1 / 26

Understanding Group Policy on Windows Server 2003

Understanding Group Policy on Windows Server 2003. Michael J. Murphy TechNet Presenter MJMurphy@microsoft.com. What we will cover:. Group Policy Concepts Linking and Order of Precedence Group Policy Management Console New Features of Windows 2003 Group Policy. Prerequisite Knowledge.

afra
Download Presentation

Understanding Group Policy on Windows Server 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter MJMurphy@microsoft.com

  2. What we will cover: • Group Policy Concepts • Linking and Order of Precedence • Group Policy Management Console • New Features of Windows 2003 Group Policy

  3. Prerequisite Knowledge • Experience supporting Windows servers • Experience supporting Microsoft networks • Familiarity with the Windows server user interface • Understanding of Active Directory concepts Level 200

  4. Agenda • Windows Server 2003 Group Policy Concepts • Linking and Order of Precedence • Group Policy Management Console • New Features of Windows 2003 Group Policy

  5. Group Policy Management Issues • Problem: Group Policy is too hard • Existing UI confusing and limited • Core capabilities missing • Reporting of GPO settings • Backup/restore of GPOs • Import/export of GPOs • Existing capabilities not scriptable

  6. Windows Server 2003 Group PolicyGroup Policy Concepts • Used to manage users and computers • Deploys Policy through Active Directory • Applied at site, domain, and OU levels • Group Policy is highly flexible • Registry-based policy settings • Security settings • Software installation • User Environment control • Internet Explorer maintenance

  7. Agenda • Windows Server 2003 Group Policy Concepts • Linking and Order of Precedence • Group Policy Management Console • New Features of Windows 2003 Group Policy

  8. Windows Server 2003 Group PolicyGroup Policy Order of Precedence Child OU Policy Parent OU Policy Domain Policy Site Policy Local Security Policy

  9. Windows Server 2003 Group PolicyGroup Policy Objects and Links • GPOs contain policy settings • Links define what objects the GPO will target • Scope of Management • Sites, Domains, OU, OU, etc. • Filtering can be based on links to Scope Of Management (SOM) • Group Policy Management Console • Better illustrates the relationship between GPOs and Links

  10. Agenda • Windows Server 2003 Group Policy Concepts • Linking and Order of Precedence • Group Policy Management Console • New Features of Windows 2003 Group Policy

  11. Windows Server 2003 Group PolicyGroup Policy Management Console

  12. Windows Server 2003 Group Policy Administrative Template Extension • Used by Group Policy to configure settings in a Group Policy Object • Server Side Snap-in • Loads in Group Policy Object Editor • ADM files • Client-Side Extension • Writes policy settings that update registry keys on target client computers

  13. Windows Server 2003 Group Policy ADM Files • Enables configuration of policy settings • Do not actually contain policy settings • Policy settings are contained registry.pol • Windows Server 2003 contains: • System.adm • Inetres.adm • Conf.adm • Wmplayer.adm • Wuau.adm • Location of ADM files

  14. Windows Server 2003 Group Policy ADM Files Walkthrough

  15. Windows Server 2003 Group PolicyRegistry.pol Files Walkthrough

  16. demonstration • Windows Server 2003 Group Policy • Group Policy Concepts and the GPMC • Editing Group Policy Objects • Creating and Managing Group Policies

  17. Windows Server 2003 Group PolicyGroup Policy Capabilities • Folder redirection • Backup/Restore • Software restriction • WMI Filters

  18. Group Policy Management Backup and Restore • Backup / Export: • Transfers any live GPO to the file system • Backs up policy settings, ACLs, links to WMI filters • Restore: • Puts things back exactly as before • GPO must be in the same domain • Scenario: • Restore a policy to return to original settings

  19. Software Restriction Policies Goals • New feature of Group Policies • Allow or restrict access to software • Set default to allow or disallow software • Create rules to bypass the default • Specify affected file extensions • Prevent: • Viruses • Unapproved or non-standard applications • Any applications you wish to restrict

  20. Software Restriction Policies Rules • Certificate Rules • Verify digital certificate • Hash Rules • Identifies software with unique hash • Internet Zone Rules • Applies to Windows Installer packages • Path Rules • Define specific path for software

  21. Group Policy Management WMI Filters

  22. Group Policy ManagementWMI Filters

  23. Software Restriction Policies Software Restriction Policies Creating a Path Rule demonstration

  24. Session Summary • Group Policy allows you to manage and control your environment more easily • Use the new GPMC to manage GPO’s and Security Policies • Take Advantage of New Features of Windows Server 2003 Group Policy

  25. For More Information… • Visit TechNet at www.microsoft.com/technet • For additional information on books, courses and other community resources that support this session visit www.microsoft.com/technet/tnt1-119

More Related