1 / 20

Windows 7 Group Policy

Windows 7 Group Policy. Clyde G. Johnson. Agenda. Test Environment Tools of the trade Demo Central Store Show Group Policy Spreadsheets Demo Planning and Deployment. Test Environment. Mine is built in VMware Workstation Windows 2003 domain controller / file server Windows XP client

tait
Télécharger la présentation

Windows 7 Group Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows 7 Group Policy Clyde G. Johnson

  2. Agenda • Test Environment • Tools of the trade • Demo • Central Store • Show • Group Policy Spreadsheets • Demo • Planning and Deployment

  3. Test Environment • Mine is built in VMware Workstation • Windows 2003 domain controller / file server • Windows XP client • Windows 7 client • Windows 2003 Domain / forest • Used GPMC scripts to import my environment • Isolated from production network

  4. Tools of the Trade • RSAT • Installs WS2008R2 administration tools on Windows 7 computers for remote management • Enables GUI-based remote management for full server and server core installations • Download • GPMC • Part of Windows 7 and 2008 R2 • Security Compliance Manager

  5. Installation Demo • Install RSAT • Install GMPC • Show SCM • Export as spreadsheet • Export as GPO

  6. Central Store • Centralized Repository for ADMX Files • One-time creation and population of central store per domain • Replicated to all domain controllers • Helps prevent “GPO bloat” • Contains all ADMX templates including Office 2010 and IE 8.0 • Located in Sysvol (case sensitive) • [sysvol]\<domain>\policies\PolicyDefinitions

  7. PolicyDefinitions - example • Sample

  8. Planning: DeploymentTest, Stage and Production • It’s a “good thing” if you: Test -> Stage -> Test -> Deploy -> Validate • For significant functional changes, consider a pilot. • Don’t limit the pilot to just IT Staff – they often know how to workaround/resolve issues! • Some GPMC features are specifically focused on testing/staging/piloting/deploying GPOs • Group Policy Modeling (more elegant face on RSoP Planning) • Backup/Copy/Import (including migration tables) • Specific “sample” scripts - particularly CreateXMLFromEnvironment and CreateEnvironmentFromXML (optionally include users and groups) • Documentation: HTML or XML Reports

  9. Deployment Guidance • Start small and build… • Security (SCM) • Firewall • Folder Redirection • OS / Application Configuration • IE Maintenance • Software Installation • Segregate and congregate

  10. Group Policy Comments • Per Group Policy Object (GPO) • Per Group Policy setting • Per Group Policy Preference (GPP) Item 1. 2. 3.

  11. Group Policy Logging • Administrative Log • Applications and services log • XML Based event logs • New Tools - GPOLogView

  12. For you Home Admins • Multple local GPO’s LGPO’s LGPO Local Computer Policy Admin Admin/Non-Admin Group Policy User User Specified Group Policy

  13. My Favorites • Folder Redirection • Offline Files (encrypted) – Mobile only

  14. Features: Folder Redirection • Do not pre-create folders (ACL issues) • Do not redirect Application Data folder (particularly if logged on from multiple computers): • Exclusive locks • Absolute paths • Network latency • You cannot redirect to a mapped drive (folder redirection occurs before mapping of drives)

  15. PowerShell SupportWindows 7, Windows Server 2008 R2 • 25 PowerShell cmdlets for Group Policy scripting • GPO operations: creation, removal, backup, and import • GPO link operations: creation, update, and removal • Setting inheritance flags and permissions on Active Directory organizational units (OUs) and domains • GPO Settings: Creating, update, retrieval, removal • Only registry-based policy settings (Administrative Templates) • GPP Settings: Creating, update, retrieval, removal • No Item-Level Targeting • Starter GPOs operations: creation and update

  16. GP PowerShell Examples

  17. PowerShell & GPO Scripts Windows 7, Windows Server 2008 R2 • PowerShell Scripts supported in GPO Startup/Shutdown & Logon/Logoff scripts • By default, Windows PowerShell scripts run after non-Windows PowerShell scripts

  18. References • Group Policy TechNet page http://www.microsoft.com/technet/grouppolicy • Group Policy Wiki http://grouppolicy.editme.com • Group Policy Team Blog http://blogs.technet.com/grouppolicy • Group Policy Settings Reference http://go.microsoft.com/fwlink/?LinkID=131389 • Remote Server Administration Tools (RSAT) http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d

  19. ADMX: UI New UI: More intuitive, integrated help content, no more tabs Support for: • REG_MultiSZ • REG_QWORD • Easier to use authoring experience • Do things faster • Support for more data types • More control

  20. Resources • www.microsoft.com/teched • Sessions On-Demand & Community • www.microsoft.com/learning • Microsoft Certification & Training Resources • http://microsoft.com/technet • Resources for IT Professionals • http://microsoft.com/msdn • Resources for Developers

More Related