Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Server 2003 群組原則設定與管理

Published byBarnaby Simpson Modified over 6 years ago

Similar presentations

Presentation on theme: "Windows Server 2003 群組原則設定與管理"— Presentation transcript:

1 Windows Server 2003 群組原則設定與管理
林寶森

2 What Happens When GPOs Conflict
How conflicts are resolved All Group Policy Settings Apply Unless There Are Conflicts The Last Setting Processed Applies When settings from different GPOs in the Active Directory hierarchy conflict, the child container GPO settings apply When settings from GPOs linked to the same container conflict, the settings for the GPO highest in the GPO list apply A Computer Setting Applies When It Conflicts with a User Setting Options for modifying inheritance No Override (Enforce) Block Policy inheritance

3 Blocking the Deployment of a GPO
Sales Production Domain GPOs No GPO settings apply Stops inheritance of all GPOs from all parent containers Cannot selectively choose which GPOs are blocked Cannot stop No Override

4 Enabling No Override No Override:
Overrides Block Inheritance and GPO conflicts Should be set high in the Active Directory tree Is applicable to links and not to GPOs Enforces corporate-wide rules Sales Production Domain Domain GPO settings apply Conflicting GPO Settings No Override GPO Settings

5 How to Configure Group Policy Enforcement

6 Attributes of a GPO Link
Enforced Conflicting Links

7 Filtering the Deployment of a GPO
Sales Production Domain Mengph Kimyo Group Apply Group Policy Deny Read and Apply Group Policy Allow GPO

8 What Is Loopback Processing?

9 What Are WMI Filters? WMI Filter 10 GB 400 MB 35 GB 750 MB
Install Office? 500 MB free disk space? WMI Filter Administrator GPO 10 GB 400 MB 35 GB 750 MB

10 Example of WMI Query Select * FROM Win32LogicalDisk WHERE (Name = “C:” OR Name = “D:” OR Name = “E:”) AND DriveType = 3 AND FreeSpace > AND FileSystem = “NTFS” Note: DriveType Value = 3 is a Hard Disk 10MB = 10,485,760 bytes

11 Controlling the Processing of Group Policy
Synchronous and Asynchronous Processing By default, the processing of Group Policy is synchronous You can change the processing of Group Policy to asynchronous by using a Group Policy setting for both computers and users Refreshing Group Policy at Established Intervals of: 5 minutes for domain controllers 90 minutes for member servers running Windows Server 2003 and for computers running Windows 2000 & XP Professional Processing Unchanged Group Policy Settings You can configure each client-side extension to process all applicable Group Policy settings

12 Group Policy and Slow Network Connections
Group Policy Can Detect a Slow Link Group Policy Uses an Algorithm to Determine Whether a Link Should Be Considered Slow Default is 500 kbps Group Policy Sets a Flag to Indicate a Slow Link to the Client-side Extensions userenv.dll, dskquota.dll, fdeploy.dll, gptext.dll, appmgmts.dll, scecli.dll, iedkcs32.dll, etc.

13 Default Settings for Slow Link Processing
Client-Side Extension Slow-Link Processing Refreshed Can it be Changed? Administrative Template On No IE Maintenance Off Yes Software Installation N/A Folder Redirection Scripts Security IP Security Wireless EFS Recovery Disk Quota

14 Why Specify a Domain Controller for Managing GPOs?
When You Create a New GPO or Edit an Existing GPO, by Default, the Domain Controller That Holds the PDC Emulator Role Performs the Operation The Options Available to Specify a Domain Controller for Managing GPOs Include: The one with the Operations Master token for the PDC emulator The one used by the Active Directory snap-ins Use any available domain controller To Specify a Domain Controller for Managing Group Policy Objects: Use the DC Options command on the View menu in the Group Policy snap-in Enable a Group Policy setting that specifies which domain controller should be used

15 Specifying a Domain Controller for Managing Group Policy Objects
Choose a domain controller to avoid replication conflicts Options

16 What Is Group Policy Modeling?

17 What Is Group Policy Results?

18 What Is Gpupdate and Gpresult?
Syntax of gpupdate gpupdate [/Target:{Computer | User}] [/Force] [/Wait:Value] [/Logoff] [/Boot] [/Sync] Syntax of gpresult gpresult [/s Computer [/u Domain\User /p Password]] [/user TargetUserName] [/scope {user|computer}] [/v] [/z]

Download ppt "Windows Server 2003 群組原則設定與管理"

Similar presentations

Understanding Group Policy on Windows Server 2003.

Understanding Group Policy on Windows Server 2003.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 9-10-11 2008.

(ITI310) By Eng. BASSEM ALSAID SESSIONS
Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK

Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
GROUP POLICY An overview of Microsoft Windows Group Policy.

GROUP POLICY An overview of Microsoft Windows Group Policy.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Introduction to Group Policy

Introduction to Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.

Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.
70-411: Administering Windows Server 2012

70-411: Administering Windows Server 2012

Similar presentations

Ads by Google