when they log in to the domain from any computer or workstation that falls under the scope of the GPO.
Computers Settings Enabled GPO Report
A "Computers Settings Enabled GPO" refers to a specific Group Policy Object (GPO) that has policy settings configured and enabled for computer objects within the Active Directory domain. These policy settings apply to computers when they start up and connect to the domain, affecting their behavior and configurations.
All Settings Disabled GPO Report
An "All Settings Disabled GPO" refers to a Group Policy Object (GPO) that has all of its policy settings explicitly disabled or not configured. In other words, none of the policy settings within this particular GPO are in effect, and they will not be applied to the targeted users or computers within the Active Directory domain.
Users Settings Disabled GPO Report
A "Users Settings Disabled GPO" refers to a specific Group Policy Object (GPO) that has all policy settings related to user configurations either explicitly disabled or not configured. In other words, the GPO does not apply any user-specific policy settings to the targeted user accounts within the Active Directory domain.
Computers Settings Disabled GPO Report
A "Computers Settings Disabled GPO" refers to a specific Group Policy Object (GPO) that has all policy settings related to computer configurations either explicitly disabled or not configured. In other words, the GPO does not apply any computer-specific policy settings to the targeted computer objects within the Active Directory domain.
OU Linked GPO Report
An "OU Linked GPO" refers to a Group Policy Object (GPO) that has been associated or linked to a specific Organizational Unit (OU) within an Active Directory domain. When a GPO is linked to an OU, it means that the policy settings defined within that GPO will apply to the users and computers residing within that OU.
Domain Linked GPO Report
A "Domain Linked GPO" refers to a Group Policy Object (GPO) that has been associated or linked to the entire Active Directory domain in an organization. When a GPO is linked to the domain, it means that the policy settings defined within that GPO will apply to all users and computers within the entire domain.
Site Linked GPO Report
A "Site Linked GPO" refers to a Group Policy Object (GPO) that has been associated or linked to an Active Directory site in an organization. Sites in Active Directory represent physical network locations and are used to group domain controllers and other resources based on their physical proximity in the network.
OU, Domain or Site Linked GPO Report
The report named "OU, Domain, or Site Linked" generates a comprehensive list of Group Policy Objects (GPOs) that are linked to Organizational Units (OU), the domain, or specific sites within the Active Directory network.
Not Linked GPO Report
A "Not Linked GPO" refers to a Group Policy Object (GPO) within an Active Directory domain that is not associated or linked to any Organizational Unit (OU), the domain, or any site. In other words, the policy settings defined within this GPO will not apply to any users or computers within the domain until it is specifically linked to a location or scope.
GPO Created during last XX days Report
The "GPO Created during last XX days" report generates a comprehensive list of Group Policy Objects (GPOs) that have been created within the specified number of days selected by the user. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
GPO Created between specified dates Report
The report titled "GPO Created between Specified Dates" compiles a comprehensive list of Group Policy Objects (GPOs) that were created during the period defined by the specified start and end dates. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
GPO Changed during last XX days Report
The "GPO Changed during last XX days" report generates a comprehensive list of Group Policy Objects (GPOs) that have been updated within the specified number of days selected by the user. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
GPO Changed between specified dates Report
The report titled "GPO Changed between Specified Dates" compiles a comprehensive list of Group Policy Objects (GPOs) that were updated during the period defined by the specified start and end dates. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
Deleted Group Policy Objects Report
The "Deleted Group Policy Objects" report provides a list of Group Policy Objects that have been deleted from Active Directory. When an object is deleted from Active Directory, it is not permanently removed immediately. Instead, it remains recoverable for a designated retention period, typically set to 180 days by default. During this period, it is possible to restore the deleted object. When a GPO is deleted from Active Directory, any policy settings and configurations within that GPO are no longer applied to the users and computers within the scope of the deleted GPO.
If the Active Directory Recycle Bin is enabled, the restoration process is straightforward. The object, along with its properties, can be easily recovered using appropriate methods. However, if the AD Recycle Bin is not enabled, the deleted object undergoes a stripping process that removes most of its properties. It is then stored as a tombstone container within Active Directory until the retention period expires.
Deleted Group Policy Objects during last XX days Report
The "Deleted Group Policy Objects during the past XX days" report resembles the Deleted Group Policy Objects Report as it provides information on Group Policy Objects that have been deleted within a specified number of days.
When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Deleted Group Policy Objects between specified dates Report
The "Deleted Group Policy Objects between specified dates" report resembles the Deleted Group Policy Objects Report as it provides information on Group Policy Objects that have been deleted within a specified date range.
When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."