Architecture of Windows Group Policy for Windows Server 2008 and Windows Vista

  • 3/5/2008


Group Policy can stand alone as a technology, but it also has many dependencies on other services and technologies; its close relationship with Active Directory explains these dependencies. Group Policy also runs under a new service, which provides a more reliable, flexible, and feature-rich environment.

Administration of Group Policy is mandatory, and understanding how GPOs are updated is essential. Understanding that the PDC emulator role domain controller is used for editing GPOs is important, as is the fact that you may choose a different domain controller. Selecting the domain controller in the correct site, as a best practice, will make Group Policy application more efficient.

Each GPO consists of two parts: the GPC and the GPT. Both parts are stored on a domain controller, but they have completely different structures and content, as well as different replication services, making the architecture of a GPO somewhat complex. Knowing that the DFSR service and the Active Directory replication have different schedules and mechanisms for replicating content can help with troubleshooting issues.

Client-side extensions are the working mechanism for configuring GPO settings on the target computer. The CSE DLL takes the information from the GPO and makes the setting on the computer. Windows Server 2008 provides over XZY CSEs, which is a large increase from the 13 that were available in Windows Server 2003.