Active Directory

Active Directory (AD) is a service developed with the intention of allowing interconnection of devices within a network. Active Directory offers management capabilities from a centralised location, and stores information about members of the domain including the users, access rights, digital assets and much more.

Group Policy (GP) is a separate utility that is available to the Administrators that are running on an Active Directory domain. Group Policy provides a centralised management and configuration of applications, operating systems and user settings and other computer accounts. It allows an account with appropriate privileges to control what user privileges are applied to each group to control what they have access to on their device.

As example of a Group Policy rule is password complexity. This can be used to stipulate that every user must make their Windows logon at least 9 characters with a special character and number, which prevents users from choosing a simple password that is far less secure. It can also be used to allow or prevent unidentified users that are using remote computers to connect to a network share, or restrict certain folders to a specific group who require this access.

The idea of GP, linked with Active Directory, is that when a new employee joins your company, you can add them to a specific group with pre-defined rules rather than configuring rules individually for each employee. Overall, if you are looking for a way to better manage your network while it is expanding, adopting Active Directory and GP allow for significantly improved management of devices, alongside better security controls when it is configured optimally. There is a lot to learn about these services, and there is a large amount of customisability available that you can adopt depending on the style of your network.