Create and Manage Group Policy Objects

Windows Group Policy Objects are a powerful tool to aid systems administrators in managing computers and users across a domain. GPOs allow administrators to automate many tasks, such as pushing updates. They also enhance security by limiting the permissions of users. This IT Pro Challenge virtual lab will teach you how to create and manage GPOs.

1 hour
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


In the Windows file system and Active Directory, a Group Policy Object (GPO) is a collection of policies that apply to certain computers and/or user groups. GPOs are powerful because they allow centralized management of settings on client computers and servers attached to a domain. GPOs can also serve as a means of distributing software. Creating an Active Directory Group Policy will not only make your job as a systems administrator my stream-lined but also make your entire domain more secure.

A GPO can be linked to one or more Active Directory containers, such as a site, domain, or organization unit (OU). Multiple containers can be linked to the same GPO, where a single container can have more than one GPO linked to it. If numerous GPOs are connected to one container, you can decide on which GPOs are applied.

GPOs are important for many reasons. They give system administrators a tool for automating almost any task. For example, an administrator can send a system patch via a GPO to update an entire set of users in one step. GPOs can also be used to set up new user accounts on a domain quickly. Additionally, PowerShell scripts can be written to work with GPOs to efficiently manage computers and users on a domain.

To effectively manage a domain, you need to understand how to create a Group Policy Object. This virtual lab will give you hands-on experience in creating and managing GPOs and provide you with valuable skills for your career in IT.

Understand the scenario: You're a Windows Server administrator assigned to manage your organization's Active Directory Domain Services (AD DS) environment. You need to create and manage a Group Policy Object (GPO) infrastructure.

Understand the environment: You will be using a Windows Server 2016 domain controller.

Create GPOs by using the Group Policy Management Console:

For the first step of this challenge, you will work with the Group Policy Management Console (GPMC) to create several GPOs. You will first create GPOs using the Group Policy Management Console and then link the new GPOs to OUs.

Confirm GPO health by using the GMPC:

For the next step, you will check the health of your new GPOs using the GMPC.

Back up, delete, and restore GPOs:

You will next learn how to back up a GPO. You will:

  • Use the GPMC to backup a GPO.
  • Delete the GPO.
  • Restore the GPO from backup.

Configure a Group Policy central store:

A Group Policy central store allows system administrators to store all Group Policies in a single location. For this step, you will extract an .admx file and verify that the Group Policies have been applied to your GPOs.


GPOs give system administrators an easy way to manage policies across a domain. GPOs automate many daily tasks and enhance overall security across OUs. This hands-on lab will give you real-world experience in creating and managing GPOs.

In the "Create and Manage Group Policy Objects" virtual lab, you will accomplish the following:

  • Create GPOs using the GPMC.
  • Link GPOs to OUs.
  • Confirm the health of a GPO.
  • Back up, delete, and restore a GPO.
  • Configure a Group Policy central store.

Other Challenges in this series:

  • GUIDED CHALLENGE: Manage Active Directory Groups
  • GUIDED CHALLENGE: Manage Active Directory Users
  • ADVANCED CHALLENGE: Can You Create and Manage Active Directory Users and Groups?
  • GUIDED CHALLENGE: Manage Organizational Units (OUs)