In Active Directory, Group Policies ease the administrator's job of implementing security settings and enforcing IT policies for all users within an organizational unit, domain, or across an entire site. Group policy settings are made in a Group Policy Object (GPO). You can create GPOs for various departments in an organization to more easily manage the computers and users in each department. For example, you might create a GPO for the Engineering department and a different GPO for the Sales department.
DSfW supports all Group Policy settings that apply to Windows servers and workstations. The Password Policies for DSfW users are applied through NMAS/Universal Password settings. For information on password policy management, refer to Section 19.3.1, GPO Account Policies.
NOTE:Group Policy settings that apply to Domain Controllers are not supported in the OES environment since here it is an OES server and not a Windows Server.
When a DSfW domain is provisioned a single group policy called 'Default Domain Policy' is created. Along with many workstation specific policies, the Group Policy Object also contains the Kerberos, Account Lockout and Password related policies under the 'Account Policies' section.
You must be a member of the Domain Admins group to edit an Active Directory Group Policy for a domain.