1 / 10

Managing Group Policies

Managing Group Policies. Lecture 9. Group Policies . Group Policies are used to manage user/computer environments. Allow for central administration and management of multiple computers/users

lynton
Télécharger la présentation

Managing Group Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Group Policies Lecture 9

  2. Group Policies • Group Policies are used to manage user/computer environments. • Allow for central administration and management of multiple computers/users • The goal of policy-based administration is for the administrator to state a wish about the state of users/computer environment once, then rely on the system to enforce that wish.

  3. Group Policies • SOM - apply to users and computers depending on where they reside in the Active Directory (AD) (sites, domains, Organizational Units and computers) • Each collection of settings is called GPO • Default policies: local policy, default domain policy, default domain controllers policy • Group Policy Object Editor • Group Policy Management Console

  4. GPO settings • Computer and user configuration settings • Both contain Software Settings, Windows Settings, Administrative Templates • Each setting needs to be configured as enabled or disabled before it can be used

  5. Managing Security • Security settings: - Account Policies - Password Policies - Account Lockout Policies • Software Restriction Policies (new)

  6. How GPOs are applied • Group Policies are applied based on a user's or computer's location in the AD container hierarchy -sites, domains, and organizational units (OUs). • By default settings applied by a GPO to a container are inherited by users/computers/containers inside • AD processes GPOs is by L->S->D->OU hierarchy.

  7. Local Computer Policies • Every Win2K, XP or 2003 computer has a local GPO that you can't centrally manage • With a local GPO, you can modify local policy to provide security and desktop restrictions without the use of AD-based GPOs. • Local GPOs support all the default extensions except software installation and folder redirection.

  8. AD GPOs • Within AD, you can define GPOs at three different levels—domain, OU, or site (A site is a collection of subnets on your network that high-speed links connect. ) • Only users and computers are subject to GPOs. • Multiple GPOs linked to a single SOM are processed in order they are listed (highest on the list has priority, it’s processed last). • GPOs are inherited – and default inheritance can be blocked

  9. The order of policy inheritance Local Computer Policy Site PolicyGPO Site Domain A Domain Policy GPO Sales PolicyGPO PayrollOU Sales OU Public Docs PolicyGPO Product XOU

  10. How GPOs are applied • By default, if conflicting settings exist in each of these containers, the last one processed is the setting that applies • You can change this inheritance by configuring either Block Inheritance or No Override. • If both settings are applied at different container levels within AD, No Override takes precedence over Block Inheritance • RSoP tool reports final effective policy result

More Related