Scribd Logo
Upload

Welcome to Scribd!

  • Group Policy

    Uploaded by

    Nawaz Rehan
    371 views27 pages
    Group Policy Objects in Active Directory allow administrators to centrally manage user and computer configuration settings across an organization. They can be used to control desktop settings, security policies, script deployment, and software installation. Group Policies inherit settings by default but inheritance and specific policies can be modified. Group Policies provide a standardized method for deploying and maintaining software applications on users' computers.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Group Policy Objects in Active Directory allow administrators to centrally manage user and computer configuration settings across an organization. They can be used to control desktop settings, security policies, script deployment, and software installation. Group Policies inherit settings by default but inheritance and specific policies can be modified. Group Policies provide a standardized method for deploying and maintaining software applications on users' computers.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    371 views27 pages

    Group Policy

    Uploaded by

    Nawaz Rehan
    Group Policy Objects in Active Directory allow administrators to centrally manage user and computer configuration settings across an organization. They can be used to control desktop settings, security policies, script deployment, and software installation. Group Policies inherit settings by default but inheritance and specific policies can be modified. Group Policies provide a standardized method for deploying and maintaining software applications on users' computers.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 27

    Implementing and Using

    Group Policy
    Objectives
    • Create and manage Group Policy objects to
    control user desktop settings, security, scripts, and
    folder redirection
    • Manage and troubleshoot Group Policy
    inheritance
    • Deploy and manage software using Group Policy

    University of Education 2
    Introduction to Group Policy
    • Group policy centralizes management of user and
    computer configuration settings throughout a
    network
    • A group policy object is an Active Directory
    object used to configure policy settings for user
    and computer objects
    • There are two default Group Policy Objects:
    • Default Domain Policy (linked to domain container)
    • Default Domain Controllers Policy (linked to domain
    controller OU)
    University of Education 3
    Introduction to Group Policy
    (continued)
    • You can modify default GPOs
    • You can create new GPOs and link them to
    particular sites, domains, and OUs
    • Policy settings will be propagated to all users and
    computers in container including child OUs
    • Group policy can only be applied to computers
    running Windows Server 2003, Windows 2000,
    and Windows XP

    University of Education 4
    Creating a Group Policy
    Object
    • Two ways to create a GPO:
    • Group Policy standalone Microsoft Management
    Console (MMC) snap-in
    • Group Policy extension in Active Directory Users and
    Computers

    University of Education 5
    Activity 9-1: Creating a Group
    Policy Object Using the MMC

    • Objective: To create a GPO using the Group


    Policy Object Editor MMC snap-in
    • Locate the MMC Group Policy Object Editor snap-in
    • Create a new GPO

    University of Education 6
    Activity 9-1 (continued)

    University of Education 7
    Activity 9-2: Creating OUs and
    Moving User Accounts
    • Objective: To create new Organizational Units
    and move existing user accounts into them.
    • Must be familiar with using OUs for controlling the
    application of Group Policy settings
    • Create new OUs using Active Directory Users and
    Computers
    • Move users into the new OUs

    University of Education 8
    Activity 9-3: Creating a Group
    Policy Object and Browsing
    Settings Using Active Directory
    Users and Computers
    • Objective: Create a GPO using Active Directory
    Users and Computers as an alternative to MMC
    snap-in
    • From Active Directory Users and Computers, use the
    Group Policy tab of the Properties of an existing OU to
    add and create GPOs
    • Browse configuration settings of a Group Policy Object

    University of Education 9
    Editing a GPO

    University of Education 10
    Editing a GPO (continued)
    • Table 9-1 shows configuration categories for both
    computer and user configurations
    • Two tabs in Properties of each setting:
    • Setting allows you to enable or disable the setting
    • Explain provides information about the setting
    • GPO content is stored in 2 locations:
    • Group Policy container (GPC)
    • Group Policy template (GPT)
    • A GPO is identified by a 128-bit globally unique
    identifier (GUID)
    University of Education 11
    Application of Group Policy
    • Two main categories to a Group Policy
    • Computer configuration (settings apply to computers in
    the container)
    • User configuration (settings apply to users in the
    container)
    • Upon computer startup (or user logon)
    • Computer queries domain controller for GPOs. Domain
    controller finds applicable GPOs.
    • Domain controller presents list of GPOs. The client
    gets Group Policy templates, applies the settings and
    runs the scripts.
    • Same basic process happens for user logons

    University of Education 12
    Controlling User Desktop
    Settings
    • Administrative templates
    • Used to limit user manipulation of user desktop and
    computer configurations
    • Aim is to reduce administrative costs
    • Seven main categories of configuration settings can be
    applied to either computer or user section of a GPO

    University of Education 13
    Controlling User Desktop
    Settings (continued)

    University of Education 14
    Activity 9-5: Configuring
    Group Policy Object User
    Desktop Settings
    • Objective: To configure and test the application of
    Group Policy settings
    • Use Active Directory Users and Computers to
    access the desired configuration settings
    • Configure settings using the Group Policy Object
    Editor
    • Verify that the configured settings have the
    expected results

    University of Education 15
    Managing Security Settings
    with Group Policy
    • Password Policy, Account Policy, and Kerberos
    Policy settings are only applicable to domain
    objects
    • Other nodes in Security Settings category can be
    applied at both domain and OU levels
    • Local Policies
    • Audit Policy
    • User Rights Assignment
    • Security Options

    University of Education 16
    Managing Security Settings
    with Group Policy (continued)
    • Event Log
    • Restricted Groups
    • System Services
    • Registry
    • File System
    • Wireless Network Policies
    • Public Key Policies
    • Software Restriction Policies
    • IP Security Policies on Active Directory
    University of Education 17
    Activity 9-6: Configuring
    Group Policy Object Security
    Settings
    • Objective: Use Group Policy settings to configure
    a logon banner for domain users
    • Use Active Directory Users and Computers to
    access the Default Domain Policy GPO
    • Create a logon banner
    • Verify that the banner appears

    University of Education 18
    Assigning Scripts
    • Windows Server 2003 can run scripts during:
    • User logon or logoff
    • User section of GPO
    • Computer startup and shutdown
    • Computer section of GPO
    • Default is for scripts to run synchronously from
    top to bottom
    • Can specify script time-outs, asynchronous
    execution, and hiding of scripts

    University of Education 19
    Activity 9-8: Assigning Logon
    Scripts to Users Using Group
    Policy
    • Objective: Use GPOs to assign logon scripts to
    domain users
    • Create a script file
    • Add the script to the logon policies of a particular
    group using Active Directory Users and
    Computers
    • Verify that the script runs for members of the
    group and not for other users
    University of Education 20
    Managing Group Policy
    Inheritance
    • Specific order for GPO application:
    • Local computer  Site  Domain  Parent OU 
    Child OU
    • By default, all GPO settings are inherited
    • At each level, there can be multiple GPOs
    • Policies are applied in the order that they appear on the
    Group Policy tab for each container, bottom GPO first
    • Applying a large number of GPOs can affect
    startup and logon performance
    University of Education 21
    Deploying Software Using
    Group Policy
    • Applications that can be deployed using Group
    Policy include:
    • Business applications (e.g., Microsoft Office)
    • Anti-virus software
    • Software updates (e.g., service packs)
    • Four phases of software rollout
    • Software preparation
    • Deployment
    • Software maintenance
    • Software removal
    University of Education 22
    Software Preparation
    • Microsoft Windows installer package (MSI)
    • MSI file contains all of the information needed to
    install an application in a variety of configurations
    • Software vendors include preconfigured MSI packages
    • For older applications, can create MSI packages using
    3rd party utilities (e.g., VERITAS)
    • To install, place MSI file in a shared folder and
    configure Group Policy to access for installation

    University of Education 23
    Software Preparation
    (continued)
    • If application doesn’t have an MSI package can
    use ZAP file
    • Text file used by Group Policy to deploy an application
    • Can only be published and not assigned
    • Is not resilient
    • Requires user intervention and proper permissions

    University of Education 24
    Summary
    • A Group Policy Object is an object in Active
    Directory used to configure and apply settings for
    user and computer objects
    • Two default GPOs created when Active Directory
    is installed:
    • Default Domain Policy
    • Default Domain Controllers Policy
    • Two mechanisms for creating GPOs
    • Microsoft Management Console Group Policy snap-in
    • Group Policy extension in Active Directory Users and
    Computers

    University of Education 25
    Summary
    • GPOs can be used:
    • to control user desktop settings and security settings
    • to apply scripts on user logon and logoff and computer
    startup and shutdown
    • for folder redirection
    • GPOs are applied in a specific order
    • GPOs are inherited by default
    • Can be changed by blocking Group Policy inheritance,
    configuring No Override, or filtering using user
    permissions
    • Use GPRESULT or Resultant Set of Policy tool to view
    effective Group Policy settings
    University of Education 26
    Summary
    • GPOs are useful in deploying and maintaining
    software applications
    • GPOs are used for four main phases of software
    rollout: preparation, deployment, maintenance,
    removal
    • For deployment, Group Policy uses an MSI file
    containing information needed to install in a variety
    of configurations
    • Deployed applications can be either assigned or
    published

    University of Education 27

    You might also like