360 likes | 444 Views
Using Group Policy. Lesson 4. Skills Matrix. Skills Matrix. Skills Matrix. Understanding Group Policy. Group Policy is the collective set of policy settings for users, computers, and other entities within Active Directory as applied through Group Policy objects.
E N D
Using Group Policy Lesson 4
Understanding Group Policy • Group Policy is the collective set of policy settings for users, computers, and other entities within Active Directory as applied through Group Policy objects. • Group Policy objects (GPOs) are collections of settings that are applied through Active Directory. Understanding Group Policy
Understanding Group Policy Objects • Administrators LGPO – Settings in this LGPO are applied when an administrator logs on. • Non-Administrators LGPO – Settings in this LGPO are applied when a non-administrator logs on. • User-specific LGPOs – Each Windows Vista installation can have as many of these as there are local users. Understanding Group Policy
Understanding Group Policy Objects (cont.) • Local Group Policy objects are applied in the following order: • Administrators LGPO • Non-Administrators LGPO • User-specific LGPOs Understanding Group Policy
Understanding Group Policy Objects (cont.) • Active Directory Group Policy objects are applied in the following order: • GPOs linked to sites • GPOs linked to domains • GPOs linked to organizational units (OUs) Understanding Group Policy
Understanding Group Policy Objects (cont.) • GPO application order and scope can also be affected by the following: • Filtering by using security groups • Windows Management Instrumentation filters (WMI filters) • Blocking Group Policy inheritance Understanding Group Policy
Understanding Group Policy Objects (cont.) • GPO application order and scope can also be affected by the following: • Enforcing a GPO link • Disabling a GPO link Understanding Group Policy
What’s New in Group Policy for Windows Vista • In previous versions of Windows, there was only one LGPO per Windows installation. This made it difficult to administer non-domain attached computers, such as kiosk computers. • Windows Vista introduces more than 700 new Group Policy settings and has expanded other settings. Understanding Group Policy
Editing a GPO • You can use the Group Policy Object Editor to edit the policy settings in a GPO. • In the Start Search text box, type gpmc.msc, and then press Ctrl + Shift + Enter. A User Account Control dialog box appears. • Provide administrator credentials, and then click OK. The Group Policy Management console appears. Configuring Group Policy
Editing a GPO (cont.) • In the console tree, expand Forest: Forest Name > Domains > Domain Name > Group Policy Objects. • Right-click the Group Policy object that you want to edit, and then click Edit. The Group Policy Object Editor appears with the selected GPO loaded. Configuring Group Policy
Creating a GPO • Open the Group Policy Management console. • In the console tree of the Group Policy Management console, expand Forest: ForestName > Domains > DomainName. • Right-click Group Policy Objects, and then click New. The New GPO dialog box appears. Configuring Group Policy
Configuring Group Policy Creating a GPO (cont.) In the Name text box, type a name for the GPO and then click OK. The new GPO will appear in the console tree under the Group Policy Objects node.
Linking a GPO • GPOs can link to sites, domains, and OUs. • Open the Group Policy Management console. • In the console tree of the Group Policy Management console, right-click the site, domain, or OU to which you want to link a GPO, and then click Link and Existing GPO. The Select GPO dialog box appears. Configuring Group Policy
Configuring Group Policy Linking a GPO (cont.) In the Group Policy Objects list box, select the GPO that you want to link, and then click OK.
Changing GPO Link Order • GPOs are applied according to the link order. Open the Group Policy Management console. • In the console tree of the Group Policy Management console, select the site, domain, or OU for which you want to change the GPO link order. • In the details pane, select the link that you want to move in the list, and use the arrow buttons on the left to move the link up or down. Configuring Group Policy
Turning Off Local Group Policy • You can turn off local Group Policy through a setting in an Active Directory GPO. • Open the Group Policy Management console. • In the Group Policy Object Editor, expand Computer Configuration > Administrative Templates > System > Group Policy. Configuring Group Policy
Configuring Group Policy Turning Off Local Group Policy (cont.) In the details pane, right-click Turn off Local Group Policy objects processing, and then click Properties. Select Enabled, and then click OK.
Editing Local Group Policy Objects Selecting the Non-Administrators LGPO in the Browse for a Group Policy Object dialog box Configuring Group Policy
Using Gpupdate • Gpupdate is a command-line tool used to update Group Policy settings on Active Directory objects before the normal update process takes place. • gpupdate [/target:{computer|user}] [/force] [/wait:value] [/logoff] [/boot] Configuring Group Policy
Using the Group Policy Modeling Wizard • Group Policy Modeling – Simulates and reports on what Group Policy will be for selected configurations of users, computers, containers, security groups, and Windows Management Instrumentation (WMI) filters. Creating and Understanding Group Policy Modeling and Results Reports
Using the Group Policy Modeling Wizard (cont.) Selecting a domain controller in the Group Policy Modeling Wizard Creating and Understanding Group Policy Modeling and Results Reports
Using the Group Policy Modeling Wizard (cont.) Selecting a container in the Choose User Container dialog box Creating and Understanding Group Policy Modeling and Results Reports
Using the Group Policy Modeling Wizard (cont.) Summary of Selections page of the Group Policy Modeling Wizard Creating and Understanding Group Policy Modeling and Results Reports
Understanding Group Policy Modeling Reports • Group Policy Modeling reports – Contain all of the information you need to understand how a particular Group Policy scheme will work. Creating and Understanding Group Policy Modeling and Results Reports
Understanding Group Policy Modeling Reports (cont.) Summary tab summarizes the information gathered during the modeling process. Creating and Understanding Group Policy Modeling and Results Reports
Understanding Group Policy Modeling Reports (cont.) Settings tab contains the most pertinent information. Creating and Understanding Group Policy Modeling and Results Reports
Creating and Understanding Group Policy Modeling and Results Reports Viewing Group Policy Modeling Data in the RSoP Snap-in In the Group Policy Management console, expand Forest: ForestName > Group Policy Modeling. Right-click the Group Policy Modeling query for which you want to view RSoP data, and then click Advanced View. Close the Resultant Set of Policy console when you have finished.
Using the Group Policy Results Wizard Summary of Selections page for the Group Policy Results Wizard. Creating and Understanding Group Policy Modeling and Results Reports
Understanding Group Policy Results Reports • Group Policy Results reports contain all of the information you need to understand the Group Policy settings that are applied to a particular user on a particular computer. Creating and Understanding Group Policy Modeling and Results Reports
You Learned • Group Policy can be used to configure settings for groups of users and computers and other Active Directory objects. • Group Policy objects are collections of Group Policy settings and are the mechanism by which administrators configure Group Policy. • Group Policy in Windows Vista includes more than 700 new settings, as well as an expansion of some existing settings. Summary
You Learned (cont.) • You configure Group Policy by using the Group Policy Object Editor to edit GPOs and by using the Group Policy Management console to arrange the GPOs within Active Directory. • You learned how to create, edit, and link GPOs. • You learned how to change GPO link order. • You learned how to turn off local Group Policy. Summary
You Learned (cont.) • You learned how to edit LGPOs. • You learned how to use gpupdate to reapply all Group Policy settings. • Group Policy Modeling and Group Policy Results reports enable you to model Group Policy through simulation and determine actual Group Policy. These are essential tools in both testing Group Policy settings before rolling them out and in troubleshooting Group Policy issues. Summary
You Learned (cont.) • The Group Policy Modeling Wizard enables you to model Group Policy before rolling it out to either a production or a test environment. • You learned how to use the Group Policy Modeling Wizard. • You learned how to view Group Policy Modeling data in the RSoP Snap-in. • You learned how to use the Group Policy Results Wizard. Summary