Download
1 / 29
290 likes | 441 Vues
Chapter 10. PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY. FILTERING GROUP POLICY’S SCOPE. By default, settings flow from site to domain to OU. Three ways to control Group Policy settings inheritance Block Policy Inheritance: Security filtering WMI filters.
E N D
Chapter 10 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY FILTERING GROUP POLICY’S SCOPE • By default, settings flow from site to domain to OU. • Three ways to control Group Policy settings inheritance • Block Policy Inheritance: • Security filtering • WMI filters
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY SECURITY FILTERING
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY WMI FILTERS • Windows Management Instrumentation (WMI) • Used for queries and filters concerning • Hardware • Software • Operating system type • Can be linked to multiple GPOs
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY WMI FILTER EXAMPLES Table 10-1 WMI Filter Examples F i l t e r S t r i n g T a r g e t C o m p u t e r S a m p l e W M I F i l t e r S t r i n g T a r g e t C o m p u t e r S a m p l e W M I All computers that are Select * from Win32_OperatingSystem running Wi n dows XP where Ca p tion = "Microsoft Windows Professional XP Professional" All computers that have Select * from Win32_LogicalDisk more than 10 MB of WHERE Name= "C:" AND DriveType = 3 available drive space AND FreeSpace > 10485760 AND on a C: NTFS partition FileSystem = "NTFS" All computers with a Select * from Win32_POTSModem modem i n stalled Where Name = " MyModem"
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY CREATING WMI FILTERS
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY GROUP POLICY MANAGEMENT CONSOLE (GPMC) • Free add-on tool that can be used to manage Group Policy. Installs on: • Windows XP with Service Pack 1 • Any edition of Windows Server 2003 • Can be used for: • Importing and copying GPO settings • Backing up and restoring of GPOs • Executing the Resultant Set of Policy (RSoP) snap-in • Generating HTML reports
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY INSTALLING GPMC • GPMC is not on the Windows Server 2003 CD-ROM. • Can be downloaded for free from the Microsoft Web site. • In this course, gpmc.msi is on your supplemental CD-ROM. • Double-click the gpmc.msi file and run through the wizard. • Distribute through Group Policy.
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY GPMC CHANGES ACTIVE DIRECTORY USERS AND COMPUTERS
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY CREATING WMI FILTERS IN GPMC
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY LINKING WMI FILTERS
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY NAVIGATING WITH GROUP POLICY MANAGEMENT
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY INFORMATION DISPLAYED IN THE GPMC INTERFACE
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY DETERMINING AND TROUBLESHOOTING EFFECTIVE POLICY SETTINGS • Resultant Set Of Policy (RSoP) Wizard • Group Policy Results • Group Policy Modeling • Gpresult.exe command line tool
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY RSOP LOGGING MODE
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY RSOP PLANNING MODE
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY GROUP POLICY MODELING IN GPMC
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY GROUP POLICY RESULTS
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Gpresult.exe
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY DELEGATING GROUP POLICY ADMINISTRATIVE CONTROL • Creation of GPOs • Permissions on GPOs • Linking of GPOs • Use of Group Policy Modeling and Group Policy Results • Creation of WMI filters • WMI permissions
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY DELEGATING GPO CREATION
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY DELEGATING PERMISSIONS TO AN INDIVIDUAL GPO GPMC Individual GPO Permissions A l l o w e d P e r m i s s i o n s A l l o w e d P e r m i s s i o n s C a t e g o r y U n d e r l y i n g P e r m i s s i o n s a n d E f f e c t s C a t e g o r y U n d e r l y i n g P e r m i s s i o n s a n d E f f e c t s Read Allows Read Access on the GPO. Edit settings Includes Read, Write, Create Child Objects, and Delete Child Objects. Edit, delete, and Includes Read, Write, Create Child Objects, Delete modify security Child O b jects, Delete, Modify Permissions, and Modify Owner. Implies Full Control without the Apply Group Policy permission being set. Read (from An automatic setting that appears when a user has Security Filtering) Read and Apply Group Policy permissions to the GPO. Custom These permissions include those set individually using the ACL editor for the GPO. The ACL editor is invoked by using the Advanced button and shows the Security tab contents for the GPO.
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY DELEGATING LINKING, MODELING, AND RESULTS
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY DELEGATING WMI FILTERING
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY PLANNING GROUP POLICY INTEGRATION • Create policies at the highest level possible. • Limit the number of GPOs created. • Create specialized GPOs for policies. • Disable unnecessary portions (user or computer). • Only apply GPOs to sites when settings are required on a site basis.
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY RECOMMENDATIONS ON GROUP POLICY INHERITANCE • Limit use of the following: • No Override • Block Policy Inheritance • Security filtering
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY PLANNING ADMINISTRATION AND IMPLEMENTATION OF GPOS • Determine which administrators will have policy delegation roles • Test policy settings • Document the plan
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY RESTORING DEFAULT SECURITY SETTINGS
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY CHAPTER SUMMARY • Name two methods you can use to filter GPOs. • How many WMI filters can be applied to each GPO? • What can you do with GPMC? • What two modes are available in RSoP? • List ways in which you can delegate Group Policy control.
