270 likes | 392 Views
Introduction to Group Policy. Lesson 7. Skills Matrix. Understanding the Benefits of Group Policy. Users can access their files, even when network connectivity is intermittent. This is accomplished by using folder redirection and offline files.
E N D
Introduction to Group Policy Lesson 7
Understanding the Benefits of Group Policy • Users can access their files, even when network connectivity is intermittent. This is accomplished by using folder redirection and offline files. • The user environment can be set up to be consistent, regardless of which workstation or location is used as the login computer. Lesson 7
Understanding the Benefits of Group Policy (cont.) • User files can be redirected to a server location that allows them to be backed up regularly, saving users from the headaches of lost data due to the failure of their workstations. • Applications that become damaged or need to be updated can be maintained automatically. Lesson 7
Understanding the Benefits of Group Policy (cont.) • Administrators have control over centralized configuration of user settings, application installation, and desktop configuration. • Problems due to missing application files and other minor application errors often can be alleviated by the automation of application repairs. Lesson 7
Understanding the Benefits of Group Policy (cont.) • Centralized backup of user files eliminates the need and cost of trying to recover files from a damaged drive. • The need to manually make security changes is reduced by the rapid deployment of new settings through Group Policy. Lesson 7
Defining Group Policy Architecture • Local GPOs • Domain GPOs • Starter GPOs • Group Policy container (GPC) • Group Policy template (GPT) Lesson 7
Viewing the Group Policy Container • In Active Directory Users and Computers, click the View menu. • Select Advanced Features, which allows you to see additional objects in Active Directory. • In the left console pane, expand the System folder. Lesson 7
Viewing the Group Policy Container (cont.) • In the System folder, locate the Policies folder and expand it by clicking the plus sign (+). Lesson 7
Viewing Group Policy Templates • \Machine • \Machine\Microsoft \WindowsNT\SecEdit • \Machine\Scripts • \User • \User\Applications • \User\Scripts Lesson 7
Creating and Linking a GPO to an OU • To create an OU for this exercise, go to a command prompt and key dsadd ou ou=Training,<DomainDN>. • Click Start, and then click Administrative Tools. • Click Group Policy Management Console. Lesson 7
Creating and Linking a GPO to an OU (cont.) • Click the plus sign (+) next to domain.com. • Right-click the Training OU. • Select Create a GPO in this domain, and link it here. Lesson 7
Creating and Linking a GPO to an OU (cont.) • Key a name for your GPO, and press Enter. • Expand the Group Policy Objects node. • Right-click the GPO that you just created, and click Edit. Lesson 7
Configuring Group Policy Settings • Software Settings • Windows Settings • Administrative Templates Lesson 7
Understanding Group Policy Processing Local policies Site policies Domain policies OU policies Lesson 7
Understanding Group Policy Processing (cont.) • When a computer is initialized during startup, it establishes a secure link between the computer and a domain controller. Then, the computer obtains a list of GPOs to be applied. • Computer configuration settings are applied synchronously during computer startup before the Logon dialog box is presented to the user. Lesson 7
Understanding Group Policy Processing (cont.) • Any startup scripts set to run during computer startup are processed. These scripts also run synchronously and have a default timeout of 600 seconds (10 minutes) to complete. • When the Computer Configuration scripts and startup scripts are complete, the user is prompted to press Ctrl+Alt+Del to log on. Lesson 7
Understanding Group Policy Processing (cont.) • Upon successful authentication, the user profile is loaded based on the Group Policy settings in effect. • A list of GPOs specific for the user is obtained from the domain controller. • User Configuration settings also are processed in the LSDOU sequence. Lesson 7
Understanding Group Policy Processing (cont.) • After the user policies run, any logon scripts run. Unlike the startup scripts, these scripts run asynchronously by default. • The user's desktop appears after all policies and scripts have been processed. Lesson 7
Configuring Exceptions to GPO Processing • Enforce • Block Policy Inheritance • Loopback Processing Lesson 7
You Learned • Group Policy consists of user and computer settings that can be implemented during computer startup and user logon. These settings can be used to customize the user environment, to implement security guidelines, and to assist in simplifying user and desktop administration. Group Policies can be beneficial to users and administrators. They can be used to increase a company's return on investment and to decrease the overall total cost of ownership for the network. Lesson 7
You Learned (cont.) • In Active Directory, Group Policies can be assigned to sites, domains, and OUs. By default, there is one local policy per computer. Local policy settings are overwritten by Active Directory policy settings. Lesson 7
You Learned (cont.) • Group Policy content is stored in an Active Directory GPC and in a GPT. Whereas the GPC can be seen using the Advanced Features view in Active Directory Users and Computers, the GPT is a GUID-named folder located in the systemroot\sysvol\SYSVOL\domain_name\ Policies folder. Lesson 7
You Learned (cont.) • The Default Domain Policy and the Default Domain Controller Policy are created by default when Active Directory is installed. • The Group Policy Management Console is the tool used to create and modify Group Policies and their settings. Lesson 7
You Learned (cont.) • GPO nodes contain three subnodes including Software Settings, Windows Settings, and Administrative Templates. Administrative templates are XML files with the .admx file extension. Over 100 ADMX files are included with Windows Server 2008. Lesson 7
You Learned (cont.) • The order of Group Policy processing can be remembered using the acronym LSDOU: local policies are processed first, followed by site, domain, and, finally, OU policies. This order is an important part of understanding how to implement Group Policies for an object. Lesson 7
You Learned (cont.) • Group Policies applied to parent containers are inherited by all child containers and objects. Inheritance can be altered by using the Enforce, Block Policy Inheritance, or Loopback settings. Lesson 7