Professional Documents
Culture Documents
Section Objectives
Section Overview
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize=
1/49
16/11/2014
This section describes the Active Directory environment and explains how Group Policy uses
Active Directory as its foundation. This section describes the steps you should follow to
deploy Group Policy, linking your design to how your company can best use the features.
This section also defines the essential network components and the security design.
Administrators must have a firm design developed before deploying Group Policy to a live
environment.
2/49
16/11/2014
Storing object information: Active Directory stores information for dozens of different
object types. The most important of these object types are users, groups, and computers.
Authenticating users: Before gaining access to any part of the Active Directory
infrastructure, users must prove who they are. This authentication is the responsibility of
the domain controller. Before anyone is allowed in, the domain controller must check user
credentials against the Active Directory database. If the information provided is correct, the
user receives a TGT as the pass to get STs before accessing any resources.
Implementing security and group policies: Security and group policies are stored in
Active Directory to reflect the policies of the organization for items such as password
strength, account lockout settings, restricted software, auditing guidelines, event log settings,
and much more. These policies are carried down to any computer within the scope of the
Security Policy.
3/49
16/11/2014
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize=
4/49
16/11/2014
Naming Standards
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize=
5/49
16/11/2014
6/49
16/11/2014
7/49
16/11/2014
To create local user and group accounts, use either Control Panel, the User Accounts tool, or
the Computer Management Console.
Domain User Accounts
Domain user accounts have many advantages over their local counterparts. Once you
authenticate a user in the domain as a particular individual, he or she can access any resources
that he or she has been given permissions to. Known as an SSO or single sign-on, this
eliminates the cumbersome process of juggling multiple accounts and passwords on different
systems. If the resources are in the same domain, you can grant access to the one user
account.
User account objects are usually created within the Active Directory Users and Computers
tool.
However, you can use other tools to create accounts in bulk, such as:
Csvde.exe
Ldifde.exe
VBScript
Any ADSI compatible tool
8/49
16/11/2014
Any user within a security group obtains all the rights and permissions of the group itself. A
user who is a member of more than one group will receive all those rights combined.
Distribution: A distribution group is used strictly for e-mail distribution. When an e-mail
message is directed to the address of the group, all users who are part of the group will
receive the message. For this mechanism to function properly, an e-mail service such as
Microsoft Exchange must be running to enumerate the inboxes of the users who are in the
group.
Group Scopes
Organizational Units
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize=
9/49
16/11/2014
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
10/49
16/11/2014
Users are members of groups for access control purposes, whereas users are contained
within OUs for storage and for applying Group Policy.
A user can be a member of as many groups as the administrator sees fit, but an account
object can be stored in only one OU at a time.
These differences can get confusing at times, especially when some of the OUs and groups
have similar names. To avoid confusion, some organizations prefix OUs with the letters
OU-. This practice is not very commonplace and you can avoid it by naming groups
descriptively and naming OUs more briefly.
Creating an OU Structure
11/49
16/11/2014
you can create sub-OUs to further divide organizational resources based upon other
categories.
Departmental
The most popular OU design is a departmental one. This design fits neatly into the company
profile and you can base it upon existing organizational charts that depict the breakdown of the
corporate structure. A tool that is commonly used to design these organizational charts is the
Microsoft drawing tool Visio. Since the introduction of Active Directory, Microsoft Visio has
been able to export the graphical organizational charts into a format compatible with Active
Directory. For a new Active Directory deployment, this feature can reduce the effort needed
to establish the initial OU structure.
Functional
The functional design does not usually stand on its own. Most organizations subdivide either
their geographic or departmental model into sub-OUs representing a more granular structure of
departments and job roles.
Figure 50: Introducing the Design Stages for Implementation Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
12/49
16/11/2014
You might get many practical tips for deploying and managing Group Policy in a classroom
environment, but the real test is when you deploy a Group Policy in your own Active
Directory enterprise.
Although deploying Group Policy presents many challenges, its benefits become apparent soon
after deployment.
The four major stages required for successfully implementing a Group Policy solution are:
Planning
Designing
Deploying
Managing
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
13/49
16/11/2014
Policy Survey
Policy Objectives
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
14/49
16/11/2014
Policy Components
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
15/49
16/11/2014
A successful Group Policy design takes into account the many levels of policies that are
implemented within your company. It balances acceptable network security levels against the
IT department requirements, the businesses requirements, and potentially, government
requirements.
Planning for Security
The first step in designing a functional Security Policy is to understand what your company
will accept and what it will reject. Enabling a password policy that contains complex
passwords might, on paper, be a smart security choice, as long as your users do not write the
password down on a scrap of paper and pin it to their cubicle bulletin board.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
16/49
16/11/2014
Analyzing the needs of your company and what management and IT will accept is important
in deploying a sound Security Policy.
A policy that enforces a 15-character password that will be changed once every 6 months may
be more palatable to all users from the top of the management tree to the bottom than a 7
character password with complexity that is changed every month and is constantly being
written down.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
17/49
16/11/2014
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
18/49
16/11/2014
Group Policy applies only to computers running the following operating systems:
Windows 2000
Windows XP Professional
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8 Client
Windows Server 2012
(You cannot deploy Group Policy on computers that are running Windows 95, Windows 98,
or Windows NT 4.0.)
If the client and servers in your company primarily run Windows 2000 Professional and you
have Windows Server 2003 servers, use the Windows Server 2003 Administrative
Templates; they are the latest .adm files and include settings for Windows 2000, Windows
XP, and Windows 2003 computer systems. Similarly, the newest .admx templates included
with Windows Server 2008 and later provide all of the newest settings, plus backward
compatibility for older versions of Windows.
Each GPO setting details which version of Windows it supports. If you attempt to apply a
GPO containing newer settings to an older version of Windows that does not support the
applied setting, it will be ignored.
To determine which settings apply to which operating systems, look at the Supported on
information in the description for the setting. This information explains which operating
systems can read the setting.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
19/49
16/11/2014
If the destination computer is running Windows 2000 or later, and the computer account and
the account for the logged-on user are both located in an Active Directory domain, both the
computer and the user portions of a GPO are processed.
If either the logged-on user account or the computer account is located in a Windows NT 4.0
domain, System Policy is processed for the accounts that are located in the domain.
Computers running Windows NT 4.0, Windows 95, or Windows 98 use System Policy rather
than Group Policy. System policies can still be deployed from an Active Directory domain to
these older clients.
20/49
16/11/2014
Are users and computers controlled based on their roles and locations?
Are desktop configurations based on user and computer requirements?
What are your user requirements for various types of users: desktop, notebooks, mobile,
terminal services?
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
21/49
16/11/2014
22/49
16/11/2014
GPO Functionality
The functional characteristics of GPOs are:
GPOs are inherited: If a GPO is linked at the domain level and at the OU level, both the
user and computer accounts in the domain and OU could be affected by both OUs.
GPOs are monolithic: Each GPO is created from the same master template and,
therefore, contains the same choices regardless of its location in the site, domain, or OU.
GPOs and performance are linked: If a computer system or user account has to process
many GPO settings, performance can suffer.
23/49
16/11/2014
Replication
Replication in Active Directory is controlled by the built-in replication system of Active
Directory. Within the same site, replication between domain controllers that are running at the
functional domain level of Windows 2003 Server within the same site occurs every 15
seconds.
In environments such as a partially upgraded forest that contains domain controllers running
Windows 2000 and Windows Server 2003, a typical replication might take up to 15 minutes.
The FRS controls the replication of the Sysvol folder. Within sites, replication occurs every 15
minutes. If the domain controllers are in different sites, the replication process occurs at set
intervals based on site topology and schedule; the lowest interval is 15 minutes across a WAN
link unless Notification has been enabled.
If it is critical to immediately apply a change to a specific group of users or computers in a
specific site, use Active Directory Users and Computers to connect to the domain controller
closest to these objects, and then make the configuration change on that domain controller.
This technique will allow those users to get the updated policy first.
All changes made to GPOs are replicated from the domain controller that is assigned the
FSMO role of PDC emulator to the other domain controllers hosting the domain. The FRS
links together and updates the Sysvol folders within each domain.
Slow Links
Active Directory defines a link as slow when it falls below the default threshold of 500 kBps.
Group Policy settings that are applied under these conditions are the Administrative
Templates settings along with the security settings.
All other Group Policy settings, including software distribution and folder redirection, are not
applied across slow links. However, this default threshold for both the computer and user can
be changed by modifying the Slow Link Detection policy.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
24/49
16/11/2014
The server is pinged with 0 bytes of data and times the number of milliseconds; if the
result is less than 10 ms, the operating system assumes a fast link.
2.
The server is pinged with 2 kB of uncompressible data and times the number of
milliseconds. This value is called time2. DELTA = time2 time1 The result is equal to
the time to move 2 kB of data.
Note
In Windows Vista, Windows Server 2008 and later, Group Policy uses NLA in
the operating system to detect a slow network. This circumvents the issues surrounding the
unreliable usage of ICMP to determine speed.
25/49
16/11/2014
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
26/49
16/11/2014
For Windows 2000 Server, Windows XP, and Windows Server 2003, software packages
require:
A logoff and logon to take effect when applied to the user
A reboot when applied to the computer
Windows Vista, Windows Server 2008 and later can apply software packages without the
need to first log off or restart the computer.
27/49
16/11/2014
in the domain.
In order to apply account policies to domain accounts, these policy settings must be deployed
in a GPO that is linked to the domain. It is recommended that you set these settings in the
Default Domain Policy GPO.
Keep in mind the Group Policy inheritance model and how precedence is determined. By
default, options set in GPOs that are linked to higher levels of Active Directory containers
(sites, domains, and OUs) are inherited by all containers at lower levels.
If you want to apply a number of policy settings to computers in a particular physical location
only (for example, network or proxy configuration settings), you can apply these settings at the
site level. However, if the settings do not distinctly match to computers in a single site, it is
better to assign the GPO to the domain or OU structure instead.
28/49
16/11/2014
and delegation of administrative duties. The goal of your OU design is to simplify Group
Policy application and troubleshooting.
Separate OU Design
One distinct design is to place all the computer accounts in one OU and all the user accounts
in another. Using a structure in which OUs contain either user or computer objects but not
both, you could disable the computer section or user section of a GPO to speed up the
processing of each GPO. However, separating the user and computer components into
separate GPOs will require more GPOs. You can compensate for this by adjusting the GPO
status to disable the user or computer sections of each GPO that do not apply and to reduce
the time required to apply a given GPO.
Central Control
If central control is desired, consider geographically-based OUs as child OUs and duplicate the
structure for each location for a clean familiar structure.
Remember, all child OUs by default inherit GPOs that are linked to the higher layers of your
OU structure.
You can apply Group Policy settings at the domain level, so consider settings at the domain
level for company-wide settings, such as password policies.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
29/49
16/11/2014
Figure 65: Applying Group Policy to New User and Computer Accounts
After deployment, the policy changes will automatically be discovered at regular intervals. By
default all new user and computer accounts are created in the CN=Users and
CN=Computers containers shown in Active Directory Users and Computers.
For Windows 2003 and later Active Directory environments, you can apply group policies to
the default user and computer containers if you redirect them with the following command-line
utilities:
redirusr.exe: For user accounts
redircmp.exe: For computer accounts
These command-line utilities enable you to change the default location where new user and
computer accounts are created so that you can more easily design and link GPOs directly to
newly created user and computer objects.
The Redirusr and Redircmp utilities are located in WINNT\system32 on a Windows 2003 or
later domain controller.
Running the Redirusr and Redircmp utilities, a domain administrator can specify the OUs
into which all new user and computer accounts are placed when they are created.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
30/49
16/11/2014
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
31/49
16/11/2014
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
32/49
16/11/2014
Windows
Rights Granted
Group
Enterprise Admin
Create, delete, edit, and link GPOs in all forest containers (sites, domains, and OUs).
Domain Admins
Create, delete, edit, and link GPOs in the domain and all OUs hosted by the domain, but not
in sites. See note below for exceptions to this rule.
Create GPOs in the domain to which the group belongs. Users who are members of this
Owners
group can edit any GPOs that they create; however, other members of the group cannot.
Deleting GPOs is not allowed. Linking to a site, domain, or OU is also not allowed.
Local Admins
Create GPOs in the domain to which the group belongs. A user that is a member of this
group can edit and delete all GPOs that any other group member has created. Linking the
GPO to the domain and any OUs hosted by the domain is also allowed.
33/49
16/11/2014
If your Active Directory network is a single domain, be aware that by default the local
administrator is made a member of the Domain Admins, Enterprise Admin, Schema Admins
and Group Policy Creators groups.
Group Policy Creator Owners Group
34/49
16/11/2014
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
35/49
16/11/2014
Creating GPOs
Managing individual GPOs (for example, granting edit or read access to a GPO)
Performing the following tasks on sites, domains, and OUs:
Managing Group Policy links for a given site, domain, or OU
Performing Group Policy Modeling analyses for objects in that container (not applicable
for sites)
Reading Group Policy Results data for objects in that container (not applicable for sites)
Creating WMI filters
Managing and editing individual WMI filters
To delegate Group Policy-related permission on a site, domain, or OU, select the appropriate
container. Do the following:
1.
2.
3.
Select the permission that you want to manage: Link GPOs, Perform Group Policy
Modeling analyses, or Read Group Policy Results data.
Note
Group Policy Modeling and Group Policy Results are not available for sites.
Manually Assigning Permissions
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
36/49
16/11/2014
Rights
Control
Full control
Read
View the GPO in the Group Policy Console (Opening the GPO to edit is not allowed.)
Write
View and edit the GPO (Note: The read permissions must also be granted to even be able
to view the GPO.)
Delete a GPO
37/49
16/11/2014
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
38/49
16/11/2014
However, it might not always be desirable for an administrator to use the PDC to edit GPOs.
If the administrator is located in a remote site, or if the users or computers targeted by the
GPO are in a remote site, the administrator might want to choose to target a domain controller
in the site local to the administrator. You can change the default editing location of GPOs from
the PDC emulator to any other domain controller in the domain, as shown in Figure 74.
For example, if you are an administrator in Canada and the PDC emulator is in Denver, CO,
U.S.A., it might be inconvenient to rely on a WAN link to access the PDC emulator in
Denver. CO, U.S.A.
Use the Change Domain Controller function to specify the domain controller that you will use
for a given domain or for all sites in a forest. You have four options:
The domain controller with the operations master token for the PDC emulator (the default
option)
Any available domain controller
Any available domain controller running Windows Server 2003 or later
This domain controller (Select a specific domain controller that you want to use.)
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
39/49
16/11/2014
Option
Function
/target
Description of option
domain
dc
both
Recreates both the Default Domain Policy and the Default Domain Controllers Policy
Starter GPOs
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
40/49
16/11/2014
41/49
16/11/2014
Edit the policy, right-click the name of the policy in the Group Policy Management
Editor, and then select Properties.
2.
Click the Comment tab and then type a description of the policy.
When you select the policy, the comment should be visible in the GPMC, on the Details tab.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
42/49
16/11/2014
Note: The current version of AGPM is 4.0. This version works with Windows Server
2008, Server 2008 R2, Windows Vista and Windows 7. There is no official version of
AGPM available for Windows Server 2012 and Windows 8 Client yet.
43/49
16/11/2014
Acronyms
The following acronyms are used in this section:
ACL
ADSI
ADUC
AGPM
CN
common name
DC
domain controller
DNS
EC
Enterprise Client
EFS
FQDN
FRS
FSMO
GPCO
GPO
HKLM
HKEY_LOCAL_MACHINE
ICMP
IT
Information Technology
kB
kilobytes
kBps
LDAP
MDOP
MMC
ms
millisecond
MSDN
MSI
OU
organizational unit
PDC
RIS
SSLF
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
44/49
16/11/2014
SSO
single sign-on
ST
service ticket
TCP/IP
TGT
WAN
WMI
Section Review
Summary
The heart of Active Directory is a database with object types such as Users, Groups,
Computers, Contacts, Printers, and Shared folders. Active Directory is made up of a
collection of components (Site, Global Catalog, Forest, Tree, Domain, Domain Controller,
and OU) that work at different levels of a hierarchy.
The four stages of implementing Group Policy are:
Planning: During this stage, you will decide which components of Group Policy to
deploy in your organization; start gathering information about your company and how it
carries out its day-to-day business with an Active Directory network; design a Group
Policy that manages entities such as: Computer security, Software deployment, etc.
Designing: During this stage, you will configure the physical components of the
environment, lay out the Group Policy model, delegate management authority, create
new GPOs, and design the interaction of GPOs with Active Directory sites.
Deploying: During this stage, you will make the policy available to the users and
computers that you want to affect with the settings.
Managing: During this stage, you will put mechanisms in place to manage group policies
on an ongoing basis; delegate authority to subordinate administrators to manage certain
aspects of Group Policy; specify a default domain controller for GPO editing; use tools
such as Starter GPOs and the GPO to track and control Group Policy objects.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
45/49
16/11/2014
To plan your Group Policy in accordance with your company requirements, do the
following:
Ask your help desk, end users, management, and support staff the planning stage
questions.
Determine which components of Group Policy to deploy.
Find out about the design and implementation of your Active Directory infrastructure.
Start gathering information about your company; how it carries out its day-to-day
business with an Active Directory network.
If your company has several divisions, find out how the network infrastructure is
managed.
Base your Group Policy design on your physical and logical Active Directory
deployment.
Ensure the plan manages the Group Policy entities such as computer security, folder
redirection, roaming user profiles, etc.
Follow these guidelines when you create new GPOs:
Use the settings in your GPOs that you are already familiar with and use a domain GPO
to deploy a company-wide GPO with minimal settings that are acceptable to everyone.
Create more granular GPOs on a per-OU basis to affect smaller numbers of users and
computers with their specific needs.
Define a meaningful naming convention for GPOs that clearly identifies the purpose of
each GPO; the name should include the settings applied and the date of creation and
change.
You can link policies to the domain, site, or at the various levels of a nested OU structure.
Decide the degree to which you should centralize or distribute administrative control of
Group Policy. In a centralized administration model, the IT group provides services and
setting standards for the entire company. In a distributed administration model, each
business unit manages its own IT group. Based on the administrative model, determine
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
46/49
16/11/2014
which configuration management components should be handled at the site, domain, and
OU levels.
You can manually assign permissions to a GPO from the Group Policy MMC.
Knowledge Check
1.
2.
Briefly describe the Planning and Design stages of implementing Group Policy.
3.
What should you do when you plan your Group Policy in accordance with your
company requirements? (Choose all that apply.)
a.
b.
Find out about the design and implementation of your Active Directory
infrastructure.
c.
Base your Group Policy design on your physical and logical domain controller
deployment.
d.
Determine how your company carries out its day-to-day business with an Active
Directory network.
4.
5.
What can you link the policies to when you deploy your Group Policy solution?
6.
Name the two models you can use to delegate the administration of Group Policy.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
47/49
16/11/2014
Briefly describe the Planning and Design stages of implementing Group Policy.
During the Planning stage:
Decided which components of Group Policy to deploy
Start gathering information about your company and how it carries out its dayto-day business with an Active Directory network
Design a Group Policy that manages entities (computer security, software
deployment, etc.)
During the Design stage:
Configure the physical components of the environment
Lay out the Group Policy model
Delegate management authority
Create new GPOs
Design the interaction of GPOs with Active Directory sites
3.
What should you do when you plan your Group Policy in accordance with your
company requirements? (Choose all that apply.)
a.
b.
Find out about the design and implementation of your Active Directory
infrastructure.
c.
Base your Group Policy design on your physical and logical domain controller
deployment.
d.
Determine how your company carries out its day-to-day business with an
Active
Directory network.
4.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
48/49
16/11/2014
What can you link the policies to when you deploy your Group Policy solution?
You can link the policies to the domain, site, or at the various levels of a nested
OU structure.
6.
Name the two models you can use to delegate the administration of Group Policy.
Centralized administration model and distributed administration model
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=4&FontSize
49/49