Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A collection of Active Directory settings (a GPO) that centrally enforce security, configuration, and user-rights policies across Windows domain computers and users.
Group Policy Object Definition: A collection of Active Directory settings (a GPO) that centrally enforce security, configuration, and user-rights policies across Windows domain computers and users.
A Group Policy Object (GPO) is a collection of configuration settings in Microsoft Active Directory that defines the behavior of users and computers across a Windows domain. Administrators use GPOs to centrally enforce security policies, manage user rights, control system settings, deploy software, and standardize configurations on many machines at once.
GPOs are linked to Active Directory containers—sites, domains, or organizational units—and apply to the users and computers within them. Processing follows the LSDOU order (local, site, domain, OU), with later policies overriding earlier ones unless enforcement or block-inheritance is set. Settings cover the Computer Configuration and User Configuration nodes, including security options, registry-based administrative templates, scripts, and software installation. Clients refresh policy at startup or logon and roughly every 90 minutes, retrieving GPO files from the domain controllers' SYSVOL share.
Group Policy is a backbone of Windows security hardening. Through GPOs, organizations enforce password and account-lockout policies, restrict local administrator rights, configure firewall and BitLocker settings, control USB and application execution, and apply CIS or DISA STIG baselines consistently. Because GPOs are so powerful, they are also a prime attack target: an adversary who gains rights to edit a widely linked GPO can push malicious scripts or scheduled tasks to thousands of endpoints, so change control and least privilege over GPO editing are essential.
For example, an administrator creates a GPO that disables LM and NTLMv1 authentication, enforces a 14-character minimum password, blocks unsigned PowerShell scripts, and deploys the corporate antivirus agent. Linking it to the Workstations organizational unit applies the baseline to every desktop in that OU automatically. When a new PC joins the domain and lands in that OU, it inherits the full security configuration at its next policy refresh without any manual setup.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →