1 / 22

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Polic

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy. Understanding Group Policy Concepts . Group Policy Objects (GPOs) Local GPOs are stored on each Windows 2000+ clients and servers

afric
Download Presentation

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Polic

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 EnvironmentChapter 9:Implementing and Using Group Policy

  2. Understanding Group Policy Concepts • Group Policy Objects (GPOs) • LocalGPOs are stored on each Windows 2000+ clients and servers • Non-local GPOs are stored at the domain level within AD

  3. Introduction to Group Policy • Group policy centralizes management of user and computer configuration settings throughout a network • A group policy object is an Active Directory object used to configure policy settings for user and computer objects • There are two default Group Policy Objects: • Default Domain Policy (linked to domain container) • Default Domain Controllers Policy (linked to domain controller OU)

  4. Introduction to Group Policy (continued) • You can modify default GPOs • You can create new GPOs and link them to particular sites, domains, and OUs • Policy settings will be propagated to all users and computers in container including child OUs • Group policy can only be applied to computers running Windows Server 2003, Windows 2000, and Windows XP

  5. Creating a Group Policy Object • Two ways to create a GPO: • Group Policy standalone Microsoft Management Console (MMC) snap-in • Group Policy extension in Active Directory Users and Computers

  6. Group Policy • Desktop settings • Security • Scripts • Computer • User • Folder redirection • Software deployment

  7. Editing a GPO • Computer or User Configuration

  8. Editing a GPO (continued) • Two tabs in Properties of each setting: • Setting allows you to enable or disable the setting • Explain provides information about the setting • GPO content is stored in 2 locations: • Group Policy container (GPC) • An AD container • Stores info such as GUID and Version • System\Policies • Group Policy template (GPT) • Stores GPO settings • Registry changes stored in Registry.pol • %systemroot%\sysvol\<domain name>\Policies • A GPO is identified by a 128-bit globally unique identifier (GUID)

  9. Understanding Group Policy Concepts • Group Policy template information

  10. Understanding Group Policy Concepts • Group Policy template subfolders

  11. Understanding Group Policy Concepts • Group Policy template subfolders • GPT.INI • In root folder of each template • Enabled/Disabled • Version

  12. Application of Group Policy • Two main categories to a Group Policy • Computer configuration (settings apply to computers in the container) • User configuration (settings apply to users in the container) • Upon computer startup (or user logon) • Computer queries domain controller for GPOs. Domain controller finds applicable GPOs. • Domain controller presents list of GPOs. The client gets Group Policy templates, applies the settings and runs the scripts. • Same basic process happens for user logons

  13. Group Policies • Computer settings take precedence over user settings • Computer settings take effect • After refresh interval 90+ minutes • When OS restarted • User setting • After refresh interval 90+ minutes • When new logon

  14. Group Policies • Policy settings • Not Configured • Processed • Enabled • Processed • Disabled • Not Processed • Local Computer policy settings • Applied as soon as they are saved

  15. Controlling User Desktop Settings • Administrative templates • Used to limit user manipulation of user desktop and computer configurations • Aim is to reduce administrative costs • Seven main categories of configuration settings can be applied to either computer or user section of a GPO

  16. Controlling User Desktop Settings (continued)

  17. Managing Security Settings with Group Policy • Password Policy, Account Policy, and Kerberos Policy settings are only applicable to domain objects • Other nodes in Security Settings category can be applied at both domain and OU levels • Local Policies – applies to local account database • Maybe Overwritten by Domain or OU policies • Audit Policy • User Rights Assignment • Security Options

  18. Understanding Group Policy Concepts • Password Policy settings, under Windows settings • Password History • Password age • Min Length • Complexity • Encryption

  19. Understanding Group Policy Concepts • Account Lockout Policy under Windows settings • Duration • Threshold • Reset • Zero must manually reset

  20. Managing Security Settings with Group Policy (continued) • Event Log • Restricted Groups –controls group membership • System Services • Registry • File System • Wireless Network Policies • Public Key Policies • Software Restriction Policies • IP Security Policies on Active Directory

  21. Assigning Scripts • Windows Server 2003 can run scripts during: • User logon or logoff • User section of GPO • Computer startup and shutdown • Computer section of GPO • Default is for scripts to run synchronously from top to bottom • Can specify script time-outs, asynchronous execution, and hiding of scripts

  22. Try it! Activity 9.1 – 9.7

More Related