► Easy administration of all GPOs across the entire Active Directory Forest
► View of all GPOs in one single list
► Reporting of GPO settings, security, filters, delegation, etc.
► Control of GPO inheritance with Block Inheritance, Enforce, and Security Filtering
► Delegation model
► Backup and restore of GPOs
► Migration of GPOs across different domains and forests
With all of these benefits, there are still negatives in using the GPMC alone. Granted, the GPMC is needed and should be used by everyone for what it is ideal for. However, it does fall a bit short when you want to protect the GPOs from the following:
► Role based delegation of GPO management
► Being edited in production, potentially causing damage to desktops and servers
► Forgetting to back up a GPO after it has been modified
► Change management of each modification to every GPO
The GPT is used for file-based data and stores software policy, script, and deployment information. The GPT is located on the system volume folder of the domain controller. A GPO can be associated with one or more Active Directory containers, such as a site, domain, or organizational unit. Multiple containers can be associated with the same GPO, and a single container can have more than one associated GPO.
Administrative Templates are a large repository of registry-based changes (in fact, over 1300 individual settings) that can be found in any GPO on Windows 2000, Windows XP, and Windows Server 2003.
By using the Administrative Template sections of the GPO you can deploy modifications to machine (called HKEY_LOCAL_MACHINE in the registry) and user (called HKEY_CURRENT_USER in the registry) portions of the Registry of computers that are influenced by the GPO.
*Schema NC, *Configuration NC, * Domain NC
Schema NC This NC is replicated to every other domain controller in the forest. It contains information about the Active Directory schema, which in turn defines the different object classes and attributes within Active Directory.
Configuration NC Also replicated to every other DC in the forest, this NC contains forest-wide configuration information pertaining to the physical layout of Active Directory, as well as information about display specifiers and forest-wide Active Directory quotas.
Domain NC This NC is replicated to every other DC within a single Active Directory domain. This is the NC that contains the most commonly-accessed Active Directory data: the actual users, groups, computers, and other objects that reside within a particular Active Directory domain.