{"id":44143,"date":"2020-02-14T09:00:00","date_gmt":"2020-02-14T16:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=44143"},"modified":"2024-08-14T18:09:58","modified_gmt":"2024-08-14T22:09:58","slug":"gpos-101","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/gpos-101","title":{"rendered":"GPOs 101"},"content":{"rendered":"\n<p>Group Policy Objects (GPOs) are among the most powerful tools in <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-faq\">Microsoft Active Directory (AD)<\/a>. They\u2019re used for system configuration and control, as well as automation of system management at scale.&nbsp;<\/p>\n\n\n\n<p>Here, we\u2019ll explore what GPOs are, how to implement them correctly, and what limitations they have in the modern enterprise.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-are-group-policy-objects\">What are  Group Policy Objects?<\/h2>\n\n\n\n<p>A Group Policy Object contains group policies that can be applied to user accounts and Windows systems through AD. Policies are templated commands and scripts designed for system configuration and access control.<\/p>\n\n\n\n<p>Admins use GPOs to install tighter security settings on user systems and strengthen the security of their accounts, including password requirement settings. They\u2019re an important tool to limit users to necessary work functions on their systems and to ensure compliance (with healthcare regulations, for example) in Windows environments.<\/p>\n\n\n\n<p>Group-based policy management also automates what was once a manual process of configuring system policies individually per user\/system.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"What are GPOs (and JumpCloud Policies)? | JumpCloud Video\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/jnQd3NyOzTQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-gpo-best-practices\">GPO Best Practices<\/h2>\n\n\n\n<p>Although they\u2019re powerful, they\u2019re not a simple tool. Dishan Francis in his book \u201cMastering Active Directory\u201d described Microsoft\u2019s group policies as a double-edged sword.<\/p>\n\n\n\n<p>\u201cIt has lots of advantages as it helps manage various types of security, application, and system settings,\u201d Francis wrote in the book. \u201cBut at the same time, if it has not been configured properly or not been used properly according to best practices, it can cost you a lot in many ways.\u201d<\/p>\n\n\n\n<p>Before deploying GPOs, admins should implement a strategy to ensure their user and computer configurations do not overlap, mitigate conflicts in which one policy overrides another, and understand inheritance order.<\/p>\n\n\n\n<p>Microsoft in its documentation <a href=\"https:\/\/docs.microsoft.com\/en-us\/previous-versions\/windows\/desktop\/policy\/group-policy-objects\" target=\"_blank\" rel=\"noreferrer noopener\">notes<\/a>, for example, that computer-related settings override user-related settings, and admins need to be aware of the parent-child container <a href=\"https:\/\/kb.iu.edu\/d\/ajxy\" target=\"_blank\" rel=\"noreferrer noopener\">interplay<\/a>.<\/p>\n\n\n\n<p>This strategy requires ongoing maintenance as admins introduce new group policies or make other organizational changes. There are also limitations to keep in mind, including the fact that it\u2019s difficult to extend GPOs to Mac and Linux systems.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-gpo-limitations\">GPO Limitations<\/h2>\n\n\n\n<p>As we noted above, GPOs require careful planning and maintenance. Troubleshooting them can be challenging depending on the ways they\u2019ve been implemented and the number of them at play.<\/p>\n\n\n\n<p>More broadly, admins can\u2019t use GPOs to achieve tight management of Mac and Linux systems with native AD functionality.<\/p>\n\n\n\n<p>Instead, they need to layer third-party solutions on top of AD to achieve similar functionality, and these solutions represent an additional cost when <a href=\"https:\/\/jumpcloud.com\/resources\/tco-calculation-guide\">calculating the total cost of ownership of AD<\/a> \u2014 both in time and money. Another avenue for admins to consider if they\u2019re managing Mac or Linux, in addition to Windows, is whether a cloud directory service can introduce cross-platform GPO-like capabilities at scale.\u00a0\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-gpo-like-control-for-windows-mac-amp-linux\">GPO-like Control for Windows, Mac, &amp; Linux<\/h2>\n\n\n\n<p>In heterogeneous environments, admins might be better-served by a cloud directory service with straightforward and streamlined policy capabilities for all major operating systems, rather than using a Mac- and Linux-specific add-ons in addition to AD to manage fleets.<\/p>\n\n\n\n<p>That way, they can use cross-platform policies to implement controls \u2014 like manage how and when patches are deployed, enforce full disk encryption, and implement password requirements \u2014 regardless of operating system.&nbsp;<br>Learn more about <a href=\"https:\/\/jumpcloud.com\/product\/cloud-system-management\/\">unified endpoint management for Windows, Mac, and Linux<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Group Policy Objects (GPOs) are a powerful tool for Windows systems. But is there something similar for Mac and Linux systems?<\/p>\n","protected":false},"author":89,"featured_media":44144,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23],"tags":[],"collection":[2778],"platform":[],"funnel_stage":[3016],"coauthors":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GPOs 101: An Intro To Group Policy Objects (GPOs) - JumpCloud<\/title>\n<meta name=\"description\" content=\"This post covers the basics of Group Policy Objects (GPOs). What are they? What are the best practices for GPOs? Do they work on Mac &amp; Linux?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/gpos-101\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GPOs 101\" \/>\n<meta property=\"og:description\" content=\"This post covers the basics of Group Policy Objects (GPOs). What are they? What are the best practices for GPOs? Do they work on Mac &amp; Linux?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/gpos-101\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-14T16:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-14T22:09:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/group-policy-objects-101.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"780\" \/>\n\t<meta property=\"og:image:height\" content=\"531\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cassa Niedringhaus\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cassa Niedringhaus\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/gpos-101#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/gpos-101\"},\"author\":{\"name\":\"Cassa Niedringhaus\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562\"},\"headline\":\"GPOs 101\",\"datePublished\":\"2020-02-14T16:00:00+00:00\",\"dateModified\":\"2024-08-14T22:09:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/gpos-101\"},\"wordCount\":546,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/gpos-101#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/group-policy-objects-101.jpg\",\"articleSection\":[\"Best Practices\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/gpos-101\",\"url\":\"https:\/\/jumpcloud.com\/blog\/gpos-101\",\"name\":\"GPOs 101: An Intro To Group Policy Objects (GPOs) - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/gpos-101#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/gpos-101#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/group-policy-objects-101.jpg\",\"datePublished\":\"2020-02-14T16:00:00+00:00\",\"dateModified\":\"2024-08-14T22:09:58+00:00\",\"description\":\"This post covers the basics of Group Policy Objects (GPOs). What are they? What are the best practices for GPOs? Do they work on Mac & Linux?\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/gpos-101#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/gpos-101\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/gpos-101#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/group-policy-objects-101.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/group-policy-objects-101.jpg\",\"width\":780,\"height\":531},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/gpos-101#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GPOs 101\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562\",\"name\":\"Cassa Niedringhaus\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/47c9209225a9cda7d94451f40f9aa273\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g\",\"caption\":\"Cassa Niedringhaus\"},\"description\":\"Cassa is a product marketing specialist at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she\u2019s not at work, she likes to hike, ski and read.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"GPOs 101: An Intro To Group Policy Objects (GPOs) - JumpCloud","description":"This post covers the basics of Group Policy Objects (GPOs). What are they? What are the best practices for GPOs? Do they work on Mac & Linux?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/gpos-101","og_locale":"en_US","og_type":"article","og_title":"GPOs 101","og_description":"This post covers the basics of Group Policy Objects (GPOs). What are they? What are the best practices for GPOs? Do they work on Mac & Linux?","og_url":"https:\/\/jumpcloud.com\/blog\/gpos-101","og_site_name":"JumpCloud","article_published_time":"2020-02-14T16:00:00+00:00","article_modified_time":"2024-08-14T22:09:58+00:00","og_image":[{"width":780,"height":531,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/group-policy-objects-101.jpg","type":"image\/jpeg"}],"author":"Cassa Niedringhaus","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cassa Niedringhaus","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/gpos-101#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/gpos-101"},"author":{"name":"Cassa Niedringhaus","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562"},"headline":"GPOs 101","datePublished":"2020-02-14T16:00:00+00:00","dateModified":"2024-08-14T22:09:58+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/gpos-101"},"wordCount":546,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/gpos-101#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/group-policy-objects-101.jpg","articleSection":["Best Practices"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/gpos-101","url":"https:\/\/jumpcloud.com\/blog\/gpos-101","name":"GPOs 101: An Intro To Group Policy Objects (GPOs) - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/gpos-101#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/gpos-101#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/group-policy-objects-101.jpg","datePublished":"2020-02-14T16:00:00+00:00","dateModified":"2024-08-14T22:09:58+00:00","description":"This post covers the basics of Group Policy Objects (GPOs). What are they? What are the best practices for GPOs? Do they work on Mac & Linux?","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/gpos-101#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/gpos-101"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/gpos-101#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/group-policy-objects-101.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/group-policy-objects-101.jpg","width":780,"height":531},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/gpos-101#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"GPOs 101"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562","name":"Cassa Niedringhaus","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/47c9209225a9cda7d94451f40f9aa273","url":"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g","caption":"Cassa Niedringhaus"},"description":"Cassa is a product marketing specialist at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she\u2019s not at work, she likes to hike, ski and read.","sameAs":["https:\/\/jumpcloud.com\/blog"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/44143"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/89"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=44143"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/44143\/revisions"}],"predecessor-version":[{"id":114023,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/44143\/revisions\/114023"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/44144"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=44143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=44143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=44143"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=44143"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=44143"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=44143"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=44143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}