Presentation on theme: "Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy."— Presentation transcript:
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy
Khan Rashid Overview The capabilities of group policies. Manage security using group policies. Manage users’ environment using group policies. Manage group policy implementation and interaction.
Khan Rashid The Capabilities of Group Policies Group policy tools. Group policy settings categories.
Khan Rashid Group Policy Tools Group Policy Object Editor (GPOE): –Is the most commonly used tool for working with the Group Policy Objects (GPOs). –Is a snap-in for the Microsoft Management Console (MMC).
Khan Rashid Group Policy Tools There are several methods of accessing the GPOE: –Through the properties of the scope of management (SOM) to which the GPO is linked. –By creating a new GPOE console.
Khan Rashid Group Policy Tools The Group Policy tab of the Domain Properties dialog box
Khan Rashid Group Policy Tools The Group Policy Object Editor Console
Khan Rashid Group Policy Tools Group Policy Management Console (GPMC): –Is the newest tool for working with GPOs. –Provides a single, unified interface for managing all aspects of all existing group policies within the domain. –Provides tools for analyzing and controlling the interaction of multiple policies.
Khan Rashid Group Policy Tools The Group Policy Management Console
Khan Rashid Group Policy Settings Categories Computer configuration settings. User configuration settings.
Khan Rashid Group Policy Settings Categories The computer and the user configuration settings are subdivided into the following categories: Software settings Windows settings Administrative templates
Khan Rashid Software Settings Software Settings in the Group Policy Object Editor
Khan Rashid Windows Settings The computer and the user configuration Windows settings are used to configure startup and shutdown scripts. The user configuration Windows settings provide fewer security settings than those available under computer configuration.
Khan Rashid Administrative Templates The administrative templates settings for computer and user configuration can be used to: Change the desktop. Modify the logon procedure. Remove items from the Start menu or the Control Panel.
Khan Rashid Manage Security Using Group Policies Security settings. Software restriction policies.
Khan Rashid Security Settings Password Policies and Their Default Domain Policy Settings
Khan Rashid Security Settings Kerberos policies: –Kerberos policies rarely need to be modified. –Kerberos security authenticates user accounts when users log on. –It also allows them to request services from the server without further authentication.
Khan Rashid Security Settings Account Lockout policies and Their Default Domain Policy Settings
Khan Rashid Software Restriction Policies Software restriction policies: –Are one of the new features of Windows Server 2003. –Help to block executing specific programs in a directory.
Khan Rashid Software Restriction Policies The GPO Console
Khan Rashid Software Restriction Policies Defining the Policy
Khan Rashid Software Restriction Policies New Path Rule
Khan Rashid Manage Users’ Environment Using Group Policy Policy Settings Breakdown for the Group Policy Administrative Templates
Khan Rashid Manage Users’ Environment Using Group Policy Administrative Templates First-Level Categories and Where They Are Found
Khan Rashid Manage Users’ Environment Using Group Policy The administrative templates settings can be used: –When the taskbar needs to be locked. –When an appropriate wallpaper needs to be used. –When access to Control Panel needs to be restricted.
Khan Rashid Manage Users’ Environment Using Group Policy Preventing Changes to Taskbar and Start Menu Settings
Khan Rashid Manage Users’ Environment Using Group Policy Setting Active Desktop Wallpaper
Khan Rashid Manage Users’ Environment Using Group Policy Restrict Access to the Control Panel
Khan Rashid Manage Group Policy Implementation and Interaction Applying group policy. Analyzing group policy interactions.
Khan Rashid Applying Group Policy Group Policy Object Options. Group Policy Object Properties.
Khan Rashid Group Policy Object Options The options in the Group Policy Object Options dialog box are: –No Override – Prevents any other settings from taking a higher priority. –Disabled – Does not allow the settings to be applied, if a GPO link is disabled.
Khan Rashid Group Policy Object Options The Group Policy Object Options dialog box
Khan Rashid Group Policy Object Properties The various tabs of the Properties dialog box for a GPO link are: General – Allows users to disable the computer and/or the used configuration settings. Links – Offers a Find Now button that searches and displays the sites, domains, and OUs to which the GPO is linked.
Khan Rashid Analyzing Group Policy Interactions Resultant Set of Policy (RSoP): –Is a group policy tool. –Analyzes all the policies that apply in a particular situation. –Reports the resultant policy.
Khan Rashid Analyzing Group Policy Interactions RSoP can be run in one of the following modes: –Planning –Logging
Khan Rashid Summary The various tools for working with the group policy objects (GPOs) are the Group Policy Object Editor (GPOE) and the Group Policy Management Console (GPMC). The GPO settings are divided into the user and the computer configuration settings. The user and the computer configuration settings are further divided into software settings, Windows settings, and administrative templates.
Khan Rashid Summary The most commonly used security settings are the account policies. Account policies include password, account lockout, and Kerberos policies. Software restriction policies help to block executing specific programs in an entire directory.
Khan Rashid Summary The five administrative templates files are System.adm, Inetres.adm, conf.adm, Wuau.adm, and Wmplayer.adm. Resultant Set of Policy (RSoP) is a tool for analyzing the effect of all applicable policies on a particular domain, site, OU, computer, or user.