In Active Directory, Group Policies ease the administrator's job of implementing security settings and enforcing IT policies for all users within an organizational unit, domain, or across an entire site. Group policy settings are made in a Group Policy Object (GPO). You can create GPOs for various departments in an organization to more easily manage the computers and users in each department. For example, you might create a GPO for the Engineering department and a different GPO for the Sales department.
DSfW supports all Group Policy settings that apply to Windows servers and workstations. Group Policy settings that apply to domain controllers (such as Password Policies) are not supported in the OES 2 environment. The Password Policies for DSfW users are controlled by eDirectory and the Universal Password settings.
When a DSfW domain is provisioned, a single group policy called 'Default Domain Policy' is created. Along with many workstation specific policies, the Group Policy Object also contains the Kerberos, Account Lockout and Password related policies under the 'Account Policies' section.
You must be a member of the Domain Admins group to edit an Active Directory Group Policy for a domain. For troubleshooting information pertaining to group policy management, see Section 19.5, Group Policy Management Issues.