module 6: configuring user environments using group policy
TRANSCRIPT
Module 6: Configuring User Environments Using Group Policy
Module Overview
• Configuring Group Policy Settings
• Configuring Scripts and Folder Redirection Using Group Policy
• Configuring Administrative Templates
• Configuring Group Policy Preferences
• Deploying Software Using Group Policy
Lesson 1: Configuring Group Policy Settings
• Options for Configuring Group Policy Settings
• Demonstration: Configuring Group Policy Settings Using the Group Policy Editor
Options for Configuring Group Policy Settings
Enable / DisableEnable / Disable Multi-valued settingsMulti-valued settings
Demonstration: Configuring Group Policy Settings Using the Group Policy Editor
In this demonstration, you will see how to configure Group Policy settings
Lesson 2: Configuring Scripts and Folder Redirection Using Group Policy
• What Are Group Policy Scripts?
• Demonstration: Configuring Scripts with Group Policy
• What Is Folder Redirection?
• Folder Redirection Configuration Options
• Options for Securing Redirected Folders
• Demonstration: Configuring Folder Redirection
What Are Group Policy Scripts?
Group Policy script settings can be used to assign:
• For computers
Startup scripts
Shutdown scripts
• For users
Logon scripts
Logoff scripts
You can use scripts to perform many tasks, such as clearing page files or mapping drives, and clearing temp folders for users, etc…You can use scripts to perform many tasks, such as clearing page files or mapping drives, and clearing temp folders for users, etc…
Demonstration: Configuring Scripts with Group Policy
In this demonstration, you will see how to assign a logon script to a user
What Is Folder Redirection?
Folder redirection allows folders to be located on a network server, but appear as if they are located on the local drive
Folder redirection allows folders to be located on a network server, but appear as if they are located on the local drive
The folders that can be redirected are:
• My Documents (Documents in Windows® Vista)
• Application Data (AppData in Windows Vista)
• Desktop
• Start Menu• Contacts
• Downloads
• Favorites
• Searches
• Links
Extra folders that can be redirected in Windows Vista are:
Folder Redirection Configuration Options
AccountingUsers
AccountsN-Z
AccountsA-M
AccountingManagers
Anne
MistyPrivate
Private
• Use basic Folder Redirection when all users save their files to the same location
• With advanced Folder Redirection, the server hosting the folder location is based on group membership
• Target folder location options:
• Redirect to the users’ home directory
• Create a folder for each user under the root path
• Redirect to the following location
• Redirect to the local userprofile location
Options for Securing Redirected Folders
Full control - subfolders and files only
Administrator
Security group of users that put data on share
Local System
Creator/Owner
• None
• List Folder/Read Data, Create Folders/Append Data - This Folder Only
• Full control
NTFS permissions for root folder
Full control - subfolders and files only Creator/Owner Security group of users that put data on share
• Full control
Share permissions for root folder
%Username% • Full control, owner of folder
• None
• Full Control
NTFS permissions for each users’ redirected folder
Administrators
Local system
Full control - subfolders and files only Creator/Owner
Demonstration: Configuring Folder Redirection
In this demonstration, you will see how to configure folder redirection for the Documents folder
Lesson 3: Configuring Administrative Templates
• What Are Administrative Templates?
• Demonstration: Configuring Administrative Templates
• Modifying Administrative Templates
• Demonstration: Adding Administrative Templates for Office Applications
• Discussion: Options for Using Administrative Templates
What Are Administrative Templates?
Administrative Templates sections for computers are:
• Windows components
• System
• Network
• Printers
Administrative Templates sections for users are:
• Windows components
• Start menu and taskbar
• Desktop
• Control panel
• Shared folders
• Network
• System
Administrative Templates allow you to control both the environment of the operating system and user experienceAdministrative Templates allow you to control both the environment of the operating system and user experience
Demonstration: Configuring Administrative Templates
In this demonstration, you will see how to configure Administrative Templates
Modifying Administrative Templates
ADMX files:
• Are extensible
• Can be edited with any text editor
New ADMX files can be added to the Policy Definitions folder or the Central Store
Demonstration: Adding Administrative Templates for Office Applications
In this demonstration, you will see how to add in the ADM files for Office 2007
Discussion: Options for Using Administrative Templates
• What Administrative Templates are deployed in your organization now?
• What desktop settings would you like to implement for users in your organization?
• Which Administrative Template settings will you need to apply?
Lesson 4: Configuring Group Policy Preferences
• What Are Group Policy Preferences?
• Difference Between Group Policy Settings and Preferences
• Group Policy Preference Features
• Deploying Group Policy Preferences
• Demonstration: Deploying Group Policy Preferences
What Are Group Policy Preferences?
Group Policy preferences expand the range of configurable settings within a GPO
Are not enforced
Enable IT professionals to configure, deploy, and manage operating system and application settings that were not manageable using Group Policy
Difference Between Group Policy Settings and Preferences
Group Policy settings Group Policy preferences
Strictly enforces policy settings by writing the settings to areas of the registry that standard users cannot modify
Are written to the normal locations in the registry that the application or operating system feature uses to store the setting
Typically disables the user interface for settings that Group Policy is managing
Do not cause the application or operating system feature to disable the user interface for the settings they configure
Refreshes policy settings at a regular interval
Refreshes preferences using the same interval as Group Policy settings by default
Group Policy Preference Features
Used to configure additional options that control the behavior of a Group Policy preference item
Common Tab Targeting Features
Determines to which users and computers a preference item applies
Deploying Group Policy Preferences
Windows Server 2008 includes Group Policy preferences by default as part of the Group Policy Management Console (GPMC)
Windows Server 2008 includes Group Policy preferences by default as part of the GPMC
Group Policy preferences Client side extension (CSE)must be deployed to any client computer to which you want to deploy preferences
Demonstration: Deploying Group Policy Preferences
In this demonstration, you will see how to deploy Group Policy preferences
Lesson 5: Deploying Software Using Group Policy
• Options for Deploying and Managing Software Using Group Policy
• How Software Distribution Works
• Options for Installing Software
• Demonstration: Configuring Software Distribution
• Options for Modifying the Software Distribution
• Demonstration: Modifying Software Distribution
• Maintaining Software Using Group Policy
• Discussion: Evaluating the Use of Group Policy to Deploy Software
Preparation
11
Options for Deploying and Managing Software Using Group Policy
Deployment
1.0
22
Maintenance
2.0
33
Removal
44
How Software Distribution Works
Windows Installer
Windows Installer serviceFully automates the software installation and configuration processModifies or repairs an existing application installation
Windows Installer serviceFully automates the software installation and configuration processModifies or repairs an existing application installation
Windows Installer package containsInformation about installing or uninstalling an applicationAn .msi file and any external source files Summary information about the application A reference to an installation point
Windows Installer package containsInformation about installing or uninstalling an applicationAn .msi file and any external source files Summary information about the application A reference to an installation point
Benefits of
Using
Windows
Installer
Custom installations Resilient applications
Clean removal
Custom installations Resilient applications
Clean removal
Software Distribution
Point
Software Distribution
Point
Options for Installing Software
Publish software using document
activation
Publish software using document
activation
?
Publish software using Add or
Remove Programs
Publish software using Add or
Remove Programs
Assign softwareduring Computer
Configuration
Assign softwareduring Computer
Configuration
Assign software during User
Configuration
Assign software during User
Configuration
Demonstration: Configuring Software Distribution
In this demonstration, you will see how to deploy a software package through both assigning and publishing
Options for Modifying the Software Distribution
Software can be categorized in the Add Programs applet
Software deployment can be customized using MST files
File extensions can be associated with particular applications
Options:
Demonstration: Modifying Software Distribution
In this demonstration, you will see how to:
• Create software categories
• Configure software distribution properties
Maintaining Software Using Group Policy
Mandatory upgrade
Users can use only the upgraded version
Optional upgrade
Users can decide when to upgrade
Selective upgrade
You can select specific users for an upgrade
2.0
1.02.0
2.0
1.0
Deploy next version of the
application
Deploy next version of the
application
2.0
Discussion: Evaluating the Use of Group Policy to Deploy Software
• What are the advantages of using Group Policy to deploy software?
• What are the limitations?
• What additional features are provided by other software distribution packages?
Lab: Configuring User Environments Using Group Policy
• Exercise 1: Configuring Scripts and Folder Redirection
• Exercise 2: Configuring Administrative Templates
• Exercise 3: Configuring Preferences
• Exercise 4: Verifying GPO Application
Logon information
Virtual machine NYC-DC1, NYC-CL1
User name Administrator
Password Pa$$w0rd
Estimated time: 60 minutes
Lab Review
• You have configured folder redirection for an OU, but none of the user’s folders are being redirected to the network location. When you look in the root folder, you observe that a subdirectory named for each user has been created, but they are empty. What is the problem?
• You have an .MSI file for a small application that you want globally available to all users and computers in an OU. What steps would you take to accomplish this?
Module Review and Takeaways
• Considerations
• Review questions