Presentation is loading. Please wait.

Presentation is loading. Please wait.

7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

Published byFerdinand Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts."— Presentation transcript:

1 7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Goals  Identify the types of group accounts  Create local groups  Examine built-in groups  Create and modify groups using the Active Directory Users and Computers MMC snap-in  Find domain groups  Create Group Policy Objects (GPOs)  Identify the types of Group Policies  Modify software settings using GPO software policies  Redirect folders using GPOs

2 7.2 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Accounts  A group is a collection of user accounts or computers with similar rights and permissions  The users in a group are called members  Administrators can categorize users into groups based on the functions they perform and the requirements of their jobs so that they can easily manage multiple users as a single entity (Skill 1)

3 7.3 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Accounts (2) Two main types of groups  Security groups  Used to define the rights and permissions users will have to access resources on a computer or a network  Are listed in Discretionary Access Control Lists (DACLs)  Distribution groups  Used only for the distribution of messages by applications such as Microsoft Exchange Server  Cannot be used to assign permissions to users (Skill 1)

4 7.4 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Accounts (3) Group scope  When you create a group, you must specify the group scope  The group scope determines whether the group can be used to access resources in a specific domain or across domains in a network  There are three group scopes in a Windows Server 2003 environment  Domain local scope  Global scope  Universal group scope (Skill 1)

5 7.5 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Accounts (4) Domain local scope  A domain local group is created in Active Directory on a domain controller  The scope of a domain local group is the domain in which the group was created  You can add members to a domain local group from any domain (Skill 1)

6 7.6 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Accounts (5) Global scope  A global group has members with common network access requirements  Members can be drawn only from the domain where the global group was created  Permissions can be assigned to members for resources in any domain (Skill 1)

7 7.7 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-1 Group types and group scopes (Skill 1)

8 7.8 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Accounts (6) Universal group scope  A universal group is used when there are multiple domains in a forest  Members can be drawn from many different domains  Permissions can be assigned for resources in any domain  Universal groups are available only when Active Directory is running in Windows 2000 native mode or Windows Server 2003 mode (Skill 1)

9 7.9 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Accounts (7) Group nesting  Process of adding groups to other groups is called group nesting  Group nesting minimizes the number of times you need to assign permissions to multiple groups (Skill 1)

10 7.10 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-2 Nested groups (Skill 1)

11 7.11 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating Local Groups Types of local groups  Domain local groups  A domain local group is created and stored in Active Directory on a domain controller  It is used to manage and access resources in a domain  Local groups  A local group is formed to group local user accounts on stand-alone servers, member servers, and Windows 2000 or XP Professional workstations  You use them to assign permissions to resources only on the local computer (Skill 2)

12 7.12 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-3 Selecting users in the Select Users, Computers, or Groups dialog box (Skill 2)

13 7.13 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-4 The Locations dialog box To create a local group, select the name of your member server (Skill 2)

14 7.14 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-5 Adding members to the new group (Skill 2)

15 7.15 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating Local Groups (2)  The Computer Management console combines various administration utilities into a single console tree  View the list of users connected to a local or remote computer  Manage the local or remote computer  The Computer Management console has three nodes  System Tools node is used to monitor system events, view system information, view the hardware configuration, as well as manage shared folders, local users and groups  Storage node is used to view and manage the properties of a storage device such as a hard disk  Services and Applications node is used to view and manage the properties of a service, such as WINS, or an application running on your computer (Skill 2)

16 7.16 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-6 The new group displayed in the Computer Management console (Skill 2)

17 7.17 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-7 Nodes in the Computer Management console Used to monitor system events, view system information, view the hardware configuration, and manage shared folders and local users and groups (Skill 2)

18 7.18 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Introducing Built-in Groups  Windows Server 2003 includes default groups called built-in groups that have a preset collection of rights and permissions  Built-in groups can be used to manage common tasks performed by users  There are four types of built-in groups  Built-in local groups  Built-in domain local groups  Built-in global groups  Built-in system groups (Skill 3)

19 7.19 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Introducing Built-in Groups (2) Built-in local groups  Are created on all Windows Server 2003 computers  Are stored in the Builtin container in the Active Directory Users and Computers console (Skill 3)  Account Operators  Administrators  Backup Operators  Guests  Incoming Forest Trust Builders  Network Configuration Operators  Performance Log Users  Performance Monitor Users  Pre-Windows 2000 Compatible Access  Print Operators  Remote Desktop Users  Replicator  Server Operators  Users

20 7.20 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Introducing Built-in Groups (3) Built-in domain local groups  Are automatically created only on domain controllers  Cannot be deleted  Are stored in the Users container in the Active Directory Users and Computers console  The number of domain local groups is different on each domain controller, depending on the type of services the domain controller is running (Skill 3)  Cert Publishers  DHCP Administrators  DHCP Users  DnsAdmins  HelpServicesGroup  IIS_WPG (installed with IIS)  RAS and IAS Servers  TelnetClients  WINS Users

21 7.21 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Introducing Built-in Groups (4) Built-in global groups  Are automatically created on all domain controllers  Are stored in the Users container in the Active Directory Users and Computers console (Skill 3)  DnsUpdateProxy  Domain Admins  Domain Computers  Domain Controllers  Domain Guests  Domain Users  Group Policy Creator Owner  Enterprise Admins  Schema Admins

22 7.22 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Introducing Built-in Groups (5) Built-in system groups  Are populated with users based upon how they access a computer or a resource  Network administrators cannot add, modify, or delete user accounts because the operating system does so automatically (Skill 3)  Anonymous Logon  Authenticated Users  Creator Owner  Dial-up  Everyone  Interactive  Network  Terminal Server Users

23 7.23 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-8 Built-in local groups in the Computer Management console on a member server (Skill 3)

24 7.24 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-9 Built-in domain local groups in the Builtin container in the Active Directory Users and Computers console (Skill 3)

25 7.25 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-10 Built-in domain local groups in the Users container in the Active Directory Users and Computers console (Skill 3)

26 7.26 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-11 Built-in global groups in the Users container (Skill 3)

27 7.27 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-12 Built-in system groups in the Select Users or Groups dialog box (Skill 3)

28 7.28 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Introducing Built-in Groups (6)  In Windows 2000 mixed mode environments, the best practice is to use domain local and global groups following what is referred to as the A-G-DL-P strategy  You put user accounts (A) into global groups (G), put the global groups into domain local groups (DL), and grant permissions (P) to the domain local group  In Windows 2000 native mode or Windows Server 2003 mode, universal groups can be used to organize global groups from multiple domains so that they fit between global and domain local (A-G-U-DL-P) (Skill 3)

29 7.29 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating and Modifying Groups by using the Active Directory Users and Computers MMC Snap-in  Groups can be used effectively to manage large numbers of users and resources  Even in small environments, it is advised that you follow the Microsoft rule for creating groups and assigning permissions  While it takes a little more work to set up, in the long run it reduces effort to such a large degree that the extra setup effort is worth it (Skill 4)

30 7.30 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating and Modifying Groups by using the Active Directory Users and Computers MMC Snap-in (2)  After you have created a group, you can set its properties in the Properties dialog box for the group  Tabs used to set the properties for a group  General  Members  Member Of  Managed By  Object  Security (Skill 4)

31 7.31 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating and Modifying Groups by using the Active Directory Users and Computers MMC Snap-in (3)  Considerations when modifying group scopes  A domain local group can be converted to a universal group only if the domain local group does not contain another domain local group  A global group can be changed to a universal group only if the global group is independent and not a member of another group  Group scopes and group types can be changed only when the domain is operating in Windows 2000 native mode or Windows Server 2003 mode (Skill 4)

32 7.32 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-13 The Member Of tab in the Properties dialog box for a group Click to add the group to other groups in the domain or to add it to a universal group in another domain in the forest (Skill 4)

33 7.33 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-14 The Object tab Displays the path to the group in the domain (Skill 4)

34 7.34 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-15 The New Object-Group dialog box The pre- Windows 2000 group name is automatically filled in The three group scopes The two types of groups (Skill 4)

35 7.35 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-16 The new group in the Active Directory Users and Computers console The new group (Skill 4)

36 7.36 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-17 Adding a member to the group Member of the group Click to remove members from the group Click to add members to the group (Skill 4)

37 7.37 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-18 Choosing the Manager for the group Click to select a new manager Click to remove the existing manager of the group Click to view the properties for the manager’s account (Skill 4)

38 7.38 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-19 Changing the properties for a group The domain local group scope is disabled because a global group can be converted only to a universal group (Skill 4)

39 7.39 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating and Modifying Groups by using the Active Directory Users and Computers MMC Snap-in (4)  You use the same tools to automate or partially automate the process of group creation as you use to automate the process of user account creation  Scripting  Importation tools  You use Csvde.exe to import and export group objects into and out of Active Directory  You use Ldifde.exe to import and export group objects to and from.ldif files, which are supported by many third-party LDAP applications (Skill 4)

40 7.40 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating and Modifying Groups by using the Active Directory Users and Computers MMC Snap-in (5) ADSI Edit  An MMC snap-in used to add, delete, and move Active Directory objects  You can view and change the attributes for an object  After you create the MMC, right-click ADSI Edit and connect to the domain  Open the Properties dialog box for an object and edit one or more attributes (Skill 4)

41 7.41 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-20 Using csvde.exe to export a group (Skill 4)

42 7.42 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-21 The Group1 group exported and opened in Excel (Skill 4)

43 7.43 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-22 ADSI Edit (Skill 4)

44 7.44 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Finding Domain Groups  Active Directory contains information about all objects located on a network  Each Active Directory object has a unique set of attributes  On a network that has a large number of Active Directory objects, it becomes difficult for an administrator to remember the exact location of all of the objects  The administrator can use the object attributes to locate the objects (Skill 5)

45 7.45 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Finding Domain Groups (2) Locating objects in Active Directory  Use the Find dialog box in the Active Directory Users and Computers console  The Find dialog box provides various options you can use to search for Active Directory objects  When you search Active Directory for an object, the Find dialog box helps generate a Lightweight Directory Access Protocol (LDAP) query  The LDAP query searches the global catalog or the local domain for the specified object  The query then returns the queried information (Skill 5)

46 7.46 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Finding Domain Groups (3)  Requirements for locating objects using Active Directory  You must have Read permission for the objects you want to find  Your computers must have Windows Server 2003, Windows 2000, Windows XP, Windows NT with the Active Directory client, or Windows 95/98 with the Active Directory Client, IE 4.01 or later, and Active Desktop enabled  You can use the Advanced tab in the Find dialog box to make the search more specific (Skill 5)

47 7.47 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-23 The Find dialog box The name of the Find dialog box will change according to the object type you select (Skill 5)

48 7.48 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-24 Searching for printers, computers, or people using the Search tool on the Start menu Users will generally use the Search option on the Start menu because for the most part they will not have access to the Active Directory Users and Computers console (Skill 5)

49 7.49 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-25 Finding objects in the Users container (Skill 5)

50 7.50 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-26 Specifying search attributes Specify the object type you want to find Specify the domain or OU you want to search: Entire Directory will search all domains in the forest Specify the path to the container you want to search (Skill 5)

51 7.51 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-27 Filtering the search results Results appear in the bottom white panel (Search results list) (Skill 5)

52 7.52 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating Group Policy Objects  Group Policies are used to control the computer configuration, user environment, and account policies such as the minimum password length and length of time a password can be used  Network administrators apply Group Policies  To centrally manage configuration settings for groups of users or computers  To control the distribution of software applications in a domain (Skill 6)

53 7.53 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating Group Policy Objects (2)  Group Policies are applied to objects in Active Directory to control how they and their child objects will function  There are both user settings and computer settings, which can also affect the rights that are given to user accounts and groups  The idea is to enforce uniform corporate policies on a portion of the network (Skill 6)

54 7.54 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating Group Policy Objects (3) Group Policy structure  Group Policy Objects (GPOs) contain all Group Policy settings that are applied to users and computers  Group Policy Containers (GPCs) contain the properties associated with a GPO  Group Policy Templates (GPTs) contain the Group Policy settings associated with administrative templates, security settings, scripts, and software settings (Skill 6)

55 7.55 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating Group Policy Objects (4) Group Policy Objects (GPOs)  Store all Group Policy settings that are applied to users and computers, along with the properties associated with the objects in the Active Directory store  The policy settings for sites, domains, and organizational units are also stored in GPOs  To create a GPO for a domain or an organizational unit, you use either the Active Directory Users and Computers console or the new Group Policy Management console (GPMC), which must be downloaded from Microsoft  Types of GPOs  Local  Active Directory-based (Skill 6)

56 7.56 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating Group Policy Objects (5) Group Policy Containers (GPCs)  Store properties associated with a GPO  Group Policy settings for both users and computers that are small and for the most part static are stored in a GPC Group Policy Templates (GPTs)  Store Group Policy settings associated with administrative templates, security settings, scripts, and software settings  This data is dynamic and takes up more storage space, so it is stored in a folder structure in the %systemroot %\SYSVOL \Sysvol \ \Policies folder on a domain controller (Skill 6)

57 7.57 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Creating Group Policy Objects (6) Group Policy Management Console (GPMC)  Designed as a comprehensive tool for Group Policy administration for Windows Server 2003 and Windows 2000 domains  Provides administrators with the ability to back up, restore, import, and copy/paste GPOs, as well as create, delete, and rename them  Used to link GPOs, search for GPOs, and to delegate Group Policy-related features (Skill 6)

58 7.58 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-28 Download the GPMC (Skill 6)

59 7.59 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-29 Creating a GPO (Skill 6)

60 7.60 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-30 The New GPO dialog box (Skill 6)

61 7.61 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-31 New Group Policy Object in a domain The new GPO, as listed in the Group Policy Object Links column (Skill 6)

62 7.62 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Policies Types of Group Policies  In the Windows Server 2003 environment, there are different types of Group Policies categorized according to the different network components and Active Directory objects they influence  Most Group Policies are used to update and manage Registry configuration data  Use the Group Policy Object Editor snap-in to modify the default settings for Group Policies according to your requirements (Skill 7)

63 7.63 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Policies (2)  Group Policy Object Editor  Computer Configuration node  Software Settings configuration setting node  Windows Settings node  Administrative Templates node  User Configuration node  Group Policy settings applied in the Computer Configuration node affect the computer objects to which they are applied (Skill 7)

64 7.64 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Policies (3) Computer Configuration nodes  Software Settings configuration setting node  Used to determine the applications that will be distributed to computers via a GPO  You use software settings to assign applications to computers  Windows Settings node  Contains two divisions for computers: Scripts and Security Settings  Use scripts to automate repetitive tasks  Administrative Templates node  Used to define Registry settings that control the behavior and appearance of the desktop, as well as other Windows Server 2003 components and applications  There are four folders under Administrative Templates: Windows Components, System, Network, and Printers (Skill 7)

65 7.65 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-32 Scripts Group Policy for computers (Skill 7)

66 7.66 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-33 Security Settings for computers (Skill 7)

67 7.67 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-34 Group Policy settings for Offline Files (Skill 7)

68 7.68 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-35 Opening a link to the Default Domain Controllers Policy GPO (Skill 7)

69 7.69 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-36 The Allow log on locally Properties dialog box (Skill 7)

70 7.70 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-37 The Add User or Group dialog box Figure 7-38 Allow log on locally user right assigned to a user (Skill 7)

71 7.71 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Policies (4) Group Policy  Can be applied to users and computers  Can be applied at the site, domain, or OU level  Application of Group Policy Objects  Every computer has one Group Policy Object that is stored locally  The Local Group Policy Object (LPGO) is applied first  Then, GPOs assigned to the site are processed  Next, policies assigned to the domain are processed  Finally, policies assigned to OUs and child OUs are processed  Policy settings are cumulative due to inheritance (Skill 7)

72 7.72 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Policies (5) Understanding how GPO settings are applied  If a GPO is assigned to the parent container, but not the child container, the parent container GPO setting applies  If a GPO is assigned to both the parent container and the child container, and there is no conflict, both parent and child GPOs apply  If a GPO is assigned to both the parent container and the child container, and there is a conflict, the child container setting applies  These are the rules unless there is a conflict between a user setting and a computer setting; then the computer setting is applied (Skill 7)

73 7.73 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Identifying the Types of Group Policies (6) Blocking inheritance  You can modify the default behavior or inheritance by using the Block Inheritance option  You can block inheritance for the GPO links for an entire domain, for all domain controllers, or for a particular OU (Skill 7)

74 7.74 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-39 Blocking Inheritance (Skill 7)

75 7.75 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-40 Disabling a GPO link (Skill 7)

76 7.76 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-41 Changing the order of precedence Move link to top Move link up Move link down Move link to bottom (Skill 7)

77 7.77 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Modifying Software Settings Using GPO Software Policies  Group Policies are used to assign and publish applications to groups of users or computers  Applications can be assigned to either users or computers, but they can be published only to users  After you have created the GPO, you can manage the software deployed to users and computers centrally in the Group Policy Object Editor  The Group Policy Object Editor has two parent nodes used to set Group Policies for users or computers: User Configuration and Computer Configuration (Skill 8)

78 7.78 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Modifying Software Settings Using GPO Software Policies (2) User Configuration node  Used to set Group Policies for users, which are applied when the user logs on to the domain  Used to modify the settings for the desktop, applications, and security  Used to assign and publish applications, set Group Policies to redirect folders, and set scripts for the logon and logoff processes (Skill 8)

79 7.79 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Modifying Software Settings Using GPO Software Policies (3) Computer Configuration node  Used to set Group Policies for computers that are members of the domain, OU, or site, depending on where the GPO is configured  These Group Policies are applied when the operating system initializes  Used to modify Group Policies related to the operating system, applications, and security controls for a computer (Skill 8)

80 7.80 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-42 The Computer Configuration and User Configuration nodes (Skill 8)

81 7.81 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-43 Assigning permissions to users Administrators have Full Control access permission Everyone has Read permission (Skill 8)

82 7.82 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-44 Selecting the application to be published (Skill 8)

83 7.83 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-45 The Deploy Software dialog box Select to publish and assign applications Select to publish applications Select to assign applications (Skill 8)

84 7.84 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-46 A published application in the Group Policy Object Editor Used to assign or publish applications to users Deployment state of the application (Skill 8)

85 7.85 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Redirecting Folders Using GPOs Folder Redirection  Allows you to take the most common folders and redirect them to a network server  This means that rather than downloading the full folder at logon, your users are browsing the remote folder, just as if they were browsing a network share  When a user opens an item in a redirected folder, the individual item is downloaded (Skill 9)

86 7.86 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Redirecting Folders Using GPOs (2) Folder Redirection  Saves considerable network bandwidth  Significantly reduces the logon time for users with large profiles  You can redirect folders over a network using the Folder Redirection extension located in the Windows Settings folder.  This folder resides in the User Configuration node in the Group Policy Object Editor (Skill 9)

87 7.87 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-47 Special folders available for redirection (Skill 9)

88 7.88 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-48 The Target tab The Basic setting will redirect everyone’s folder to the same location (Skill 9)

89 7.89 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-49 The Specify Group and Location dialog box Use to specify the security group for Folder Redirection Use to specify the location of the redirection folder on the network (Skill 9)

90 7.90 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-50 Entering the security group and the location of the redirection folder The security groups to which Folder Redirection is applied can be selected, edited, or removed here (Skill 9)

91 7.91 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts Figure 7-51 The Settings tab (Skill 9) This option leaves the redirected folder in the new location even after GPO is removed

Download ppt "7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts."

Similar presentations

MOAC : Installing and Configuring Windows Server 2012

MOAC : Installing and Configuring Windows Server 2012
Chapter 8 Configuring Group Policies

Chapter 8 Configuring Group Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
7.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
1 Chapter 1 Introduction to Windows Server 2003. 2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Lesson 16: Creating Group Policy Objects

Lesson 16: Creating Group Policy Objects
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

Similar presentations

Ads by Google