Download - Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada [email protected]
![Page 1: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/1.jpg)
Understanding Group Policy Part 3 of 3
Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor
Microsoft CanadaMicrosoft Canada
[email protected]@microsoft.comhttp://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus
![Page 2: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/2.jpg)
What Will We Cover?• Group Policy Management
• Advanced Group Policy Security
• Scripting Group Policy
• Group Policy Modeling
![Page 3: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/3.jpg)
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
![Page 4: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/4.jpg)
Administrative Template Extension
• Simple way to configure policy
• Largest Group Policy extension
• .ADM files enable user interface
![Page 5: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/5.jpg)
Using ADM Template Extensions
Domain Controller Active
Directory Database
SYSVOL
Modify Group PolicyModify Group Policy11 Stored on domain controllerStored on domain controller22 Policy applied to clientPolicy applied to client33
![Page 6: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/6.jpg)
Demo
Reviewing .ADM Files
demonstration
![Page 7: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/7.jpg)
Custom ADM Templates
Use to Do not use to
• Increase security• Disable interface options• Disable confusing items• Control data
• Configure all settings• Create unsupported policy
![Page 8: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/8.jpg)
Registry Policies
HKEY_LOCAL_MACHINE\SOFTWARE\policies
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\policies
HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\policies
![Page 9: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/9.jpg)
Demo
Customizing .ADM Templates
demonstration
![Page 10: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/10.jpg)
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
![Page 11: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/11.jpg)
Scripting Group Policy
GPMC
COM Interfaces
Sample Scripts
Backing up GPOs
Creating a new GPO
Creating environment using XML
Importing a GPO
Listing disabled GPOs
Listing GPO information
![Page 12: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/12.jpg)
Demo
Scripting Group Policy
Using GPMC Scripts Changing the Script Host Engine Using Scripts to Back up GPOs
demonstration
![Page 13: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/13.jpg)
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
![Page 14: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/14.jpg)
Exclude Accounts from Group Policy
Domain Controller
Administrator
![Page 15: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/15.jpg)
Demo
Configuring Group Policy ACLs
Protect Administrator from Group Policy
demonstration
![Page 16: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/16.jpg)
Delegating Control of GPOs
Domain Controller
Administrator
Delegate
Delegate
![Page 17: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/17.jpg)
Demo
Delegating Administration
Delegating “create GPOs” to ITGroup Delegating Sales User GPO
demonstration
![Page 18: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/18.jpg)
Security Configuration and Analysis
Does the hard work
Enables quick review
Ensures policies are enforced
Allows local security configuration
![Page 19: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/19.jpg)
Security Configuration Wizard
Security Configuration
Wizard
download.microsoft.com/download/f/7/1/f71adf6e-dbab-48a2-9a29-9e481110fd55/SCWQuickStartDoc.doc
Administrator
![Page 20: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/20.jpg)
Demo
Applying Security Templates
demonstration
![Page 21: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/21.jpg)
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
![Page 22: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/22.jpg)
Windows 2000 Windows XP
Windows XP
WMI Filtering
Domain Controller
WMI Filter
XP Professional only
![Page 23: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/23.jpg)
Demo
Using WMI Filters
Creating WMI Filters Applying WMI Filters Modeling WMI Filters
demonstration
![Page 24: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/24.jpg)
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
![Page 25: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/25.jpg)
GPO Backup
Copying GPOs between Domains
us.contoso.com uk.contoso.com
GPO Copy
us.contoso.comus.fabrikam.com
GPO Import
![Page 26: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/26.jpg)
Demo
Migrating GPOs across Domains
demonstration
![Page 27: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/27.jpg)
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
![Page 28: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/28.jpg)
Group Policy Modeling Overview
• Group Policy Modeling Wizard
• Group Policy Results Wizard
• HTML Reports
www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/b8af2303-dac9-4fd5-9717-c3a7f553c627.mspx
![Page 29: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/29.jpg)
Loopback Processing
• Changes GPO processing order
• Process only computer settings
• Merge user and computer settings
![Page 30: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/30.jpg)
Demo
Modeling GPO Loopback
demonstration
![Page 31: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/31.jpg)
Session Summary• Manage and control your environment more easily
• Enhance security in your environment
• Group Policy Modeling predicts behavior of GPOs before implementing them
![Page 32: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com](https://reader035.vdocument.in/reader035/viewer/2022070305/55141012550346e7488b4fe3/html5/thumbnails/32.jpg)
For More Information
Visit TechNet at
www.microsoft.ca/technet
Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor
Microsoft CanadaMicrosoft Canada
[email protected]@microsoft.comhttp://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus