Creating and Linking My First GPO

Posted on by

When I started working with Active Directory, one of the first tasks I learned was how to create and link a Group Policy Object (GPO). Group Policy is a powerful way to manage user and computer settings across a domain, and in this post, I’ll show you exactly how I created and linked my first GPO to control settings for a group of users or computers.

🛠️ What You’ll Need

Before getting started, make sure:

  • You’re logged into a Windows Server with the Group Policy Management Console (GPMC) installed.
  • You have the necessary permissions (Domain Admin or delegated GPO rights).
  • You have a target OU (Organizational Unit) or domain to apply the policy to.

🎯 My Goal

For this example, I wanted to hide the Control Panel from all users in the “Sales” OU. This is a common security policy, especially in controlled environments.

✅ Step 1: Open Group Policy Management Console

I started by launching the Group Policy Management Console (GPMC):

  • Click Start, type gpmc.msc, and hit Enter.

This opens the GPMC window where I can see my domain structure and all existing GPOs.

🧱 Step 2: Create a New GPO

In the GPMC:

  1. I expanded my domain – maharjan.local in my case.
  2. Right-clicked on Group Policy Objects and selected New.
  3. Gave it a name: Hide Control Panel - Sales.

This created a blank GPO that’s not yet linked to any part of the domain.

✏️ Step 3: Edit the GPO Settings

Next, I configured the actual policy settings:

  1. Right-clicked the new GPO and selected Edit.
  2. Navigated to:
    User Configuration > Policies > Administrative Templates > Control Panel
  3. Double-clicked “Prohibit access to Control Panel and PC settings”.
  4. Set it to Enabled, then clicked OK.

This tells Windows to hide the Control Panel for any user who receives this policy.

🔗 Step 4: Link the GPO to the Target OU

Now it was time to apply the policy:

  1. In the GPMC, I navigated to the Sales OU under my domain.
  2. Right-clicked the OU and selected Link an Existing GPO.
  3. Selected Hide Control Panel - Sales and clicked OK.

This linked the policy to the Sales OU. Now, any users in that OU will have this setting applied the next time they log in.

🔁 Step 5: Apply and Test

To apply the new policy, I ran the following command on a test user’s machine:

gpupdate /force

Then I logged out and back in as a user from the Sales OU — and just like that, the Control Panel was gone!

🧠 Bonus Tips

  • Use gpresult /h report.html to generate a report of applied policies.
  • Always test GPOs in a test OU before deploying them in production.
  • GPOs apply automatically every 90–120 minutes, but you can speed it up with gpupdate.

📌 Final Thoughts

Creating and linking GPOs is one of the core skills I rely on for managing a Windows domain. It’s straightforward once you understand the structure, and incredibly powerful for applying consistent settings across your environment. Whether it’s locking down systems or pushing out configurations, GPOs are my go-to solution.

Leave a Reply

Your email address will not be published. Required fields are marked *