Group Policy objects -Part of Active directory that can be configured with various settings, they are either user or computer configuration setting and can be applied to users or computers, These objects are stored within GPO containers which are stored within the Active Directory Database, each of these objects have a unique Global identifier called a GUID.

Group Policy Settings -These are settings that apply to the policy, for example Enabled,Not configured, Disabled. They perform an action. They are stored within the Sysvol folder.

Force Refresh – Right click on OU and Click Group Policy Update, you will receive a popup to confirm if the update has been applied.

Status Bar – Highlight the Domain name and it will show you the status of the DC

Group Policy Report – Highlight the policy and select settings in the right pain you can note the details listed on how the policy applies and to where it applies

Configuration of Group Policy

Step 1:

Note the Structure
The scroll icon with the small arrow denotes linked policies
Note - the Default Domain Policy & the Domain Controller Policy (Ideally you do not want to mess around to much with these policies as it can have a negative effect unless you know what you doing)
You Should Create all your Group Policies firstly in the Group Policy Objects folder (They will not apply unless linked), This creates a good standard of practise for testing as you can create test policies and apply them to Test OU's.

Firstly let's adjust some settings on the default domain policy (remember not to change to much on this policy - when applying group policy try and place it as close to the OU where it needs to take effect. In this example we will be wanting it to take effect throughout our organisational structure of our Domain. This is a very broad and sweeping policy.
Note - The hierachy structure on the Right you will need to know the basic location of some of these settings as we will adjust them.
You Might get a popup when selecting the policy, don't be alarmed it's just a warning. you can read through and add the exception.

Let's also change the account lockout policy to 3 attempts and apply.
You will note another popup that recommends changing the account lockout duration as well as the reset account lockout to 30 minutes click apply.
Note - this is a computer configuration change and will generally only apply once we reboot the machine. Computer Configuration and User Configurations are different. User Configuration Policies can be forced to update via the Gpupdate/force command entered into the CMD Prompt(Run as Admin) . You can then Log off and log on to test if the configuration has applied without a reboot.
Lets Test. Logon as your test user ([email protected]). After 3 incorrect password attempts you should be locked out for thirty minutes.