The Group Policy service on domain controllers supports the application of Group Policy settings to client computers in the domain. To successfully apply Group Policy settings, a client must be able to contact a domain controller over the DCOM, ICMP, LDAP, SMB, and RPC protocols. If these protocols are unavailable or blocked between the client and a relevant domain controller, the Group Policy service will not apply or refresh. For a cross-domain logon, where a computer is in one domain and the user account is in another, these protocols may be required for the client, the resource domain, and the account domain to communicate. Internet Control Message Protocol (ICMP) is used for slow link detection.
This service is installed by default and its startup type is Manual. When the Group Policy service is started in its default configuration, it logs on by using the Local System account.
This service is available on a Server Core installation of Windows Server 2008 R2 in addition to the Standard, Enterprise, and Datacenter editions of Windows Server 2008 and Windows Server 2008 R2.
The following table identifies the application protocols, network protocols, and ports used by the Group Policy service:
Application protocol | Network protocol | Ports |
---|---|---|
DCOM | TCP plus UDP | Random ports between 1024 and 65535 |
ICMP (ping) | ICMP | Used for slow link detection |
LDAP | TCP | 389 |
SMB | TCP | 445 |
RPC | TCP | 135 or a random port number between 1024 and 65535 |