Windows Server 2003 群組原則設定與管理林寶森

Slides:

Advertisements

Similar presentations

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Advertisements

Understanding Group Policy on Windows Server 2003.

Module 5: Creating and Configuring Group Policy

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Managing User Settings with Group Policy

Chapter 8 Configuring Group Policies

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Chapter 7 HARDENING SERVERS.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Lesson 16: Creating Group Policy Objects

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Module 8: Implementing Administrative Templates and Audit Policy.

(ITI310) By Eng. BASSEM ALSAID SESSIONS

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.

Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Introduction to Group Policy

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.

70-411: Administering Windows Server 2012

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

Managing User Desktops with Group Policy

Overview Introduction to Managing User Environments Introduction to Administrative Templates Using Administrative Templates in Group Policy Assigning Scripts.

Module 6: Implementing Group Policy. Overview Implementing Group Policy Objects Implementing GPOs in a Domain Managing the Deployment of Group Policy.

Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.

1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.

Module 6: Configuring User Environments Using Group Policy.

Module 7: Managing the User Environment by Using Group Policy.

Module 7 Configure User and Computer Environments By Using Group Policy.

Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.

Module 4: Administration in Active Directory. Overview  Designing Active Directory to Delegate Administrative Authority Identifying Business Needs Identifying.

GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.

Module 5: Implementing Group Policy

Page 1 System and Group Policies Lecture 7 Hassan Shuja 11/02/2004.

Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.

Active Directory Group Policy. Group Policy Overview  Successor to NT policies Much more flexible  Only applies to 2000 workstations Use old style policies.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.

Module 5: Creating and Configuring Group Policies.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

1 Group Policies (Week 11, Monday 3/19/2007) © Abdou Illia, Spring 2007.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

NetTech Solutions Security and Security Permissions Lesson Nine.

Module 8: Using Group Policy to Manage User Environments.

Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.

Module 10: Implementing Administrative Templates and Audit Policy.

Windows Server 2003 群組原則設定與管理林寶森

11 INTRODUCTION TO GROUP POLICY Chapter 7. Chapter 7: INTRODUCTION TO GROUP POLICY2 WHAT CAN YOU DO WITH GROUP POLICY?  Control the user environment.

Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.

10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016

1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.

Module 8: Implementing Group Policy. Overview Multimedia: Introduction to Group Policy Implementing Group Policy Objects Implementing GPOs on a Domain.

Configuring the User and Computer Environment Using Group Policy Lesson 8.

Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.

Managing User Desktops with Group Policy

Windows Server 2003 群組原則設定與管理

Utilize Group Policy Terminal Server Settings

Windows Server 2008 Administration

Windows Server 2003 群組原則設定與管理

Introduction to Group Policy

Presentation transcript:

Windows Server 2003 群組原則設定與管理林寶森

Introduction to Group Policy Group Policy Enables You to: –Set centralized and decentralized policies –Ensure users have their required environments –Lower total cost of ownership by controlling user and computer environments –Enforce corporate policies Site Domain OU Windows Applies Settings Continually Users Computers Administrator Sets Group Policy Once Group Policy

Group Policy Settings IntelliMirror Technology Establish Enforceable Configurations Specify Settings for:AdministrativeTemplatesAdministrativeTemplatesSecuritySecurity SoftwareInstallationSoftwareInstallation ScriptsScripts Folder Redirection Registry-based policy settings Options for local, domain, and network security Central management of software installation Startup, shutdown, logon, and logoff scripts Store users’ folders on the network

What Are User and Computer Configuration Settings? Group Policy settings for users: –Desktop settings –Software settings –Windows settings –Security settings Group Policy settings for computers: –Desktop behavior –Software settings –Windows settings –Security settings

When Is Group Policy Applied? Computer starts Computer settings applied Startup scripts run Computer settings applied Startup scripts run Refresh Interval User logs on User settings applied Logon scripts run User settings applied Logon scripts run Refresh Interval The GetGPOList Function Executes on the Client Computer During:

GPO Components Contains Group Policy settings Stores content in two locations Group Policy Object Stored in shared SYSVOL folder Provides Group Policy settings Stored in shared SYSVOL folder Provides Group Policy settings Group Policy Template Stored in Active Directory Provides version information Stored in Active Directory Provides version information Group Policy Container

What Is a GPO Link? Organizational Unit GPO Site GPO Domain GPO Site Domain OU

Group Policy Objects and Active Directory Containers GPO Settings Affect User and Computer Objects Within Sites, Domains, and OUs to Which a GPO Is Linked –You can link one GPO to multiple sites, domains, or OUs –You can link multiple GPOs to one site, domain, or OU You Cannot Link GPOs to Default Active Directory Containers Site Domain OU OU GPO Site GPO Domain GPO

Group Policy Inheritance Windows 2003 Applies GPO Settings in a Specific Order Child Containers Inherit GPO Settings from Parent Containers Domain OU Site GPO Computers Users Payroll Domain Domain GPO

What Is Local Group Policy?

Tools Used to Create GPOs Default Group Policy tools –Active Directory Users and Computers Domain and organizational unit GPOs –Active Directory Sites and Services Site GPOs –Local Security Policy Local computer security settings Add-in tools –Group Policy Management Domain, organizational unit, and site GPOs

Creating a Group Policy Object dsa - [Active Directory Users and Computers] Console Window Help Active View Active Directory Samerica1.contoso. Builtin Computers Domain Controllers Ohio Users Accounting Delegate control… Add members to a Group Move... Find…. New All Tasks View New Window from Here Delete Rename Refresh Export List… Properties Help Delegate control… Add members to a Group Move... Find…. New All Tasks View New Window from Here Delete Rename Refresh Export List… Properties Help Properties Accounting Properties GeneralManaged By Group Policy Current Group Policy Object Links for Account Group Policy Object Links No OverrideDisabled Group Policy Objects higher in the list have the highest priority. This list obtained from the primary domain controller. NewAdd...Edit Options...Delete...Properties Block Policy inheritance OKCancel Apply UpUp UpUp Down New Properties

Examining the Group Policy Interface Group Policy Editor ActionView TreeName Default Domain Policy [London.conto Computer configuration Software Settings Windows Settings Administrative Templates User Configuration Software Settings Windows Settings Administrative Templates Computer Configuration User Configuration

What Are Disabled and Enabled Group Policy Settings? Enable / Disable Multi-valued settings

What Is GPO Management?

What Is Group Policy Reporting?

What Is a Copy Operation? A copy of a GPO transfers only the settings within a GPO The new GPO is created unlinked A copy of a GPO transfers only the settings within a GPO The new GPO is created unlinked DACL User 1 GPO1 Read Full Control DACL User 1 GPO2 Read Full Control Copy Operation

What Is a Backup Operation? In a backup operation, Group Policy Management export all data in the GPO to the selected file and saves the GPT files Backup Operation Backup of a GPO Backup of a GPO GPO1

What Is a Restore Operation? In a restore operation, the contents of the GPO are returned to exactly the same state Restore Operation GPO1 Backed-up GPO GPO1

What Is an Import Operation? In an import operation, all GPO settings are copied from the source to the target GPO GPO1 Import Operation GPO2 GPO Settings GPO Settings

What Are Administrative Templates? Administrative Template Settings Modify Registry Settings That Control User Environments Settings Modify Registry Settings in the Registry Subtrees –HKEY_LOCAL_MACHINE for computer settings –HKEY_CURRENT_USER for user settings If a GPO No Longer Applies, Policy Settings Are Removed Windows 2003 Applies Both Group Policy and Local Default-Registry Settings Unless There Is a Conflict Use administrative template (.adm) files to control the user environment of client computers Windows XP Service Pack 2 administrative templates: –system.adm, inetres.adm, conf.adm, wmplayer.adm, wuau.adm

How Computers Apply Administrative Template Settings GPO List 11 Client computer starts or user logs on, retrieves a list of GPOs that apply Client computer connects to SYSVOL and locates the Registry.pol files Sysvol Registry.pol GPT 22 Client computer writes to the registry subtrees (HKLM or HKCU) Registry.pol HKCU Registry.pol HKLM 33 Logon dialog box (for computer) or the desktop (for user) appears4

What Is a Security Policy?

What Are Security Templates? TemplateDescription Default Security (Setup security.inf) Specifies default security settings Domain Controller Default Security (DC security.inf) Specifies default security settings updated from Setup security.inf for a domain controller Compatible (Compatws.inf) Modifies permissions and registry settings for the Users group to enable maximum application compatibility Secure (Securedc.inf and Securews.inf) Enhances security settings that are least likely to impact application compatibility Highly Secure (Hisecdc.inf and Hisecws.inf) Increases the restrictions on security settings System Root Security (Rootsec.inf) Specifies permissions for the root of the system drive

What Are Security Template Settings? Security Template: Setup Security Sample of Settings