Updating group policies
To accomplish the goal of central management of a group of computers, machines should receive and enforce GPOs.
A GPO that resides on a single machine only applies to that computer.
Client Side Extensions are now included in Windows Server 2008, Windows 7, and Windows Server 2008 R2.
There is a set of group policy setting extensions that were previously known as Policy Maker.
Microsoft bought Policy Maker and then integrated them with Windows Server 2008.
These filters allow administrators to apply the GPO only to, for example, computers of specific models, RAM, installed software, or anything available via WMI queries.
Local Group Policy (LGP, or Local GPO) is a more basic version of Group Policy for standalone and non-domain computers, that has existed at least since Windows XP Home Edition, Prior to Windows Vista, LGP could enforce a Group Policy Object for a single local computer, but could not make policies for individual users or groups.
As part of Microsoft's Intelli Mirror technologies, Group Policy aims to reduce the cost of supporting users.
Intelli Mirror technologies relate to the management of disconnected machines or roaming users and include roaming user profiles, folder redirection, and offline files.
Alternatively, a malevolent user can modify or interfere with the application so that it cannot successfully read its Group Policy settings, thus enforcing potentially lower security defaults or even returning arbitrary values.
Windows 8 has introduced a new feature called Group Policy Update.
Microsoft has since released a migration tool that allows users to migrate Policy Maker items to Group Policy Preferences.
Group Policy Preferences adds a number of new configuration items.
This feature allows an administrator to force a group policy update on all computers with accounts in a particular Organizational Unit.