260 likes | 489 Views
Understanding Group Policy on Windows Server 2003. Michael J. Murphy TechNet Presenter MJMurphy@microsoft.com. What we will cover:. Group Policy Concepts Linking and Order of Precedence Group Policy Management Console New Features of Windows 2003 Group Policy. Prerequisite Knowledge.
E N D
Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter MJMurphy@microsoft.com
What we will cover: • Group Policy Concepts • Linking and Order of Precedence • Group Policy Management Console • New Features of Windows 2003 Group Policy
Prerequisite Knowledge • Experience supporting Windows servers • Experience supporting Microsoft networks • Familiarity with the Windows server user interface • Understanding of Active Directory concepts Level 200
Agenda • Windows Server 2003 Group Policy Concepts • Linking and Order of Precedence • Group Policy Management Console • New Features of Windows 2003 Group Policy
Group Policy Management Issues • Problem: Group Policy is too hard • Existing UI confusing and limited • Core capabilities missing • Reporting of GPO settings • Backup/restore of GPOs • Import/export of GPOs • Existing capabilities not scriptable
Windows Server 2003 Group PolicyGroup Policy Concepts • Used to manage users and computers • Deploys Policy through Active Directory • Applied at site, domain, and OU levels • Group Policy is highly flexible • Registry-based policy settings • Security settings • Software installation • User Environment control • Internet Explorer maintenance
Agenda • Windows Server 2003 Group Policy Concepts • Linking and Order of Precedence • Group Policy Management Console • New Features of Windows 2003 Group Policy
Windows Server 2003 Group PolicyGroup Policy Order of Precedence Child OU Policy Parent OU Policy Domain Policy Site Policy Local Security Policy
Windows Server 2003 Group PolicyGroup Policy Objects and Links • GPOs contain policy settings • Links define what objects the GPO will target • Scope of Management • Sites, Domains, OU, OU, etc. • Filtering can be based on links to Scope Of Management (SOM) • Group Policy Management Console • Better illustrates the relationship between GPOs and Links
Agenda • Windows Server 2003 Group Policy Concepts • Linking and Order of Precedence • Group Policy Management Console • New Features of Windows 2003 Group Policy
Windows Server 2003 Group PolicyGroup Policy Management Console
Windows Server 2003 Group Policy Administrative Template Extension • Used by Group Policy to configure settings in a Group Policy Object • Server Side Snap-in • Loads in Group Policy Object Editor • ADM files • Client-Side Extension • Writes policy settings that update registry keys on target client computers
Windows Server 2003 Group Policy ADM Files • Enables configuration of policy settings • Do not actually contain policy settings • Policy settings are contained registry.pol • Windows Server 2003 contains: • System.adm • Inetres.adm • Conf.adm • Wmplayer.adm • Wuau.adm • Location of ADM files
Windows Server 2003 Group PolicyRegistry.pol Files Walkthrough
demonstration • Windows Server 2003 Group Policy • Group Policy Concepts and the GPMC • Editing Group Policy Objects • Creating and Managing Group Policies
Windows Server 2003 Group PolicyGroup Policy Capabilities • Folder redirection • Backup/Restore • Software restriction • WMI Filters
Group Policy Management Backup and Restore • Backup / Export: • Transfers any live GPO to the file system • Backs up policy settings, ACLs, links to WMI filters • Restore: • Puts things back exactly as before • GPO must be in the same domain • Scenario: • Restore a policy to return to original settings
Software Restriction Policies Goals • New feature of Group Policies • Allow or restrict access to software • Set default to allow or disallow software • Create rules to bypass the default • Specify affected file extensions • Prevent: • Viruses • Unapproved or non-standard applications • Any applications you wish to restrict
Software Restriction Policies Rules • Certificate Rules • Verify digital certificate • Hash Rules • Identifies software with unique hash • Internet Zone Rules • Applies to Windows Installer packages • Path Rules • Define specific path for software
Software Restriction Policies Software Restriction Policies Creating a Path Rule demonstration
Session Summary • Group Policy allows you to manage and control your environment more easily • Use the new GPMC to manage GPO’s and Security Policies • Take Advantage of New Features of Windows Server 2003 Group Policy
For More Information… • Visit TechNet at www.microsoft.com/technet • For additional information on books, courses and other community resources that support this session visit www.microsoft.com/technet/tnt1-119