> For the complete documentation index, see [llms.txt](https://osconfig.osdeploy.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://osconfig.osdeploy.com/docs/untitled-2/active-directory-gpo.md).

# Active Directory GPO

You can create a Local Policy for OSConfig by creating an Active Directory Group Policy Object. If you have Full Control of Active Directory and you can create a GPO, then good for you. My role in my Enterprise is to customize the Operating Systems, and to create our Deployment strategy for Operating Systems. I am not a Security Expert . . . so I will not get deep into the Security side of things when working with GPOs.

For the purpose of this guide, I will detail how to create a GPO for OS Customization only. It is up to you to determine the strategies for enforcing and item level targeting. To be clear, the GPO's that we will use will not be used for Policy on a Domain, but for OS Deployment only.

Back to AD . . . I have rights in my Enterprise to create a GPO, but not to link it to an OU. I turn those into our AD team to implement, but if I am going to use a GPO for OS Customization only, then no need to turn over the GPO . . . which means I maintain full control.

If you do not have rights to create a GPO, get with your Active Directory guys to create these for you and grant you permission to edit them, and let them know it's ok if you don't get permission to link them to an OU.

I manage a mixed Enterprise of both Windows 10 and Windows 7 so this guide will detail both

If you do not have rights to Active Directory Group Policy Management, then why not create a VM Domain Controller?

## Create GPO's <a href="#create-gpos" id="create-gpos"></a>

I recommend creating the following GPOs in Active Directory

​


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://osconfig.osdeploy.com/docs/untitled-2/active-directory-gpo.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.