Phone Live Chat
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393


Group Policy Objects (GPOs) are commonly used by organizations to implement security policies and other controls on Active Directory user and computer accounts. This article is a useful guide on what group policies are, their purpose, along with what GPOs are in Active Directory. It will also cover how to install the Group Policy Management Console (GPMC) in Windows as well as some basic GPO tasks, like creating, editing, and linking GPOs.

A GPO is a group of settings that can be customized to define the resources a user or computer can view or access. The scope of a GPO can be just a local computer or extend to organizational units (OUs), domains, or sites. When you assign a GPO to a container, it is called linking the GPO. You can restrict how the GPOs are applied by using security groups to filter out which groups or users the GPO will impact, or you can block the GPO through inheritance. A Windows Management Instrumentation (WMI) filter can also be used to restrict the application of a GPO.

Before the GPMC was introduced, there was no single unified tool for Group Policy management. Users had to use multiple tools like the Active Directory Users and Computers snap-in, the Active Directory Sites and Services snap-in, the Resultant Set of Policy snap-in, the GPMC Delegation Wizard, and the ACL Editor for GPO management. The GPMC does not replace the Active Directory Users and Computers snap-in but instead provides a unified console for managing GPOs.

Capabilities of the GPMC

  • Creating, deleting, managing, backing up, restoring, importing, and copying GPOs
  • Linking and unlinking GPOs and WMI filters
  • Delegating permissions on GPOs and WMI filters
  • Checking and controlling the status of GPOs
  • Searching for GPOs
Tip: The GPMC is sufficient when it comes to linking one or two GPOs, but when you need to create objects in bulk or want reports on GPOs, you have to resort to scripting. ADManager Plus can help you create and manage GPOs and generate related reports without scripting.

Installing the GPMC on Windows Server 2012 and later

  1. Navigate to Start > Control Panel > Programs and Features > Turn Windows features on or off.
  2. In the Add Roles and Features Wizard window, click the Features tab in the left pane, and then select Group Policy Management.
  3. Click Next, then click Install.

Installing the GPMC on Windows 8 and later

  1. Download and install Remote Server Administration Tools from here for Windows 8, Windows 8.1, and Windows 10.
  2. Navigate to Start > Control Panel > Programs and Features > Turn Windows features on or off.
  3. Navigate to Remote Server Administration Tools > Feature Administration Tools and select Group Policy Management Tools.
  4. Click Install.
Create GPOs with the GPMC
  1. Open the GPMC.
  2. Expand the domain tree and right-click the container you wish to create the GPO in.
  3. Click New
  4. In the New GPO window that opens, enter a name for the new GPO, and then click OK.
Edit or delete GPOs with the GPMC
Link a GPO with the GPMC

Manage AD better with ADManager Plus

  • Bulk user management for Active Directory, Exchange, Microsoft 365, Google Workspace, and Skype for business, etc. Learn more.
  • HR driven user provisioning with Zoho People, UltiPro, and BambooHR etc. Learn more.
  • Automation for repetitive tasks such as user provisioning and AD cleanup. Learn more.
  • Approval-based workflow to streamline and scrutinize creation and management of user accounts. Learn more.
  • Role-based and OU-specific delegation of user management tasks to help desk technicians. Learn more.

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting