1 / 31

Module 4 Planning for Group Policy

Module 4 Planning for Group Policy. Module Overview. Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group Policy Objects Planning the Management of Client Computers. Lesson 1: Planning Group Policy Application.

maille
Download Presentation

Module 4 Planning for Group Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 4 Planning for Group Policy

  2. Module Overview • Planning Group Policy Application • Planning Group Policy Processing • Planning the Management of Group Policy Objects • Planning the Management of Client Computers

  3. Lesson 1: Planning Group Policy Application • Demonstration: Reviewing and Modifying Group Policy Settings • Considerations for Group Policy Application • Group Policy Application Exceptions • New Group Policy Features in Windows Server 2008

  4. Demonstration: Reviewing and Modifying Group Policy Settings • In this demonstration, you see how to: • Review and modify Group Policy settings

  5. Considerations for Group Policy Application Considerations • Computer settings are processed when the computer starts • User settings are processed when a user logs on • Speed up processing by disabling unnecessary parts of a GPO • GPOs are cached and updated at timed intervals

  6. Group Policy Application Exceptions The Group Policy application exceptions are: • Slow link processing • Cached credentials • Remote Access connections • Moved computer or user objects

  7. New Group Policy Features in Windows Server 2008 The Group Policy features are: • New policies • Power management settings • Blocking device installation • Firewall and IPSec settings • Internet Explorer settings • Location-based printing • Delegation of printer driver installation • ADMX templates • Network Location Awareness

  8. Lesson 2: Planning Group Policy Processing • Considerations for Active Directory Structure • Considerations for Using Filtering • Considerations for Modifying Inheritance • Considerations for Using Loopback Processing • Demonstration: Modifying Group Policy Processing

  9. Considerations for Active Directory Structure Site GPO2 GPO3 Domain GPO4 OU GPO1 Local policy GPO5 OU OU

  10. Considerations for Using Filtering Security Filtering: WMI Filtering • Controls the application of GPOs based on security groups • Can simplify OU planning • Controls the application of GPOs based on computer characteristics • Can be used to control software distribution Filtering is applied to a GPO and not links

  11. Considerations for Modifying Inheritance Considerations • Blocking inheritance is not selective, all GPOs are blocked • Use enforcement to enforce organization-wide standards • You cannot enforce a filtered GPO

  12. Considerations for Using Loopback Processing Considerations • Loopback processing is for special use computers • Use merge mode to apply additional restrictions • Use replace mode to apply the same settings to all users • To provide less restrictive settings, use replace mode • Use loopback processing to secure Terminal Servers

  13. Demonstration: Modifying Group Policy Processing • In this demonstration, you will see how to: • Modify Group Policy processing

  14. Lesson 3: Planning the Management of Group Policy Objects • Considerations for Administering Group Policy Objects • What Are Starter GPOs? • Considerations for Reusing or Copying GPOs • Considerations for Backing Up and Restoring GPOs • Considerations for Delegating Management of GPOs • Discussion: Managing Group Policy

  15. Considerations for Administering Group Policy Objects Considerations • GPMC can be installed on Windows Vista SP1 • A GPO is stored in Active Directory and SYSVOL • New GPOs must be replicated to all domain controllers • ADMX templates reduce GPO size • Create a central store for ADMX templates • ADMX templates are easier to extend than ADM templates • ADMX templates can be used only by Windows Server 2008 and Windows Vista • Migrate customized ADM templates to ADMX templates by using the ADMX migrator • Use Group Policy tools for troubleshooting and planning

  16. What Are Starter GPOs? Starter GPOs are GPO templates that contain administrative templates settings • You can use starter GPOs: • To standardize GPO creation • To move GPOs easily between domains • To distribute customized settings to partners

  17. Considerations for Reusing or Copying GPOs • A single GPO linked to multiple locations allows for centralized management • You should carefully control the permission on a GPO that is linked to multiple locations • It is difficult to synchronize settings between multiple GPOs • For common settings, use a single GPO linked to multiple locations • For unique settings, use an individual GPO for an OU

  18. Considerations for Backing Up and Restoring GPOs • System state backups of a domain controller are difficult to recover GPOs from • Backup of GPO with GPMC before making changes • GPO backups can be scheduled with scripts • Only Read permissions are required to back up a GPO • Restoring from backup includes filtering information • Importing settings from backup does not include filtering information • GPO backups can contain multiple versions

  19. Considerations for Delegating Management of GPOs • You can use GPMC to delegate permissions for managing GPOs • Members of Domain Admins and Group Policy Creator Owners group can create GPOs • Members of Domain Admins, Enterprise Admins, and domain local Administrators can link GPOs in a domain • Members of Domain Admins and Enterprise Admins can edit GPOs

  20. Discussion: Managing Group Policy • Who is responsible for managing Group Policy in your organization? • Does your organization back up GPOs? • Does your organization have a need to standardize GPOs by using starter policies?

  21. Lesson 4: Planning the Management of Client Computers • Why Manage Client Computers? • Methods for Managing Client Computers • Considerations for Using Group Policy Preferences • Demonstration: Using Group Policy Preferences • Considerations for Deploying Software by Using Group Policy • Considerations for Using Scripts • Considerations for Using Folder Redirection

  22. Why Manage Client Computers? Managing client computers saves time and money for the organization by: • Distributing applications • Enforcing security settings • Enforcing application settings • Standardizing the user environment

  23. Methods for Managing Client Computers The methods for managing client computers are: • Group Policy settings • Group Policy preferences • Scripts • Windows Server Update Services • System Center Configuration Manager

  24. Considerations for Using Group Policy Preferences • You can use both Group Policy settings and Group Policy preferences • Preference settings are not enforced and can be modified by the user • Application of Group Policy preferences is supported for Windows XP with SP2, Windows Vista, Windows Server 2003 with SP1, and Windows Server 2008 • Use the Data Sources node to easily add or modify ODBC data sources for applications • Use the Drive Maps node as an alternative to mapping drive letters by using a logon script • Use the Start Menu and Shortcuts node to standardize the ways of starting applications • Use the Internet Settings node to standardize the configuration of Internet Explorer • Use targeting to determine which users and computers a preference item will apply to

  25. Demonstration: Using Group Policy Preferences • In this demonstration, you see how to: • Use Group Policy preferences

  26. Considerations for Deploying Software by Using Group Policy • Assign an application to create a Start Menu shortcut • Assign an application to a computer to install before use • Assign an application to a user or publish it to limit disk utilization • Enable document activation to automatically install the application required to open a document • Use categories to organize published applications • Use transform files to customize installation • Use mandatory upgrades to keep application versions consistent • Use forced removal to remove applications from computers

  27. Considerations for Using Scripts Scripts can be written in any scripting language supported by the client computer • Considerations: • Logon scripts are commonly used for mapping drive letters • Use Group Policy to implement logon scripts • Startup and shutdown scripts can be used for computer-specific tasks • Group Policy scripts should be stored on SYSVOL

  28. Considerations for Using Folder Redirection • My Documents is not the only folder that can be redirected • Folder redirection simplifies backup of user data • Folder redirection reduces the size of user profiles • Redirect My Documents to a home folder for private storage • Redirect My Documents to a departmental share for shared storage • Allow folder permissions to be configured automatically • Use offline files with folder redirection

  29. Lab: Planning for Group Policy • Exercise 1: Creating a Group Policy Plan • Exercise 2: Implementing Group Policy Logon information Estimated time: 60 minutes

  30. Lab Scenario • Adatum has never implemented Group Policy other than for basic password configuration in the domain using the default GPOs. After attending a recent seminar, the IT manager wants to use Group Policy more effectively for the organization. • You have been tasked with creating a plan for implementing Group Policy.

  31. Module Review and Takeaways • Review Questions

More Related