1 / 19

CN1276 Server

CN1276 Server. Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+. Agenda. Chapter 7: Introduction to Group Policy Quiz Exercise. Group Policy. Group Policy is a method of controlling settings across your network

bunme
Download Presentation

CN1276 Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

  2. Agenda • Chapter 7: Introduction to Group Policy • Quiz • Exercise

  3. Group Policy • Group Policy is a method of controlling settings across your network • Consists of user and computer settings on all versions from Windows 2000 • Linking is a process, which applies GPOs settings to various containers (domain, sites and OUs) within Active Directory • Link multiple GPOs to a single container • Link one GPO to multiple containers

  4. Group Policy (Cont.) • The following managed settings can be defined or changed through Group Policies: • Registry-based policies • Modify the Windows Registry – desktop settings, env. variable • Software installation policies • To ensure that users always have the latest versions of applications. • Folder redirection • Offline file storage

  5. Group Policy (Cont.) • The following managed settings can be defined or changed through Group Policies: • Scripts • Including logon, logoff, startup, and shutdown scripts • Windows Deployment Services (WDS) • Ms IE settings • Provide quick links and bookmarks for user accessibility, browser options such as proxy use, acceptance of cookies, and caching options • Security settings • Protect resources on computers in the enterprise

  6. Security group filtering • Allows you to apply GPO settings to only one or more users or groups within a container by selectively granting permission to one or more users or security groups

  7. Group Policy Objects (GPOs) • Local GPOs • Stored on the local computer in the %systemroot%/System32/GroupPolicy folder. • Local GPOs contain fewer options. • Do not support folder redirection or Group Policy software installation. • The local GPO is overwritten by the nonlocal GPO(AD-based), when in conflict • Domain GPOs • Start GPOs • GPO templates within AD

  8. Group Policy Objects (Cont.) • Nonlocal GPO are linked to sites, domains, or Ous. • GPOs are stored in two places: • Group Policy container (GPC) — An Active Directory object that stores the properties of the GPO. • Group Policy template (GPT) — Located in the Policies subfolder of the SYSVOL share, the GPT is a folder that stores policy settings, such as security settings and script files.

  9. Default Group Policies • When Active Directory is installed, two domain GPOs are created by default. • Default Domain Policy • It is linked to the domain, and its settings affect all users and computers in the domain. • Default Domain Controller Policy • It is linked to the Domain Controllers OU and its settings affect all domain controllers in the domain.

  10. Group Policy Management Console • Microsoft Management Console (MMC) snap-in • The GPMC was not pre-installed in Windows Server 2003; it needed to be downloaded manually from the Microsoft Web site. • The GPCM is included in Windows Server 2008 by default. • When you configure a GPO, you will use the Group Policy Management Editor, which can be accessed through the GPMC or through Active Directory Users and Computers.

  11. Group Policy Settings • Configuring Group Policy settings enables you to customize the configuration of a user’s desktop, environment, and security settings. • The actual settings are divided into two subcategories: • Computer Configuration • User Configuration

  12. Group Policy Settings (Cont.) • The Computer Configuration and the User Configuration nodes contain three subnodes: • Software Settings • Used to apply all the software settings regardless of the computer • Windows Settings • Used for define security settings and scripts. • Administrative Templates

  13. GPO Inheritance • You link a GPO to a domain, site, or OU or create and link a GPO to one of these containers in a single step. The settings within that GPO apply to all child objects within the object.

  14. Group Policy Processing (LSDOU) • Local policies • Site policies • Domain policies • OU Policies • Any conflicting GPO settings are overwritten by the later running GPO

  15. Understanding Group Policy Processing • The computer will obtain a list of GPOs during startup • Computer configuration settings are applied synchronously during computer startup before the Logon dialog box is presented to the user • Any startup scripts set to run during computer startup are processed. • Then user is prompted to press Ctrl+Alt+Del to log on

  16. Understanding Group Policy Processing • The user profile is loaded based on the Group Policy settings • A list of GPOs specific for the user is obtained from the domain controller. • User Configuration settings also are processed in the LSDOU sequence. • After the user policies run, any logon scripts run • The user's desktop appears after all policies and scripts have been processed.

  17. Configuring Exceptions to GPO Processing • Enforce • Forces a particular GPO’s settings to flow down through the Active Directory without being blocked by any child OUs. • Block Policy Inheritance • Configuring this setting on a container object such as a site, domain, or OU will block all policies from parent containers • Loopback Processing • Alternative method of obtaining the ordered list of GPOs to be processed for the user. • When set to Enabled, this setting has two options: Merge and Replace.

  18. GPUpdate Command • If you make changes to a group policy, users may not see changes take effect until: • They log off or log back in. • They Reboot the computer. • They wait 90 minutes (+/- 30 minutes) for stand-alone servers/workstations and 2 minutes for domain controllers. • To manually push group policies, you need to use the gpupdate command: Gpupdate /force

  19. Assignment • Matching • 1-10 • Multiple Choice • 1-10 • Online Lab 7

More Related