Non-Local, Active Directory–Based Storage

Non-local Group Policy objects store Group Policy information in two locations: a Group Policy container and a Group Policy template. They are named with a globally unique identifier (GUID), which is used to keep them synchronized.

Figure 22.4 shows data storage locations which are typically contained in a Group Policy object.

Enlarge figure

Figure 22.4 Group Policy Storage Model

Note

This information about storage implementation is purely informational. As an administrator you don't interact with the Group Policy template and the Group Policy container directly, but through Active Directory tools such as the Group Policy console.

Group Policy Container

The Group Policy container is an Active Directory storage area for Group Policy object properties; it includes both computer and user Group Policy information. The Group Policy container has the following properties:

• Version information. This makes sure that the information is synchronized with the Group Policy template information.
• Status information. This indicates whether the Group Policy object is enabled or disabled.
• List of components (extensions) that have settings in the Group Policy object.
• Policy settings as defined by the extension snap-ins:

For example, the Group Policy container stores information used by the Software Installation snap-in to describe the status of the software available for installation. This data repository contains data for all applications, interfaces, and APIs that provide for application publishing and assigning.

Group Policy Template

Group Policy objects also store Group Policy information in a folder structure called the Group Policy template that is located in the System Volume folder of domain controllers (Sysvol) in the \Policies subfolder. The Group Policy template is the container where Administrative Template–based policy settings, Security Settings, applications available for Software Installation, and script files are stored.

When you modify a Group Policy object, the directory name given to the Group Policy template is the GUID of the Group Policy object that you modify. For example, a Group Policy template folder might be named as shown in the following example:

%systemroot%\sysvol\SYSVOL\www.Reskit.com\Policies\{47636445-af79-11d0-91fe-080036644603}

A Group Policy snap-in can store data outside the Group Policy object; however, this requires that at least a link to the Group Policy object be stored either in a Group Policy container (Active Directory data store) or in a Group Policy template (file-type data stored on the Sysvol folder).

Note

Group Policy is not backed up separately from the rest of Active Directory. To back up Active Directory, you need to be a member of Backup Operators group. The required privilege is Backup Files and Directories. For instructions on backing up Active Directory, see "Active Directory Backup and Restore" in this book.

Gpt.ini File

At the root of each Group Policy template folder is a file called Gpt.ini. For local Group Policy objects, the Gpt.ini file stores information indicating:

• Which client-side extensions of the Group Policy snap-in contain User or Computer data in the Group Policy object.
• Whether the User or Computer portion is disabled.
• Version number of the Group Policy snap-in extension that created the Group Policy object.

© 1985-2000 Microsoft Corporation. All rights reserved.