1 / 8

System and Group Policies

System and Group Policies. Lecture 7 Hassan Shuja 11/02/2004. System and Group Policies. System and Group Policies Used to manage user and computer environments Policies are set on the local computer while other policies are set at the domain, site, or OU level

hadassah-hancock
Télécharger la présentation

System and Group Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. System and Group Policies Lecture 7 Hassan Shuja 11/02/2004

  2. System and Group Policies • System and Group Policies • Used to manage user and computer environments • Policies are set on the local computer while other policies are set at the domain, site, or OU level • Allows for central management • Policies offer more options than User profiles

  3. System and Group Policies • System Policies • Policies created to manage non-Windows 2000 clients on a Windows 2000 network • Provide a consistent environment for a large number of users • User System Policy • Two type a ‘individual user policy’ or a ‘Default user policy’ • Individual applies to a single user • Default user policy needs to be created and will apply to users if they do not have an individual user policy • Group System Policy • Applies to all users members of a group that do not have individual user policies • If a user has multiple group policies, than they are applied from bottom to top • The group at the top has the highest priority

  4. System and Group Policies • System Policies • Computer System Policy • A collection of settings that specifies a local computer’s configuration • Two types a ‘individual computer policy’ and a ‘Default computer policy’ • Individual applies to a single computer • Default computer policy needs to be created and will apply to computers if they do not have an individual computer policy • Creating a System Policy • Use a utility called the System Policy Editor (poledit.exe) • Save the file as ntconfig.pol for NT clients and as config.pol for non-NT clients • These files are saved under the NETLOGON share of the domain controller

  5. System and Group Policies • Group Policies • Used to manage Windows 2000 clients • New feature in Windows 2000 • Central point of administration • Define users’ environments and system configuration from one central location • Can configure such things as the start menu, account policies, script assignments, security settings, and software distribution • Group Policies consist of two components • An Active directory object called a Group Policy Object (GPO) • A series of files and folders that are automatically when created when the GPO is created • GPO’s are associated with a specific AD container • GPO’s also use inheritance

  6. System and Group Policies • Group Policies • Group Polices are applied based on user’s location in the Active Directory • For example – If a domain has a group policy, that is applied first and then if the OU that the user belongs to has a policy,that is applied second. • If there is no conflicting policies than the policies are added but when conflicting the OU policy takes precedence • Group Policies can be set on each individual computer using the computer without the use of AD • These policies support same as AD except software installation and folder redirection (gpedit.msc) • Within AD, you can define three types of GPOs; domain, OU, site • A Site is a collection of subnets on your network that high speed links connect • Group Policies on Active Directory are created through “Active Directory Users and Computers” or “Active Directory Sites and Services”

  7. System and Group Policies • Group Policy • Multiple GPOs can apply to a user object • The GPO at the top has the highest priority and therefore processed last • Policy inheritance works in the following method • Local computer, Site Policy, Domain Policy, OU Policy • You can block inheritance and you can also prevent inheritance (‘No Override’ setting) from being blocked • If both of these settings are applied the No Override takes precedence over blocking inheritance • GPOs can be linked from one OU to another • This cuts down on administration time • A new AD object is created

  8. System and Group Policies • Group Policy • Most settings in a GPO have three states • Unconfigured, enabled, disabled – By default all settings in a GPO are unconfigured • Members of the Enterprise Admins group, Domain Admins, or domain Administrators groups have the necessary permissions to create GPOs • GP files are saved in %Systemroot%\SYSVOL\sysvol\domain_name\Policies folder on the domain controller • This allows for accessibility from anywhere in the domain and for replication to other domain controllers • One challenge is to determine the right policy to apply to your users (Know what your users do and need before implementing)

More Related