I mentioned in the preface to this book that Group Policy is often underutilized in our corporate environments, and I genuinely believe that to be true. It's not a centralized management technology for our servers and workstations—no, it is the centralized management technology for our servers and workstations. Group Policy is built right in; there are no extra parts to install or configure, and there are no extra costs or add-ons that are required. When you build an Active Directory domain, you automatically build everything that is needed to start using Group Policy to push configuration and security settings to all of the users and devices attached to that domain.
If your day job requires you to touch Domain Controller servers, you should have a working knowledge of Group Policy to do your job well. Even if you work in IT desktop support and never interact with the Windows Server operating system, you can still help your company to build more manageable, more secure computers for your workforce by understanding what is possible with the Group Policy engine. Wouldn't it be great to be able to make intelligent suggestions to the Active Directory team about settings or policies that might be pushed out to those desktop computers that are under your jurisdiction?
