1 / 16

Designing Group Policies for User and Computer Control

Learn how to design and implement group policies to control user and computer environments. Understand the application and deployment strategies to effectively manage settings.

cfontanez
Download Presentation

Designing Group Policies for User and Computer Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Goals • Design Group Policies to control the user environment • Design Group Policies to control the computer environment • Understand Group Policy application • Design a Group Policy administration strategy • Design a Group Policy deployment strategy

  2. (Skill 1) Designing Group Policies to Control the User Environment • Group Policy • Can be used to define a user’s desktop environment by managing various components • Contains two primary nodes • User Configuration: Affects environment associated with user accounts • Computer Configuration: Responsible for defining configuration changes to computer accounts (see Skill 2)

  3. (Skill 2) Designing Group Policies to Control the Computer Environment • Computer Configuration node • Responsible for defining configuration changes to computer accounts • Changes apply to the computer account regardless of the user that is logged in • Settings take precedence over user configuration settings if there is a conflict • Use same process to design computer configuration policies as used for designing user configuration policies

  4. (Skill 3) Understanding Group Policy Application • Role of Group Policy begins when a computer starts up and user logs on (see Figure 11-1 for description of process of computer startup and user logon) • Group Policies are inherited from parent containers to child containers • Possible to set a separate Group Policy for a child container to override settings it inherits from its parent container • Group Policies do not flow between domains • Exception: A Group Policy applied to a site affects all users and/or computers in the site, regardless of domain

  5. (Skill 3) Understanding Group Policy Application (2) • Processing sequence • If no conflicts within policies, all settings from all policies apply • If a conflict occurs, the policy to apply last wins • Sequence in which Group Policy settings are applied • Local GPO • Site GPO • Domain GPO • OU GPOs

  6. (Skill 3) Understanding Group Policy Application (3) • If more than one GPO is linked to a site, domain, or OU, policies are processed in reverse order (bottom to top) for each container • Exceptions to order in which GPOs are processed • If a computer belongs to a workgroup, it processes only local GPOs • If the No Override option is set for a GPO, no configured policy settings in the GPO can be overridden • In case of multiple GPOs set to No Override, the GPO that is highest in the Active Directory hierarchy gets highest priority; if multiple GPOs in a single container, the one at the bottom of the list wins

  7. (Skill 3) Understanding Group Policy Application (4) • If Block Policy Inheritance is set for a domain or OU, the GPOs above that point in the structure are blocked • If there is a conflict between No Override and Block Inheritance, No Override always wins • If Loopback settings are applied to a GPO list, the default GPO processing order is not maintained • Group Policies are never applied to Windows NT, 95, 98 or Windows Me computers

  8. (Skill 3) Figure 11-1 The sequence in which computer configuration and user configuration settings are applied

  9. (Skill 3) Figure 11-2 The GPO list

  10. (Skill 4) Figure 11-3 The components of GPO administration

  11. (Skill 5) Designing a Group Policy Deployment Strategy • Factors to consider when implementing Group Policy • Location of GPOs • Delegation of authority • Organization structure

  12. (Skill 5) Designing a Group Policy Deployment Strategy (2) • Major types of Group Policy implementation strategies • Centralized vs. decentralized GPO design • Functional role or team design • Delegation with central control design or distributed control design

  13. (Skill 5) Designing a Group Policy Deployment Strategy (3) • Centralized vs. decentralized GPO design • Centralized approach suggests organization network should be maintained by a small number of large GPOs • Decentralized approach uses separate GPOs for specific policy settings

  14. (Skill 5) Designing a Group Policy Deployment Strategy (4) • Functional role or team design • Uses functional roles of users in the organization to apply Group Policy • Create an OU structure that corresponds to the team structure of the organization • Create a GPO for each OU • Minimizes the number of GPOs to be used as each GPO caters to the needs of a group

  15. (Skill 5) Designing a Group Policy Deployment Strategy (5) • Delegation with central control design or distributed control design • Central control is based on delegating the administrative control of OUs to various administrators of an organization • As an example, create a GPO with specific desktop settings at the domain level • Settings would apply on all child containers, thus maintaining centralized control on the entire domain

  16. (Skill 5) Designing a Group Policy Deployment Strategy (6) • Resultant Set of Policy (RSoP) • Useful tool for troubleshooting Group Policies • Shows the effective Group Policy settings applied to a user, and the GPOs from which those settings are inherited • New feature in Windows Server 2003 • Similar to gpresult.exe, which is included in Windows 2000 Resource Kit for Windows 2000 domains

More Related