9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Slides:



Advertisements
Similar presentations
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Advertisements

Managing User Settings with Group Policy
Chapter 8 Configuring Group Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 16: Creating Group Policy Objects
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Introduction to Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 12: Deploying and Managing Software with Group Policy.
8.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.
Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Managing User Desktops with Group Policy
Overview Introduction to Managing User Environments Introduction to Administrative Templates Using Administrative Templates in Group Policy Assigning Scripts.
Module 6: Implementing Group Policy. Overview Implementing Group Policy Objects Implementing GPOs in a Domain Managing the Deployment of Group Policy.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
11.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning.
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
Module 6: Configuring User Environments Using Group Policy.
Module 7 Configure User and Computer Environments By Using Group Policy.
Planning a Group Policy Management and Implementation Strategy Lesson 10.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Module 5: Implementing Group Policy
Page 1 System and Group Policies Lecture 7 Hassan Shuja 11/02/2004.
Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.
Active Directory Group Policy. Group Policy Overview  Successor to NT policies Much more flexible  Only applies to 2000 workstations Use old style policies.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
1 Group Policies (Week 11, Monday 3/19/2007) © Abdou Illia, Spring 2007.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
Implementing Group Policy
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.
Implementing a Group Policy Infrastructure
11 INTRODUCTION TO GROUP POLICY Chapter 7. Chapter 7: INTRODUCTION TO GROUP POLICY2 WHAT CAN YOU DO WITH GROUP POLICY?  Control the user environment.
Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Windows Server 2003 群組原則設定與管理 林寶森
GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.
Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.
Planning a Group Policy Management and Implementation Strategy
Introduction to Group Policy
Planning a Group Policy Management and Implementation Strategy
Presentation transcript:

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Goals  Introduce Group Policy  Introduce the types of Group Policy settings and the GPMC  Identify the role of a Group Policy at startup and logon  Plan a Group Policy implementation  Create a Group Policy Object  Delegate control for a Group Policy Object

9.2 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  An administrator must monitor user and computer settings regularly to make sure that they conform to the corporate standards  Group Policy is the primary Active Directory tool used by administrators to set the standard behavior for users’ desktops and to enforce those requirements (Skill 1) Introducing Group Policy

9.3 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Using Group Policies  Administrators define the work environment settings once  The settings are applicable regardless of the user’s location  Administrators can apply GPOs to various Active Directory containers to implement rules at various levels  To do this, you simply link the GPO to one of these containers Introducing Group Policy (2) (Skill 1)

9.4 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Group Policy is also referred to as a Group Policy Object (GPO)  A GPO is a storage place for a collection of Group Policy settings that enable an administrator to control various aspects of the computing environment  All Group Policy settings are stored in a GPO along with the properties associated with the objects in the Active Directory store Introducing Group Policy (3) (Skill 1)

9.5 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Policy settings for sites, domains, and organizational units are stored in GPOs  To create a GPO for a domain or an OU  Use the Active Directory Users and Computers console  Use the Group Policy Management Console (GPMC) Introducing Group Policy (4) (Skill 1)

9.6 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  To create a GPO for a site  Use the Active Directory Sites and Services console  Use the Group Policy Management Console (GPMC), which combines the functionality of various consoles  Active Directory Users and Computers  Active Directory Sites and Services  ACL Editor  Delegation Wizard  Resultant Set of Policy tool Introducing Group Policy (5) (Skill 1)

9.7 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-1 Download the GPMC (Skill 1)

9.8 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Two types of GPOs  Local GPOs are stored on each Windows Server 2003 computer  Active Directory-based GPOs  Are stored on a domain controller in the Active Directory environment  Are replicated to all domain controllers in the domain Introducing Group Policy (6) (Skill 1)

9.9 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  GPO is made up of two parts  Group Policy Container (GPC)  GPO attributes  Extensions  Version information  Group Policy Template (GPT)  Collection of folders  Stored on each Windows Server 2003 domain controller Introducing Group Policy (7) (Skill 1)

9.10 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Group Policy Container (GPC)  An Active Directory component that contains GPO attributes, extensions, and version information  Domain controllers use this information to make sure they are using the most recent version of the GPO and to apply permissions to the GPO  For each GPO, there is a GPC container stored in the System\Policies folder in the Active Directory Users and Computers console  Each GPC container is identified by the Globally Unique Identifier (GUID) for the GPO Introducing Group Policy (8) (Skill 1)

9.11 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-2 GPC containers in the Active Directory Users and Computers console (Skill 1)

9.12 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Group Policy Template (GPT)  A collection of folders stored on each Windows Server 2003 domain controller in the folder %Systemroot%\SYSVOL\sysvol\ \Policies  For each GPO, a folder hierarchy composed of the physical files and settings required by the GPO is automatically created  These settings are applied to the Windows 2000, Windows Server 2003, and Windows XP clients on a network Introducing Group Policy (9) (Skill 1)

9.13 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Group Policy Template (GPT)  Contains all of the Registry entries, as well as the associated files and folder required to implement the various GPO functions  Like the GPC container, the GPT folder is identified by the GUID for the GPO Introducing Group Policy (10) (Skill 1)

9.14 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-3 The Add Standalone Snap-in dialog box (Skill 1)

9.15 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-4 The Group Policy Wizard (Skill 1)

9.16 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-5 The Add/Remove Snap-in dialog box (Skill 1)

9.17 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-6 Configuring Local Computer Policy (Skill 1)

9.18 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Group Policy settings are divided into two categories  Computer Configuration settings  These settings refer to Group Policies that apply to computers, regardless of what user logs on  These settings apply to a computer during the initialization of the operating system  User Configuration settings  These settings refer to Group Policies for users, regardless of what computer the users log on to  These settings apply at user logon Introducing the Types of Group Policy Settings and the GPMC (Skill 2)

9.19 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Both Computer Configuration settings and User Configuration settings contain three main containers that include a number of related policies  Software Settings  Windows Settings  Administrative Templates Introducing the Types of Group Policy Settings and the GPMC (2) (Skill 2)

9.20 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-7 The three main categories of User Configuration and Computer Configuration Group Policy (Skill 2)

9.21 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Software Settings  This configuration setting node is used to determine the applications distributed to computers or users via a GPO  You use Software Settings to assign applications to computers or to assign or publish applications to users  If you use the Computer Configuration node to assign an application to a computer, the application appears on the Start menu for all computers in the domain, site, or OU Introducing the Types of Group Policy Settings and the GPMC (3) (Skill 2)

9.22 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Software Settings  If you publish an application to users, it appears in the Add/Remove Programs Wizard for all users in the domain, site, or OU  If you assign an application to users using the User Configuration node  It displays on the Start menu for all users in the site, domain, or OU  It does not install until the user invokes it  This functionality is called “advertising” Introducing the Types of Group Policy Settings and the GPMC (4) (Skill 2)

9.23 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-8 Software installation (Skill 2)

9.24 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Windows Settings  In the Computer Configuration node, the Windows Settings node contains the Scripts and Security Settings extensions  Scripts extension: Used to specify startup and shutdown scripts for computers, as well as logon and logoff scripts for users on a network  Security Settings extension: Used by administrators to configure security settings for the local computer or for a GPO Introducing the Types of Group Policy Settings and the GPMC (5) (Skill 2)

9.25 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-9 Scripts (Skill 2)

9.26 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Windows Settings  In the User Configuration node, the Windows Settings node has five folders  Remote Installation Services  Scripts  Security Settings  Internet Explorer Maintenance  Folder Redirection Introducing the Types of Group Policy Settings and the GPMC (6) (Skill 2)

9.27 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Windows Settings  Remote Installation Services Group Policies control the RIS installation options available to the user when the Client Installation Wizard is initiated  Folder Redirection Group Policies relocate special folders, such as My Documents, Start Menu, or Desktop  You can redirect these folders from their default locations in a user profile to alternate locations Introducing the Types of Group Policy Settings and the GPMC (7) (Skill 2)

9.28 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-10 Types of Folder Redirection policies (Skill 2)

9.29 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Administrative Templates  Contains all Registry-based Group Policy settings, including settings for Windows Components, System, and Network  Group Policy settings for Printers are available only in the Computer Configuration container  Other settings, including Start Menu and Taskbar, Desktop, Control Panel, and Shared Folders are available only in the User Configuration container Introducing the Types of Group Policy Settings and the GPMC (8) (Skill 2)

9.30 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-11 Types of Administrative Templates policies (Skill 2)

9.31 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Group Policy Management Console (GPMC)  Comprehensive tool for Group Policy administration for Windows 2000 and Windows Server 2003 domains  Provides administrators with the ability to backup, restore, import, and copy/paste GPOs, as well as to create, delete, and rename them  Use it to link GPOs and search for GPOs  Use it to delegate Group Policy-related features and for policy-related permission for sites, domains, and OUs Introducing the Types of Group Policy Settings and the GPMC (9) (Skill 2)

9.32 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-12 Group Policy Objects in the GPMC (Skill 2)

9.33 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  GPMC installation requirements  Requires Windows Server 2003 or Windows XP Service Pack 1 or above computers  To run the tool on Windows XP Service pack 1 or above computers, you must also install the QFE update Q and the Microsoft.NET Framework  The domain controllers must all be running Windows 2000 Service Pack 2 or later Introducing the Types of Group Policy Settings and the GPMC (10) (Skill 2)

9.34 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  GPMC requirements for domain controllers  GPMC requires that all LDAP communications be signed and encrypted  To access domain controllers in an external forest, they must be running Windows 2000 Service Pack 3 or later  If you want to access domain controllers in an external forest that are not yet running Service Pack 3 or later, edit the Registry on the computer running GPMC to relax LDAP signing and encryption requirements Introducing the Types of Group Policy Settings and the GPMC (11) (Skill 2)

9.35 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  System Policies  Used in Windows 9.x and Windows NT to change Registry settings and to control the user environment  Still useful for managing Windows 9x and NT computers  Windows 9.x: you can run the Poledit.exe version on the Windows 98 installation CD to create config.pol files  Windows NT 4.0 Workstation or Server: use the Windows NT System Policy Editor or the Poledit.exe included with Windows Server 2003 to create config.pol files Introducing the Types of Group Policy Settings and the GPMC (12) (Skill 2)

9.36 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  System Policies  System Policy Editor (Poledit.exe) has been mostly replaced by Group Policy in Windows 2000 and Windows Server 2003  If you create policy settings with Windows Server 2003 version, you cannot edit them using the Windows NT 4.0 version Introducing the Types of Group Policy Settings and the GPMC (13) (Skill 2)

9.37 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-13 The System Policy Editor (Skill 2)

9.38 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Each of the Group Policy Object Editor extensions is a MMC snap-in extension itself  All Group Policy setting folders are loaded by default when Group Policy Object Editor is started  You can create custom consoles for each of these extensions  Use the Microsoft Management Console folder in the User Configuration\Administrative Templates container in the Group Policy Object Editor to apply these policies Introducing the Types of Group Policy Settings and the GPMC (14) (Skill 2)

9.39 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-14 The Microsoft Management Console folder (Skill 2)

9.40 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  The role of a Group Policy begins when a computer starts up or when a user logs on  During startup and logon, both Computer Configuration and User Configuration settings are applied in a specific sequence Identifying the Role of a Group Policy at Startup and Logon (Skill 3)

9.41 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-15 The sequence in which Computer Configuration and User Configuration settings are applied (Skill 3)

9.42 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Every computer has one GPO that is stored locally  This local Group Policy Object (LPGO) is applied first  The processing sequence becomes very important when dealing with multiple policies  If there are no conflicts between the policies, all settings from all of the policies apply  However, if a conflict occurs the policy to apply last wins Identifying the Role of a Group Policy at Startup and Logon (2) (Skill 3)

9.43 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Sequence in which Group Policy settings are processed  Local GPO  Site GPOs  Domain GPOs  OU GPOs (LSDOU) Identifying the Role of a Group Policy at Startup and Logon (3) (Skill 3)

9.44 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  If more than one GPO is linked  The policies are processed in reverse order for each individual container  This is done so that the policy that is considered to be the most important is displayed at the top of the list of all GPOs applied to a particular container Identifying the Role of a Group Policy at Startup and Logon (4) (Skill 3)

9.45 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Like files and folders, Group Policies are also inherited from parent containers to child containers  You can specifically set a separate Group Policy setting for a child container to override the settings it inherits from its parent container  It is extremely important to note that like OU structures, Group Policies do not flow between domains Identifying the Role of a Group Policy at Startup and Logon (5) (Skill 3)

9.46 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Group Policy applied to a parent domain  Does not apply to its child domain or domains  The only container that can apply Group Policies to multiple domains is the site container  Group Policy applied to a site  Affects all users and computers in the site, regardless of domain  For this reason, you must be an Enterprise Admin in order to apply a Group Policy to a site Identifying the Role of a Group Policy at Startup and Logon (6) (Skill 3)

9.47 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Exceptions to the order in which GPOs are processed  If a computer belongs to a workgroup, it processes only local GPOs  You can modify the default behavior using the Block Inheritance option, but this can make GPO administration more complicated and it should be used sparingly  You can block inheritance for GPO links for an entire domain, for all domain controllers, or for an OU Identifying the Role of a Group Policy at Startup and Logon (7) (Skill 3)

9.48 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy (Skill 3) Figure 9-16 Blocking Inheritance for the GPO links for all domain controllers

9.49 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Exceptions to the order in which GPOs are processed  The default order for processing Group policy settings is also affected when you set the GPO link to Enforced  Policy settings in the GPO link take precedence over child object settings  Gives the parent GPO link precedence so that the default behavior does not apply (formerly called the No Override option)  GPO administration is more complex  GPOs cannot have their inheritance blocked Identifying the Role of a Group Policy at Startup and Logon (8) (Skill 3)

9.50 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-17 The Enforced setting (Skill 3)

9.51 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Exceptions to the order in which GPOs are processed  If Block Inheritance option is set for a domain or OU  The GPOs above that point in the structure do not affect users or computers in that structure; they are blocked  If there is a conflict between Enforced and Block Inheritance, Enforced always wins Identifying the Role of a Group Policy at Startup and Logon (9) (Skill 3)

9.52 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Exceptions to the order in which GPOs are processed  You can disable a GPO link to block that GPO from being applied for the selected site, domain, or OU  Disables the GPO only for the selected container object; it does not disable the GPO itself  If the GPO is linked to other sites, domains, or OUs, they continue to process the GPO as long as their links are enabled  Processing is enabled for all GPO links by default  To disable a GPO link, right-click it and select the Link Enabled command (a check mark indicates it is enabled) Identifying the Role of a Group Policy at Startup and Logon (10) (Skill 3)

9.53 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-18 The Link Enabled command (Skill 3)

9.54 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Exceptions to the order in which GPOs are processed  When GPOs are linked to the same container, policies are evaluated based on the link order set on the Linked Group Policy Objects tab for the container object  The policy settings in the GPO with the lowest link order (Link Order 1) are processed last  Link Order 1 has the highest precedence and is used to settle a conflict  Use the arrow buttons to change the link order Identifying the Role of a Group Policy at Startup and Logon (11) (Skill 3)

9.55 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Exceptions to the order in which GPOs are processed  Group Policies are never applied to Windows NT, 95, 98, or Windows Me computers Identifying the Role of a Group Policy at Startup and Logon (12) (Skill 3)

9.56 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  User Group Policy loopback processing mode  This policy is referred to as the loopback feature  Enforced when both the user account and the computer account are members of a Windows 2000 or later domain  You can configure loopback so that the User Configuration settings in GPOs are applied to every user logging on to that computer Identifying the Role of a Group Policy at Startup and Logon (13) (Skill 3)

9.57 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-19 The User Group Policy loopback processing mode policy (Skill 3)

9.58 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  User Group Policy loopback processing mode  In Merge mode, the Computer Configuration GPO settings are appended to the default list of GPOs  In Replace mode, the User Configuration GPO settings are completely replaced by the Computer Configuration GPO settings Identifying the Role of a Group Policy at Startup and Logon (14) (Skill 3)

9.59 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-20 Merge or Replace mode (Skill 3)

9.60 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  After you decide on a Group Policy setting design, you devise a Group Policy implementation strategy  Factors to consider  Location of GPOs  Delegation of authority  Organization structure Planning a Group Policy Implementation (Skill 4)

9.61 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Types of Group Policy implementation strategies  Centralized GPO design  An organization’s network is maintained by a small number of large GPOs  Decentralized GPO design  Uses separate GPOs for specific policy settings Planning a Group Policy Implementation (2) (Skill 4)

9.62 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Types of Group Policy implementation strategies  Functional Role (or Team Design)  Functional roles of users are considered to apply Group Policies  Steps to implement this strategy  Create an OU structure that corresponds to the actual team structure of your organization  Create a customized GPO for each OU that is tailored to the needs of the OU Planning a Group Policy Implementation (3) (Skill 4)

9.63 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Types of Group Policy implementation strategies  Delegation with Central Control Design or Distributed Control Design  Based on delegating administrative control over OUs to various administrators in an organization  When you implement this strategy, you maintain centralized control while distributing managerial control to a number of OU administrators Planning a Group Policy Implementation (4) (Skill 4)

9.64 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Regardless of which approach (or combination) you choose, it is important to try to avoid using certain tools and options  Enforced and Block Inheritance options  Filtering  Troubleshooting GPOs can be very difficult when these tools are used Planning a Group Policy Implementation (5) (Skill 4)

9.65 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  When you install Active Directory on your network, two GPOs are created automatically  Default Domain Policy, which is linked to the domain  Default Domain Controllers Policy, which is linked to the Domain Controllers OU  You can use these policies to assign standard settings to the domain and the domain controllers in a domain, respectively Creating a Group Policy Object (Skill 5)

9.66 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  GPOs can be linked to sites, domains, and OUs  To link a GPO to a site, use the Active Directory Sites and Services console or the GPMC  To link GPOs to domains and OUs, use either the Active Directory Users and Computers console or the GPMC Creating a Group Policy Object (2) (Skill 5)

9.67 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  You can create a stand-alone GPO console for a GPO and access it directly from the All Programs/Administrative Tools menu  Steps to create a GPO console 1.Open Add Standalone Snap-in dialog box from an MMC console 2.Select Group Policy Object Editor from the list of available snap-ins Creating a Group Policy Object (3) (Skill 5)

9.68 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Steps to create a GPO console 3.Click the Browse button in the Group Policy Wizard 4.In the Browse for a Group Policy Object dialog box, select the GPO for which you want to create a console The selected GPO name is added to the Group Policy Object text box on the Select Group Policy Object screen in the wizard 3.From the File menu, save the console for the GPO to make it available on the All Programs/Administrative Tools menu Creating a Group Policy Object (4) (Skill 5)

9.69 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-21 Creating a GPO (Skill 5)

9.70 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-22 The New GPO dialog box (Skill 5)

9.71 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-23 New Group Policy Object in a domain (Skill 5)

9.72 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  Assign permissions to delegate administrative control over a GPO on the Delegation tab in the GPMC  There are three standard permissions you can assign to a GPO  However, five permission levels display on the Delegation tab  Each of these permission levels represents a combination of Active Directory permissions Delegating Control for a Group Policy Object (Skill 6)

9.73 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  To delegate permissions for a GPO, you must have the Edit settings, delete, and modify security permission for the GPO  To view the permissions for groups with custom permissions or to set custom permissions, click the Advanced button to open the ACL Editor for the GPO ( Security Settings dialog box) Delegating Control for a Group Policy Object (2) (Skill 6)

9.74 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  You must assign the Edit settings, delete, and modify security permission to at least one group or user for each GPO  If there is only one user or group with this permission level, you cannot remove this user or group  Permissions inherited from parent containers cannot be removed Delegating Control for a Group Policy Object (3) (Skill 6)

9.75 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy  To change the permissions assigned to a user or group  Right-click the user or group in the Groups and users box  Select from the three standard permissions on the context menu  You can also use the Remove command to remove a user or group from the Groups and users box Delegating Control for a Group Policy Object (4) (Skill 6)

9.76 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-24 Setting GPO permissions (Skill 6)

9.77 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 9: Implementing Group Policy Figure 9-25 The Delegation tab in the GPMC (Skill 6)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.