Section 8: Configuring the Desktop Environment with Group Policy Exploring Script Types and Controlling Script Execution Defining the Desktop, Start Menu,

Slides:



Advertisements
Similar presentations
Auditing Microsoft Active Directory
Advertisements

Microsoft Windows Vista Chapter 5 Personalize Your Work Environment.
Lesson 17: Configuring Security Policies
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.
Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
Microsoft ® Official Course Module 9 Configuring Applications.
Windows XP 101: Using Windows XP Professional in the Classroom.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
Ch 11 Managing System Reliability and Availability 1.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
GROUP POLICY An overview of Microsoft Windows Group Policy.
© 2006 Global Knowledge Training LLC All rights reserved. Deploying Outlook 2003 Configuring Clients Outlook 2003 Security and Performance New Outlook.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Introduction to Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
Using Windows Firewall and Windows Defender
Good Afternoon and Thank You!.  Have some Fun!  Learn at least one thing new!  Make myself available to you So please …  Ask questions and enjoy!
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.
Section 10: Assigning and Publishing Software Packages Using MSI Packages to Distribute Software Using Group Policy as a Software Deployment Method Deploying.
1 Chapter Overview Configuring and Troubleshooting the Display Configuring Power Management Configuring Operating System Settings Configuring and Troubleshooting.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Managing User Desktops with Group Policy
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Overview Introduction to Managing User Environments Introduction to Administrative Templates Using Administrative Templates in Group Policy Assigning Scripts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Computing Fundamentals Module Lesson 3 — Changing Settings and Customizing the Desktop Computer Literacy BASICS.
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
Module 6: Configuring User Environments Using Group Policy.
Module 7: Managing the User Environment by Using Group Policy.
Module 7 Configure User and Computer Environments By Using Group Policy.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
Section 9: Configuring Roaming Profiles and Folder Redirection Managing User Profiles Configuring Folder Redirection Using Folder Redirection and Roaming.
GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
11 SUPPORTING THE WINDOWS DESKTOP Chapter 4. Chapter 4: Supporting the Windows Desktop2 SUPPORTING THE WINDOWS DESKTOP  Troubleshoot and customize the.
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
11 INTRODUCTION TO GROUP POLICY Chapter 7. Chapter 7: INTRODUCTION TO GROUP POLICY2 WHAT CAN YOU DO WITH GROUP POLICY?  Control the user environment.
Module 6: Configuring User Environments Using Group Policies.
CHAPTER Windows Server Management. Chapter Objectives Give an overview of the Server Manager Provide details of accessing the Server Manager Explain the.
Managing Servers Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Using Remote DesktopPlan server management strategies 2.1 Delegating.
Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.
Managing User Desktops with Group Policy
Windows XP 101: Using Windows XP Professional in the Classroom
Introduction to Group Policy
Presentation transcript:

Section 8: Configuring the Desktop Environment with Group Policy Exploring Script Types and Controlling Script Execution Defining the Desktop, Start Menu, and Taskbar Settings Defining the Control Panel Settings Defining the Windows Components Settings Configuring the Printer Management and Pruning Settings Defining Network Settings New Settings for Windows 8 Client and Windows Server 2012 Managing Windows Environments with Group Policy

© 2013 Global Knowledge Training LLC. All rights reserved. Section Objectives After completing this section, you will be able to: Describe the startup, shutdown, logon, and logoff scripts and settings Identify the many ways to control the user desktop, Start menu, and taskbar settings Explain how to restrict the Control Panel settings Explain how to restrict the operations that users can perform in Windows Explorer, Windows Internet Explorer, and Remote Desktop Services Explain how to configure the printer management and pruning settings Describe the network settings 8-2

© 2013 Global Knowledge Training LLC. All rights reserved. Exploring Script Types and Controlling Script Execution 8-3 Script Types Controlling Script Processing Delegating Script Management

© 2013 Global Knowledge Training LLC. All rights reserved. Script Types Active Directory domains support four types of scripts: Computer Startup Computer Shutdown User Logon User Logoff 8-4

© 2013 Global Knowledge Training LLC. All rights reserved. Computer Startup and Shutdown Scripts Startup and shutdown scripts run in the context of the computer account. A user account is not logged on. These scripts must not require user input. 8-5

© 2013 Global Knowledge Training LLC. All rights reserved. User Logon and Logoff Scripts (1) A logon script runs when a user logs on to a Windows computer, using the user security context. A logoff script runs when the user logs off, again using the user security context. Scripts can be: PowerShell VBScript BAT CMD EXE 8-6

© 2013 Global Knowledge Training LLC. All rights reserved. User Logon and Logoff Scripts (2) 8-7 If Windows PowerShell is used to write logon scripts, the scripts will have to be signed or the Script Execution policy will have to be relaxed.

© 2013 Global Knowledge Training LLC. All rights reserved. User Logon and Logoff Scripts (3) 8-8 This is an example of a PowerShell logon script that maps a drive and displays a message box.

© 2013 Global Knowledge Training LLC. All rights reserved. Controlling Script Processing Run logon scripts synchronously Run startup scripts synchronously Run startup scripts visible Run shutdown scripts visible Maximum wait time for Group Policy scripts 8-9

© 2013 Global Knowledge Training LLC. All rights reserved. Delegating Script Management Control which users can configure scripts by limiting the MMC snap-in using the following Administrative Templates settings: User Configuration, Administrative Templates, Windows Components, Microsoft Management Console, Restricted/Permitted snap-ins, Group Policy, Scripts (Logon/Logoff), Scripts (Startup/Shutdown) User Configuration, Administrative Templates, Windows Components, Microsoft Management Console, Restrict users to the explicitly permitted list of snap-ins 8-12

© 2013 Global Knowledge Training LLC. All rights reserved. Defining the Desktop, Start Menu, and Taskbar Settings Control icons on the desktop. Customize and set the Start menu. Set access to taskbar settings. 8-13

© 2013 Global Knowledge Training LLC. All rights reserved. Defining the Control Panel Settings Restrict access completely. Control access to Add/Remove Programs. Restrict the display properties. Control printer management. Customize or set language options. 8-19

© 2013 Global Knowledge Training LLC. All rights reserved. Defining the Windows Components Settings 8-23 File Explorer Settings Internet Explorer Settings Remote Desktop Services Settings Other Notable Windows Components

© 2013 Global Knowledge Training LLC. All rights reserved. File Explorer Settings 8-23 The File Explorer section contains many settings dealing with the desktop and the File Explorer.

© 2013 Global Knowledge Training LLC. All rights reserved. Internet Explorer Settings Previous group policies already contained a large number of Internet Explorer settings. Now, more settings than ever are available with the latest versions of Windows Internet Explorer. 8-26

© 2013 Global Knowledge Training LLC. All rights reserved. Administrator Approved Controls If users are constantly having problems with add-ons to Internet Explorer, you can configure an approved list of allowed controls. 8-28

© 2013 Global Knowledge Training LLC. All rights reserved. Browser Menus To provide a more streamlined or restrictive interface, menu options in Internet Explorer can be disabled. 8-29

© 2013 Global Knowledge Training LLC. All rights reserved. Internet Control Panel Specific portions of Internet Control Panel can be disabled to prevent tampering with settings. 8-29

© 2013 Global Knowledge Training LLC. All rights reserved. Offline Pages Offline Pages governs the downloading and caching of pages for later viewing. 8-30

© 2013 Global Knowledge Training LLC. All rights reserved. Persistence Behavior Some DHTML Web pages can store an enormous amount of data in the name of “persistence.” This storage can be limited using Group Policy. 8-30

© 2013 Global Knowledge Training LLC. All rights reserved. Toolbars Similar to the text-based menu options, the icon-based toolbars can also be controlled. 8-31

© 2013 Global Knowledge Training LLC. All rights reserved. Remote Desktop Services Settings The Remote Desktop Services settings are very important for restricting what users can do while connected to a desktop interface from a server. 8-32

© 2013 Global Knowledge Training LLC. All rights reserved. Other Notable Windows Components Microsoft Management Console Task Scheduler Windows Installer Windows Media Player Windows Messenger Windows Update 8-33

© 2013 Global Knowledge Training LLC. All rights reserved. Configuring the Printer Management and Pruning Settings Pruning Purges inactive printers from Active Directory Publishing Controls the listing of printers in Active Directory 8-34

© 2013 Global Knowledge Training LLC. All rights reserved. Defining the Network Settings 8-36 DNS Client Offline Files Network Connections

© 2013 Global Knowledge Training LLC. All rights reserved. DNS Client Some of the TCP/IP settings assigned to client computers come from DHCP. Other more advanced settings can be configured centrally through a GPO. 8-36

© 2013 Global Knowledge Training LLC. All rights reserved. Offline Files Folder redirection is largely replacing the roaming profile. Contents are automatically synchronized to the local computer for portability. 8-37

© 2013 Global Knowledge Training LLC. All rights reserved. Network Connections Relaxing some of the network restrictions can allow normal users a small amount of control over their network connection. This feature is useful for individuals who travel. 8-38

© 2013 Global Knowledge Training LLC. All rights reserved. New Settings for Windows 8 Client and Windows Server 2012 Network Start Menu and Taskbar System Windows Components 8-39

© 2013 Global Knowledge Training LLC. All rights reserved. Network Remove “Work offline” command This policy setting removes the “Work offline” command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode. 8-39

© 2013 Global Knowledge Training LLC. All rights reserved. Start Menu and Taskbar The few new Start Menu and Taskbar settings are listed below: 8-38 Clear history of tile notifications on exit Do not allow taskbars on more than one display Prevent users from uninstalling applications from Start Show “Run as different user” command on Start Turn off notifications of network usage Turn off tile notifications Turn off toast notifications Turn off toast notifications on the lock screen

© 2013 Global Knowledge Training LLC. All rights reserved. System A minimal number of System settings have been added that are specific to Windows 8 Client and Windows Server 2012: 8-41 Enable optimized move of contents in Offline Files cache on Folder Redirection server path change Redirect folders on primary computers only Turn off access to the Store

© 2013 Global Knowledge Training LLC. All rights reserved. Windows Components (1) Almost two dozen new settings have been added within the Windows Components section: 8-42/43 Block launching desktop apps associated with a file Block launching desktop apps associated with a protocol Do not display the password reveal button Turn off switching between recent apps Turn off tracking of app usage Location where all default Library definition files for users/machines reside Start File Explorer with ribbon minimized Do not include Non-Publishing Standard Glyph in the candidate list

© 2013 Global Knowledge Training LLC. All rights reserved. Windows Components (2) 8-43/44 Restrict character code range of conversion Turn off custom dictionary Turn off history-based predictive input Turn off Internet search integration Turn off Open Extended Dictionary Turn off saving auto-tuning data to file Turn on misconversion logging for misconversion report Specify default connection URL Turn off storage and display of search history Turn off the Store application

© 2013 Global Knowledge Training LLC. All rights reserved. Windows Components (3) 8-44/45 Do not throttle additional data Send additional data when on battery power Send data when on connected to a restricted/costed network Set the default source path for Update-Help Turn on Module Logging

© 2013 Global Knowledge Training LLC. All rights reserved. Summary Computer startup and shutdown scripts: GPOs support computer-specific startup and shutdown scripts. When a workstation or server is located in an OU, it runs the assigned script in the context of the Local System account. You can use these scripts to perform cleanup or maintenance routines, even when a user is not logged on to the console of the system. 8-47

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) User logon and logoff scripts: Logon and logoff scripts apply to a user account that can be contained at the site, domain, or OU container, or all of these locations. These scripts are typically used to map drives or perform other activities that are not found as part of typical Group Policy settings. 8-47

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) To restrict the operations that users can perform on their computers, go to the Group Policy console settings under the User Configuration node. Some settings are located under the Policies subnode, while others are found under the Administrative Templates subnode. You can set many different restrictions to the following: Desktop Start menu Taskbar Control Panel Windows Explorer Windows Internet Explorer 8-47

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) Most of the Remote Desktop Services policies appear in the Group Policy console under the Computer Configuration node, although you can set a few timeouts in the User Configuration node. To configure the printer management and pruning settings, go to Computer Configuration, Administrative Templates, and Printers node in the Group Policy console. Some User Configuration client-side printer settings exist in Control Panel. 8-47

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) The network settings are: DNS Client: Preset values that control the functioning of DNS, including dynamic update, DNS suffixes, Time- to-Live values, etc. Offline Files: Configure the settings for caching offline files on the local computer. Network Connections: Restrict or allow access to network settings like, TCP/IP properties, viewing network adapter properties, and disabling or enabling network adapters. 8-47

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check 1.Where in the Group Policy console can you configure the pruning settings? a.User Configuration, Administrative Templates, and Printers node b.User Configuration, Policies, and Printers node c.Computer Configuration, Administrative Templates, and Printers node d.Computer Configuration, Policies, and Printers node 8-48

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 2.If you wanted to hide specific Control Panel items, what would you do? a.Navigate to User Configuration, Policies, Administrative Templates, and Control Panel. b.Find the file name of the desired Control Panel item(.cpl extension) in %Systemroot%\System32. c.Right-click the item and select Hide. 8-48

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 3.Internet Explorer settings exist in three primary locations in the Group Policy console. Name them. Computer Configuration, Policies, Administrative Templates, Windows Components, and Internet Explorer User Configuration, Policies, Administrative Templates, Windows Components, and Internet Explorer Computer Configuration, Policies, Windows Settings, and Internet Explorer Maintenance 8-48

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 4.In which node of the Group Policy console (Computer Configuration or User Configuration) would you expect to find DNS settings? Why? Computer Configuration, because the settings apply to the computer as a whole 8-48

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 5.Which setting would you use to prevent users from applying patches and updates, block access to the Windows Update Web site, and remove the Windows Update hyperlink from the Start menu and from the Tools menu in Windows Internet Explorer? (Hint: Go to User Configuration, Policies, Administrative Templates, and Start Menu and Taskbar.) Remove links and access to Windows Update 8-48

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 6.What types of scripts does the following text describe? These scripts apply to a user account that can be contained at the site, domain, or OU container, or all of these locations. These scripts are typically used to map drives or perform other activities that are not found as part of typical Group Policy settings. User logon and logoff scripts 8-49

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.