1 / 38

Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy. Module Overview. Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the Application of Group Policy Objects Managing Group Policy Objects Delegating Administrative Control of Group Policy.

lindsay
Télécharger la présentation

Module 5: Creating and Configuring Group Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 5: Creating and Configuring Group Policy

  2. Module Overview • Overview of Group Policy • Configuring the Scope of Group Policy Objects • Evaluating the Application of Group Policy Objects • Managing Group Policy Objects • Delegating Administrative Control of Group Policy

  3. Lesson 1: Overview of Group Policy • What Is Group Policy? • Group Policy Settings • How Group Policy Are Applied • Exceptions to Group Policy Processing • Group Policy Components • What Are ADM and ADMX files? • What Is the Central Store? • Demonstration: Configuring Group Policy Objects

  4. What Is Group Policy? Group Policy enables IT administrators to automate one-to-many management of users and computers Use Group Policy to: • Apply standard configurations • Deploy software • Enforce security settings • Enforce a consistent desktop environment Local Group Policy is always in effect for local and domain users and local computer settings

  5. Group Policy Settings Group Policy settings for users control these settings: • Software • Windows • Security • Desktop • Software • Windows • Security • Operating systems Group Policy settings for computers control thesesettings:

  6. How Group Policy Is Applied Computer starts Refresh Interval Every 90 minutes • Computer settings applied • Startup scripts run User logs on Refresh Interval Every 90 minutes • User settings applied • Logon scripts run

  7. Exceptions to Group Policy Processing Additional exceptions: Slow links • 500 kilobits per second(kbps)by default • Certain client side extensions are not processed • Prior to Windows Vista, ICMP is used to detect a slow link • Windows Vista uses Network Location Awareness Cached credentials • Windows XP and Windows Vista use cached credential for faster logons • Many GPO settings take two logons to take effect • Remote access connections • Moving a user or computer object in AD DS

  8. Group Policy Components Group Policy Container • Stored in AD DS • Provides version information Group Policy Object Group Policy Template • Stored in shared SYSVOL folder • Provides Group Policy settings • Supports both ADM and ADMX templates • Contains Group Policy settings • Stores content in two locations

  9. What Are ADM and ADMX Files? ADM files are: • Copied into every GPO in SYSVOL • Difficult to customize ADMX files are: • Language neutral • Not stored in the GPO • Extensible through XML

  10. What Is the Central Store? The Central Store: • Is a central repository for ADMX and ADML files • Is stored in SYSVOL • Must be created manually • Is detected automatically by Windows Vista or Windows Server 2008 ADMX files Windows Vista or Windows Server 2008workstation Domain controller with SYSVOL Domain controller with SYSVOL

  11. Demonstration: Configuring Group Policy Objects In this demonstration, you will see how to: • Create a GPO • Configure settings

  12. Lesson 2: Configuring the Scope of Group Policy Objects • Group Policy Processing Order • What Are Multiple Local Group Policy Objects? • Options for Modifying Group Policy Processing • Demonstration: Configuring Group Policy Object Links • Demonstration: Configuring Group Policy Inheritance • Demonstration: Filtering Group Policy Objects Using Security Groups • Demonstration: Filtering Group Policy Objects Using WMI Filters • How Does Loopback Processing Work? • Discussion: Configuring the Scope of Group Policy Processing

  13. Group Policy Processing Order Site GPO2 GPO3 Domain GPO4 OU GPO1 Local group GPO5 OU OU

  14. What Are Multiple Local Group Policy Objects? • One layer of computer configurations that applies to all users • Layers apply only to individual users, not to groups • There are three layers of user configurations: • Administrator • Non-Administrator • User-specific

  15. Five methods to modify GPO default processing: Options for Modifying Group Policy Processing • Block inheritance • Enforcement • Filtering using security groups or WMI filters • Disabling GPOs • Loopback processing

  16. Demonstration: Configuring Group Policy Object Links In this demonstration, you will see how to: • Create and link GPOs to different locations within AD DS • Disable a GPO link

  17. Demonstration: Configuring Group Policy Inheritance In this demonstration, you will see how to: • Block GPO inheritance • Enforce GPO inheritance

  18. Demonstration: Filtering Group Policy Objects Using Security Groups In this demonstration, you will see how to filter the application of GPOs using security groups

  19. Demonstration: Filtering Group Policy Objects Using WMI Filters In this demonstration, you will see how to create and assign a WMI filter

  20. How Does Loopback Processing Work?

  21. Discussion: Configuring the Scope of Group Policy Processing Head Office Winnipeg Toronto site Woodgrove Bank Domain Tree Woodgrove Bank Head Office site Slow link Head Office Branches High-speed link Toronto Winnipeg Servers SQL Server Exchange Server

  22. Lesson 3: Evaluating the Application of Group Policy Objects • What Is Group Policy Reporting? • What Is Group Policy Modeling? • Demonstration: How to Evaluate the Application of Group Policy

  23. What Is Group Policy Reporting? Group Policy reporting is a method of planning and troubleshooting Group Policy • Group Policy results are provided by the GPMC • GPResult is a command line utility

  24. The Group Policy Modeling Wizard simulates: What Is Group Policy Modeling? The Group Policy Modeling Wizard calculates the simulated net effect of GPOs • Site membership • Security group membership • WMI filters • Slow links • Loopback processing • The effects of moving user or computer objects to a different Active Directory container

  25. Demonstration: How to Evaluate the Application of Group Policy In this demonstration, you will see how to run each of the tools for reviewing Group Policy application

  26. Lesson 4: Managing Group Policy Objects • GPO Management Tasks • What Is a Starter GPO? • Demonstration: How to Copy a GPO • Demonstration: Backing up and Restoring GPOs • Demonstration: Importing a GPO • Migrating Group Policy Objects

  27. GPO management tasks: GPO Management Tasks • Back up GPOs • Restore GPOs • Copy GPOs • Import GPOs

  28. What Is a Starter GPO? • Stores administrative template settings on which the new GPOs will be based • Can be exported to .cab files • Can be imported into other areas of the enterprise Exported to cab file Imported to GPMC starterGPO .cab file Load cabinet file

  29. Demonstration: How to Copy a GPO In this demonstration, you will see how to copy a GPO

  30. Demonstration: Backing up and Restoring GPOs In this demonstration, you will see how to back up and restore a GPO

  31. Demonstration: Importing a GPO In this demonstration, you will see how to: • Import a GPO • Use a migration table

  32. Migrating Group Policy Objects • Can be used to convert custom ADM files to ADMX • Is GUI-based, and can be downloaded from the Microsoft download site utility The ADMX Migrator utility:

  33. Lesson 5: Delegating Administrative Control of Group Policy • Options for Delegating Control of GPOs • Demonstration: How to Delegate Administrative Control of GPOs

  34. Options for Delegating Control of GPOs

  35. Demonstration: How to Delegate Administrative Control of GPOs In this demonstration, you will see how to delegate the right to create, edit, link, and use the reporting tools for Group Policy

  36. Lab: Creating and Configuring GPOs • Exercise 1: Creating Group Policy Objects • Exercise 2: Managing the Scope of GPO Application • Exercise 3: Verifying GPO Application • Exercise 4: Managing GPOs • Exercise 5: Delegating Administrative Control of GPOs Logon information Estimated time: 75 minutes

  37. Lab Review • What other method could be used to grant a user the right to create GPOs in the domain? • If you need to apply a GPO to computers that have certain services installed, what is the best approach?

  38. Module Review and Takeaways • Considerations • Review questions

More Related