190 likes | 334 Views
CN1276 Server. Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+. Agenda. Chapter 7: Introduction to Group Policy Quiz Exercise. Group Policy. Group Policy is a method of controlling settings across your network
E N D
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Agenda • Chapter 7: Introduction to Group Policy • Quiz • Exercise
Group Policy • Group Policy is a method of controlling settings across your network • Consists of user and computer settings on all versions from Windows 2000 • Linking is a process, which applies GPOs settings to various containers (domain, sites and OUs) within Active Directory • Link multiple GPOs to a single container • Link one GPO to multiple containers
Group Policy (Cont.) • The following managed settings can be defined or changed through Group Policies: • Registry-based policies • Modify the Windows Registry – desktop settings, env. variable • Software installation policies • To ensure that users always have the latest versions of applications. • Folder redirection • Offline file storage
Group Policy (Cont.) • The following managed settings can be defined or changed through Group Policies: • Scripts • Including logon, logoff, startup, and shutdown scripts • Windows Deployment Services (WDS) • Ms IE settings • Provide quick links and bookmarks for user accessibility, browser options such as proxy use, acceptance of cookies, and caching options • Security settings • Protect resources on computers in the enterprise
Security group filtering • Allows you to apply GPO settings to only one or more users or groups within a container by selectively granting permission to one or more users or security groups
Group Policy Objects (GPOs) • Local GPOs • Stored on the local computer in the %systemroot%/System32/GroupPolicy folder. • Local GPOs contain fewer options. • Do not support folder redirection or Group Policy software installation. • The local GPO is overwritten by the nonlocal GPO(AD-based), when in conflict • Domain GPOs • Start GPOs • GPO templates within AD
Group Policy Objects (Cont.) • Nonlocal GPO are linked to sites, domains, or Ous. • GPOs are stored in two places: • Group Policy container (GPC) — An Active Directory object that stores the properties of the GPO. • Group Policy template (GPT) — Located in the Policies subfolder of the SYSVOL share, the GPT is a folder that stores policy settings, such as security settings and script files.
Default Group Policies • When Active Directory is installed, two domain GPOs are created by default. • Default Domain Policy • It is linked to the domain, and its settings affect all users and computers in the domain. • Default Domain Controller Policy • It is linked to the Domain Controllers OU and its settings affect all domain controllers in the domain.
Group Policy Management Console • Microsoft Management Console (MMC) snap-in • The GPMC was not pre-installed in Windows Server 2003; it needed to be downloaded manually from the Microsoft Web site. • The GPCM is included in Windows Server 2008 by default. • When you configure a GPO, you will use the Group Policy Management Editor, which can be accessed through the GPMC or through Active Directory Users and Computers.
Group Policy Settings • Configuring Group Policy settings enables you to customize the configuration of a user’s desktop, environment, and security settings. • The actual settings are divided into two subcategories: • Computer Configuration • User Configuration
Group Policy Settings (Cont.) • The Computer Configuration and the User Configuration nodes contain three subnodes: • Software Settings • Used to apply all the software settings regardless of the computer • Windows Settings • Used for define security settings and scripts. • Administrative Templates
GPO Inheritance • You link a GPO to a domain, site, or OU or create and link a GPO to one of these containers in a single step. The settings within that GPO apply to all child objects within the object.
Group Policy Processing (LSDOU) • Local policies • Site policies • Domain policies • OU Policies • Any conflicting GPO settings are overwritten by the later running GPO
Understanding Group Policy Processing • The computer will obtain a list of GPOs during startup • Computer configuration settings are applied synchronously during computer startup before the Logon dialog box is presented to the user • Any startup scripts set to run during computer startup are processed. • Then user is prompted to press Ctrl+Alt+Del to log on
Understanding Group Policy Processing • The user profile is loaded based on the Group Policy settings • A list of GPOs specific for the user is obtained from the domain controller. • User Configuration settings also are processed in the LSDOU sequence. • After the user policies run, any logon scripts run • The user's desktop appears after all policies and scripts have been processed.
Configuring Exceptions to GPO Processing • Enforce • Forces a particular GPO’s settings to flow down through the Active Directory without being blocked by any child OUs. • Block Policy Inheritance • Configuring this setting on a container object such as a site, domain, or OU will block all policies from parent containers • Loopback Processing • Alternative method of obtaining the ordered list of GPOs to be processed for the user. • When set to Enabled, this setting has two options: Merge and Replace.
GPUpdate Command • If you make changes to a group policy, users may not see changes take effect until: • They log off or log back in. • They Reboot the computer. • They wait 90 minutes (+/- 30 minutes) for stand-alone servers/workstations and 2 minutes for domain controllers. • To manually push group policies, you need to use the gpupdate command: Gpupdate /force
Assignment • Matching • 1-10 • Multiple Choice • 1-10 • Online Lab 7