Presentation is loading. Please wait.

Presentation is loading. Please wait.

10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Similar presentations


Presentation on theme: "10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure."— Presentation transcript:

1 10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Configure Group Policy settings for a GPO  Modify the order of Group Policy Objects  Filter the scope of a Group Policy Object  Link Group Policy Objects  Delete GPO links and Group Policy Objects  Examine the application of Group Policy using RSoP  Use the Group Policy Management Wizard Goals

2 10.2 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Group Policy  Used to set a consistent desktop environment  Used to configure both user and computer security settings  Other security options  Allowing automatic administrative logon to the Recovery Console  Shutting down the system immediately if the system is unable to log security audits Configuring Group Policy Settings for a GPO (Skill 1)

3 10.3 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  User Configuration settings node  You can use Administrative Templates to control access to the Control Panel or to specific Control Panel applets  You can control what Desktop items will appear or will be hidden, among many other policy settings  You set policies for a GPO using the Group Policy Object Editor for that GPO Configuring Group Policy Settings for a GPO (2) (Skill 1)

4 10.4 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-1 Setting Group Policy Object Properties (Skill 1)

5 10.5 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-2 The Enabled Hide Add New Programs page policy (Skill 1)

6 10.6 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-3 The Interactive logon: Do not display last user name Properties dialog box (Skill 1)

7 10.7 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-4 The Shutdown: Allow system to be shutdown without having to log on dialog box (Skill 1)

8 10.8 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-5 The Enabled policies in the Group Policy Object Editor (Skill 1)

9 10.9 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  The order in which Group Policy settings apply to a user or computer depends on the priority order of the GPOs  GPOs, by default, are processed in accordance with the Active Directory hierarchy (LSDOU)  Local policy  Site policy  Domain policy  OU policy Modifying the Order of Group Policy Objects (Skill 2)

10 10.10 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using the Enforced option  Allows you to give preference to the policies at each level (except local)  When you set a GPO link to Enforced, the GPO link takes precedence over the settings for any child object  You can also disable a GPO link to completely block that GPO from being applied; this disables the GPO only for the selected container object Modifying the Order of Group Policy Objects (2) (Skill 2)

11 10.11 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using the Block Inheritance option  Allows you to block the application of all policies applied at higher levels for a specific container  Using filtering  Allows you to specify that a particular GPO only applies to one or more specific groups of users within a container  Involves modifying the Apply Group Policy permission for the GPO Modifying the Order of Group Policy Objects (3) (Skill 2)

12 10.12 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using the Link Order column on the Linked Group Policy Objects list in the GPMC  Allows you to change the priority order for the GPOs for a domain or an OU  Local policies have no prioritization options because they are always overwritten when a conflict occurs Modifying the Order of Group Policy Objects (4) (Skill 2)

13 10.13 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Creating and linking a GPO  You must have the Link GPOs permission for the domain or organizational unit for which you are creating the GPO  You also must have permission to create GPOs in that domain  The Domain Admins, Enterprise Admins and Group Policy Creator Owner groups have permission to create GPOs in a domain by default Modifying the Order of Group Policy Objects (5) (Skill 2)

14 10.14 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using the Resultant Set of Policy (RSoP)  Allows you to see policy prioritization in action  RSoP is a new console in Windows Server 2003  Provides the ability to analyze and display the result of Group Policy application for any object in the directory Modifying the Order of Group Policy Objects (6) (Skill 2)

15 10.15 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Applying a GPO to a site  You cannot create and link a GPO to a site because the operating system would not know in which domain to create the GPO  To apply a GPO to a site  Create a GPO in any domain in the forest  Use the Link an Existing GPO command to link the GPO to the site Modifying the Order of Group Policy Objects (7) (Skill 2)

16 10.16 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-6 Changing the link order for a GPO (Skill 2)

17 10.17 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-7 The Group Policy Inheritance tab (Skill 2)

18 10.18 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Filtering the scope  You might need to restrain the scope of a GPO by applying permissions to specific users and/or computers  This is called filtering the GPO scope  To filter the scope of a GPO, you use security groups Filtering the Scope of a Group Policy Object (Skill 3)

19 10.19 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Security groups  Used to specify the users subject to the policies in a particular GPO  Used to define the rights and permissions users will have to access resources  You set different permissions for different security groups on the Security tab in the Properties dialog box for a GPO Filtering the Scope of a Group Policy Object (2) (Skill 3)

20 10.20 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Setting security groups permissions  Read and Apply Group Policy permissions  Are assigned for a particular GPO  By default, the Authenticated Users group is granted both permissions for all GPOs  To block a policy from applying to a specific group, set its Apply Group Policy permission to Deny  To allow the GPO to apply to a single group of users  Remove the Apply Group Policy permission from the Authenticated Users group  Allow the Apply Group Policy permission only for that group Filtering the Scope of a Group Policy Object (3) (Skill 3)

21 10.21 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  When you are using filtering, only two group policy permissions are applicable  Read  Apply Group Policy Filtering the Scope of a Group Policy Object (4) (Skill 3)

22 10.22 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-8 Setting the Apply Group Policy permission for a security group (Skill 3)

23 10.23 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Two ways to filter the scope of a GPO directly in the GPMC  Select the GPO in its container object  Expand the Group Policy Objects node in the GPMC and select the GPO you want to filter Filtering the Scope of a Group Policy Object (5) (Skill 3)

24 10.24 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  To add objects to the security filter  On the Scope tab, in the Security Filtering section, click the Add button to open the Select User, Computer, or Group dialog box  Click OK to add the object to the security filter  To apply the GPO only to the group or groups that have been added  In the Security Filtering section on the Scope tab, select Authenticated Users  Click the Remove button Filtering the Scope of a Group Policy Object (6) (Skill 3)

25 10.25 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-9 Security Filtering (Skill 3)

26 10.26 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  A GPO, by default, is linked to the container in which it is created  You can link GPOs to additional sites, domains, or OUs in order to increase the scope of the GPO  To link a GPO to an additional container, you use the Link an Existing GPO command and the Select GPO dialog box for that container Linking Group Policy Objects (Skill 4)

27 10.27 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  To link an existing GPO to a site, domain, or organizational unit, you must have the Link GPOs permission for that container object  The Domain Admins and Enterprise Admins groups are granted this permission by default for domains and organizational units  For sites, only the Domain Admins and Enterprise Admins groups for the forest root domain are granted this permission by default Linking Group Policy Objects (2) (Skill 4)

28 10.28 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-10 Linking an existing GPO (Skill 4)

29 10.29 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-11 The Select GPO dialog box (Skill 4)

30 10.30 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-12 The GPO linked to the domain (Skill 4)

31 10.31 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  You might need to link a GPO to additional containers for only a certain period of time, or policies that were once applicable may no longer be needed  In these situations, you can remove the GPO link from a container object or even delete the GPO  If there is more than one GPO link associated with the object, you should remove the GPO link and not delete the GPO  If the GPO is associated with a single object, you can delete the GPO, which also deletes all links to the GPO in the domain Deleting GPO Links and Group Policy Objects (Skill 5)

32 10.32 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  To delete a link to a GPO  You must have permission to link Group Policy Objects for the OU or the domain  If you do not have this level of permission  The links are not deleted  Links to other domains and sites (called orphan links) remain and appear in the GPMC as Not Found  To delete Not Found links, you must have permission to link Group Policy Objects in the site, domain, or OU where the links are located Deleting GPO Links and Group Policy Objects (2) (Skill 5)

33 10.33 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  After deleting a GPO  You cannot create a GPO with the same name in the GPMC  A unique GUID is created for each GPO, and the GUID can never be repeated, but if you create GPOs with older tools, the same common name could be repeated  Replication latency and the use of scripts to execute tasks on GPOs can also cause a common name to be repeated Deleting GPO Links and Group Policy Objects (3) (Skill 5)

34 10.34 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  If you are considering deleting a GPO, check for cross-domain links on the Scope tab for the GPO  In the Display links in this location list box, select [Entire Forest]  All links for the GPO are displayed in the The following sites, domain, and OUs are linked to this GPO box  Select all of the links, right-click the selection, and click Delete link to delete all cross-domain links before you delete the GPO Deleting GPO Links and Group Policy Objects (4) (Skill 5)

35 10.35 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-13 Deleting a GPO link (Skill 5)

36 10.36 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-14 Confirming the GPO link deletion (Skill 5)

37 10.37 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-15 Deleting a GPO (Skill 5)

38 10.38 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-16 Confirming the GPO deletion (Skill 5)

39 10.39 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-17 The Delete dialog box (Skill 5)

40 10.40 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  RSoP is a useful new tool that allows you to visually examine the application of Group Policy  To use RSoP (if you have not installed the GPMC)  Open MMC and create a new console  Query Active Directory for the Group Policies applying to a specific level of the hierarchy or for a specific object  RSoP returns a list of all Group Policy settings  Shows the configuration for that setting  Identifies Group Policy that configured that particular setting Examining the Application of Group Policy Using RSoP (Skill 6)

41 10.41 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using RSoP in troubleshooting Group Policy application  It allows you to quickly and easily determine the source of GPO conflicts on your network  RSoP identifies  The final group of policies that are applied, for which GPO set the final value for each policy  The details for the policies that were not applied, including all other GPOs that attempted to set the policy and the setting they tried to impose Examining the Application of Group Policy Using RSoP (2) (Skill 6)

42 10.42 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  In the GPMC, the functionality of RSoP is broken down into two distinct capabilities, which are controlled by two Wizards  Group Policy Results Wizard  Group Policy Modeling Wizard Examining the Application of Group Policy Using RSoP (3) (Skill 6)

43 10.43 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Group Policy Results Wizard  Queries the target computer for the RSoP data that was applied to that computer  Displays the policies that are applied to that computer or to a particular user on that computer  The client being queried must be running Windows XP Professional or Windows Server 2003 or later  In the RSoP snap-in, this functionality is called logging mode Examining the Application of Group Policy Using RSoP (4) (Skill 6)

44 10.44 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-18 The Group Policy Results Wizard (Skill 6)

45 10.45 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Group Policy Modeling Wizard  Provides a simulation tool  Allows administrators to test to see what would happen to policy application for a particular user or computer under certain conditions  The security group memberships are changed  The location of the object in Active Directory is changed Examining the Application of Group Policy Using RSoP (5) (Skill 6)

46 10.46 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Group Policy Modeling Wizard  The modeling functionality is controlled by a service that is only installed on a Windows Server 2003 domain controller  There must be at least one Windows Server 2003 domain controller in the domain  In the RSoP snap-in, this functionality is called planning mode Examining the Application of Group Policy Using RSoP (6) (Skill 6)

47 10.47 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-19 The Group Policy Modeling Wizard (Skill 6)

48 10.48 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  After you have run one of the wizards, the RSoP data is generated as an HTML report  HTML report  Displays the policy settings that are applied  Identifies the GPO that sets the policy value  The report is added to either the Group Policy Results or Group Policy Modeling node in the GPMC Examining the Application of Group Policy Using RSoP (7) (Skill 6)

49 10.49 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Viewing the HTML report  Right-click a report  Click Advanced View to open the RSoP console  You can view each policy setting and the source GPO  You can open the Properties dialog box for each policy on the Precedence tab  Allows you to verify the GPO that “won”  Allows you to view all GPOs that attempted to set the policy and the value they attempted to set Examining the Application of Group Policy Using RSoP (8) (Skill 6)

50 10.50 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-20 The RSoP console (Skill 6)

51 10.51 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Gpresult.exe command-line tool  An additional tool for troubleshooting Group Policy application in Windows Server 2003  It is stored in %Systemroot%\System32  Performs nearly the same functions as RSoP Examining the Application of Group Policy Using RSoP (9) (Skill 6)

52 10.52 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Gpresult.exe  When you run Gpresult with no parameters, the results are for the user currently logged on the local computer  Gpresult-Logging mode displays details about the user  Operating system type  Version and configuration  Site  Roaming and local user profile locations Examining the Application of Group Policy Using RSoP (10) (Skill 6)

53 10.53 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Gpresult-Logging mode also displays Computer Configuration and User Configuration settings  Computer/user DN  Last time Group Policy was applied and the location from which it was applied to the user/computer  Domain name and type  GPOs  That were applied to the computer/user  That were filtered out  Security groups to which the computer/user belongs Examining the Application of Group Policy Using RSoP (11) (Skill 6)

54 10.54 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-21 The Summary of Selections screen in the Group Policy Results Wizard (Skill 6)

55 10.55 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-22 The Applied and Denied GPOs (Skill 6)

56 10.56 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-23 The Interactive Logon and Shutdown policies (Skill 6)

57 10.57 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-24 The Control Panel/Add or Remove Programs policy (Skill 6)

58 10.58 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-25 The Policy Events tab (Skill 6)

59 10.59 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  The Group Policy Modeling Wizard (GPMW) analyzes the effects of a hypothetical GPO structure  You can perform “what-if” scenarios  To examine the potential effects of inherited Group Policies on users or computers if you redesign your OU structure  To determine the effects if you change security group memberships or move user or computer objects to different Active Directory containers Using the Group Policy Management Wizard (Skill 7)

60 10.60 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using the GPMW to evaluate Windows Management Instrumentation (WMI) filters  A WMI filter is built from query strings  Query strings filter the application of Group Policy based on customizable metrics Using the Group Policy Management Wizard (2) (Skill 7)

61 10.61 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Requirements for using the GPMW  You must have at least one Windows Server 2003 server on your network  You must also have the Perform Group Policy Modeling analyses permission for the domain or OU that contains the objects you want to query Using the Group Policy Management Wizard (3) (Skill 7)

62 10.62 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-26 2-level OU structure (Skill 7)

63 10.63 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-27 Domain Controller Selection (Skill 7)

64 10.64 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-28 User and Computer Selection (Skill 7)

65 10.65 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-29 Advanced Simulation Options (Skill 7)

66 10.66 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-30 User Security Groups (Skill 7)

67 10.67 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-31 Computer Security Groups (Skill 7)

68 10.68 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-32 WMI Filters for Users (Skill 7)

69 10.69 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-33 Summary of Selections (Skill 7)

70 10.70 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-34 User and Computer Selection (Skill 7)


Download ppt "10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure."

Similar presentations


Ads by Google