6425a_05 config group policy
Post on 30-May-2018
219 Views
Preview:
TRANSCRIPT
-
8/14/2019 6425A_05 Config Group Policy
1/40
Module 5: Creating
and ConfiguringGroup Policy
-
8/14/2019 6425A_05 Config Group Policy
2/40
Module Overview
Overview of Group Policy
Configuring the Scope of Group Policy Objects
Evaluating the Application of Group Policy Objects
Managing Group Policy Objects
Delegating Administrative Control of Group Policy
-
8/14/2019 6425A_05 Config Group Policy
3/40
Lesson 1: Overview of Group Policy
What Is Group Policy?
Group Policy Settings
How Group Policy Are Applied
Exceptions to Group Policy Processing
Group Policy Components What Are ADM and ADMX files?
What Is the Central Store?
Demonstration: Configuring Group Policy Objects
-
8/14/2019 6425A_05 Config Group Policy
4/40
What Is Group Policy?
Use Group Policy to: Apply standard configurations: (e.g.security, windows components)
Deploy software: ( Local user), (user>computer)
-
8/14/2019 6425A_05 Config Group Policy
5/40
-
8/14/2019 6425A_05 Config Group Policy
6/40
How Group Policy Is Applied
Computer starts
Computer settingsapplied (apply new setting every 90min)
Startup scripts run
Refresh Interval
Refresh Interval
User logs on
User settings applied
Logon scripts run
Refresh Interval
Refresh Interval
Every 90 minutesEvery 90 minutes
Every 90 minutesEvery 90 minutes
-
8/14/2019 6425A_05 Config Group Policy
7/40
Exceptions to Group Policy Processing
Additional exceptions (GP cannot be applied):
Windows XP and Windows Vista use cachedcredential for faster logons
Many GPO settings take two logons to takeeffect
Cachedcredentials
=500 kilobits per second (kbps) by default Certain client side extensions are not
processed
Prior to Windows Vista, ICMP is used todetect a slow link
Windows Vista uses Network Location
Awareness
Slow links
Remote access connections: similar to slow link
Moving a user or computer object in AD DS, need to re-start the computer
-
8/14/2019 6425A_05 Config Group Policy
8/40
Group Policy Components
Group Policy Object
Stored in AD DS Provides version information
Group Policy Container
Stored in shared SYSVOL folder Provides Group Policy settings Supports both ADM and
ADMX templates
Group Policy Template
Contains Group Policy settings
Stores content in two locations
-
8/14/2019 6425A_05 Config Group Policy
9/40
-
8/14/2019 6425A_05 Config Group Policy
10/40
What Is the Central Store?
The Central Store:
Is a central repository for ADMX(syntax) and ADML(loading) files
Is stored in SYSVOL
Must be created manually
Is detected automatically by Windows Vista or Windows
Server 2008
Windows Vistaor Windows Server 2008
workstation
Windows Vistaor Windows Server 2008
workstation
ADMX filesADMX files
Domain controllerwith SYSVOL
Domain controllerwith SYSVOL
Domain controllerwith SYSVOL
Domain controllerwith SYSVOL
-
8/14/2019 6425A_05 Config Group Policy
11/40
Demonstration: Configuring Group Policy Objects
In this demonstration, you will see how to:
Create a GPO
Configure settings
-
8/14/2019 6425A_05 Config Group Policy
12/40
Lesson 2: Configuring the Scope of GroupPolicy Objects
Group Policy Processing Order
What Are Multiple Local Group Policy Objects?
Options for Modifying Group Policy Processing
Demonstration: Configuring Group Policy Object Links
Demonstration: Configuring Group Policy Inheritance Demonstration: Filtering Group Policy Objects UsingSecurity Groups
Demonstration: Filtering Group Policy Objects UsingWMI Filters
How Does Loopback Processing Work?
Discussion: Configuring the Scope of Group PolicyProcessing
-
8/14/2019 6425A_05 Config Group Policy
13/40
-
8/14/2019 6425A_05 Config Group Policy
14/40
What Are Multiple Local Group Policy Objects?
One layer of computer configurations that applies to
all users
Layers apply only to individual users, not to groups
There are three layers of user configurations:
Administrator
Non-Administrator
User-specific
-
8/14/2019 6425A_05 Config Group Policy
15/40
Options to Modify Group Policy Processing
Five methods to modify GPO default processing: Block inheritance
Enforcement inheritance
Filtering using:
1. Security groups filters or 2. WMI (Windows Mgmt Instrumentation) filters
Write the (Query: namespace: API
Disabling GPOs
Loopback processing:
merge/ replace (computer/ user setting)
D t ti C fi i G P li
-
8/14/2019 6425A_05 Config Group Policy
16/40
Demonstration: Configuring Group PolicyObject Links
In this demonstration, you will see how to:
Create and link GPOs to different locations within AD DS
Disable a GPO link
D t ti C fi i G
-
8/14/2019 6425A_05 Config Group Policy
17/40
Demonstration: Configuring GroupPolicy Inheritance
In this demonstration, you will see how to:
Block GPO inheritance
Enforce GPO inheritance
D t ti Filt i G P li Obj t
-
8/14/2019 6425A_05 Config Group Policy
18/40
Demonstration: Filtering Group Policy ObjectsUsing Security Groups
In this demonstration, you will see how to filter theapplication of GPOs using security groups
D t ti Filt i G P li Obj t
-
8/14/2019 6425A_05 Config Group Policy
19/40
Demonstration: Filtering Group Policy ObjectsUsing WMI Filters
In this demonstration, you will see how to create and assigna WMI filter
-
8/14/2019 6425A_05 Config Group Policy
20/40
How Does Loopback Processing Work?
Disc ssion Config ing the Scope of G o p Polic
-
8/14/2019 6425A_05 Config Group Policy
21/40
Discussion: Configuring the Scope of Group PolicyProcessing
Woodgrove Bank Domain TreeWoodgrove Bank Domain Tree
Woodgrove Bank
Head Office
Branches
Servers
Toronto
Winnipeg
SQL Server
ExchangeServer
Toronto site
Winnipeg Head Office
Head Office site
High-speed link
Slow link
-
8/14/2019 6425A_05 Config Group Policy
22/40
Lesson 3: Evaluating the Application of Group
-
8/14/2019 6425A_05 Config Group Policy
23/40
Lesson 3: Evaluating the Application of GroupPolicy Objects
What Is Group Policy Reporting?
What Is Group Policy Modeling?
Demonstration: How to Evaluate the Application of GroupPolicy
-
8/14/2019 6425A_05 Config Group Policy
24/40
What Is Group Policy Reporting?
Group Policy results are provided by the GPMC :
(Group policy manqgement console)
GPResult is a command line utility
Group Policy reporting is a method of planning andtroubleshooting Group Policy
-
8/14/2019 6425A_05 Config Group Policy
25/40
What Is Group Policy Modeling?
The Group Policy Modeling Wizard simulates:
Site membership
Security group membership WMI filters
Slow links
Loopback processing
The effects of moving user or computer objects to adifferent Active Directory container
The Group Policy Modeling Wizard calculates the simulated net
effect of GPOs
Demonstration: How to Evaluate the Application
-
8/14/2019 6425A_05 Config Group Policy
26/40
Demonstration: How to Evaluate the Applicationof Group Policy
In this demonstration, you will see how to run each of thetools for reviewing Group Policy application
-
8/14/2019 6425A_05 Config Group Policy
27/40
-
8/14/2019 6425A_05 Config Group Policy
28/40
GPO Management Tasks
GPO management tasks:
Back up GPOs
Restore GPOs
Copy GPOs
Import GPOs
-
8/14/2019 6425A_05 Config Group Policy
29/40
What Is a Starter GPO?
Stores administrative template settings on which the newGPOs will be based
Can be exported to .cab files
Can be imported into other areas of the enterprise
Exported to cab fileExported to cab file
starterGPOstarterGPO.cab file.cab file
Imported to GPMCImported to GPMC
Loadcabinet file
Loadcabinet file
-
8/14/2019 6425A_05 Config Group Policy
30/40
-
8/14/2019 6425A_05 Config Group Policy
31/40
Demonstration: Backing up and Restoring GPOs
In this demonstration, you will see how to back up andrestore a GPO
-
8/14/2019 6425A_05 Config Group Policy
32/40
Demonstration: Importing a GPO
In this demonstration, you will see how to:
Import a GPO Use a migration table
-
8/14/2019 6425A_05 Config Group Policy
33/40
Migrating Group Policy Objects
Can be used to convert custom ADM files to ADMX
Is GUI-based, and can be downloaded fromthe Microsoft download site utility
The ADMX Migrator utility:
Lesson 5: Delegating Administrative Control of
-
8/14/2019 6425A_05 Config Group Policy
34/40
Lesson 5: Delegating Administrative Control ofGroup Policy
Options for Delegating Control of GPOs
Demonstration: How to Delegate Administrative Controlof GPOs
-
8/14/2019 6425A_05 Config Group Policy
35/40
Options for Delegating Control of GPOs
Methods to delegatecontrol of GPOs
Create GPOsin the
domain
Edit ordelete GPOs
Link GPOs tocontainers
Use reportingtools
Membership in GroupPolicy Creator Ownersgroup or explicitpermission to createGPOs
Assign Edit rights toindividual policies
Delegate the right tolink GPOs to containers
Delegate the right touse Group Policyreporting tools
-
8/14/2019 6425A_05 Config Group Policy
36/40
-
8/14/2019 6425A_05 Config Group Policy
37/40
Lab: Creating and Configuring GPOs
Exercise 1: Creating Group Policy Objects
Exercise 2: Managing the Scope of GPO Application
Exercise 3: Verifying GPO Application
Exercise 4: Managing GPOs
Exercise 5: Delegating Administrative Control of GPOs
Estimated time: 75 minutes
Logon information
Virtual machine NYC-DC1, NYC-CL1
User name AdministratorPassword Pa$$w0rd
-
8/14/2019 6425A_05 Config Group Policy
38/40
-
8/14/2019 6425A_05 Config Group Policy
39/40
Lab Review
What other method could be used to grant a user the rightto create GPOs in the domain?
If you need to apply a GPO to computers that have certainservices installed, what is the best approach?
-
8/14/2019 6425A_05 Config Group Policy
40/40
Module Review and Takeaways
Considerations
Review questions
top related