Presentation is loading. Please wait.

Presentation is loading. Please wait.

Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment."— Presentation transcript:

1 Clyde G. Johnson

2  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment

3  Mine is built in VMware Workstation ◦ Windows 2003 domain controller / file server ◦ Windows XP client ◦ Windows 7 client  Windows 2003 Domain / forest  Used GPMC scripts to import my environment  Isolated from production network

4  RSAT ◦ Installs WS2008R2 administration tools on Windows 7 computers for remote management ◦ Enables GUI-based remote management for full server and server core installations ◦ Download  GPMC ◦ Part of Windows 7 and 2008 R2  Security Compliance Manager

5  Install RSAT  Install GMPC  Show SCM ◦ Export as spreadsheet ◦ Export as GPO

6  Centralized Repository for ADMX Files  One-time creation and population of central store per domain  Replicated to all domain controllers  Helps prevent “GPO bloat”  Contains all ADMX templates including Office 2010 and IE 8.0  Located in Sysvol (case sensitive)  [sysvol]\ \policies\PolicyDefinitions

7  Sample

8  It’s a “good thing” if you: Test -> Stage -> Test -> Deploy -> Validate  For significant functional changes, consider a pilot. ◦ Don’t limit the pilot to just IT Staff – they often know how to workaround/resolve issues!  Some GPMC features are specifically focused on testing/staging/piloting/deploying GPOs ◦ Group Policy Modeling (more elegant face on RSoP Planning) ◦ Backup/Copy/Import (including migration tables) ◦ Specific “sample” scripts - particularly CreateXMLFromEnvironment and CreateEnvironmentFromXML (optionally include users and groups) ◦ Documentation: HTML or XML Reports

9  Start small and build… ◦ Security (SCM) ◦ Firewall ◦ Folder Redirection ◦ OS / Application Configuration ◦ IE Maintenance ◦ Software Installation ◦ Segregate and congregate

10 1. Per Group Policy Object (GPO) 2. Per Group Policy setting 3. Per Group Policy Preference (GPP) Item 1. 2. 3.

11  Administrative Log  Applications and services log  XML Based event logs  New Tools - GPOLogView

12 LGPO’s LGPO Admin User User Specified Group Policy Admin/Non-Admin Group Policy Local Computer Policy Multple local GPO’s

13  Folder Redirection  Offline Files (encrypted) – Mobile only

14  Do not pre-create folders (ACL issues)  Do not redirect Application Data folder (particularly if logged on from multiple computers): ◦ Exclusive locks ◦ Absolute paths ◦ Network latency  You cannot redirect to a mapped drive (folder redirection occurs before mapping of drives)

15  25 PowerShell cmdlets for Group Policy scripting GPO operations: creation, removal, backup, and import GPO link operations: creation, update, and removal Setting inheritance flags and permissions on Active Directory organizational units (OUs) and domains GPO Settings: Creating, update, retrieval, removal ◦ Only registry-based policy settings (Administrative Templates) GPP Settings: Creating, update, retrieval, removal ◦ No Item-Level Targeting Starter GPOs operations: creation and update

16 Backup-GPO –all –path ‘C:\BackupFiles\’ Backup all GPO’s in current domain to directory Get-GPResultantSetofPolicy -ReportType - html -Path D:\ConfigDocuments\Reports\ Get RSoP for local computer and logged on user in html form Copy-GPO -SourceName TestGpo1 - SourceDomain test.contoso.com TargetName TestGpo1 -TargetDomain sales.contoso.com Copy a GPO across domains Set-GPRegistryValue -Name "TestGPO" -key "HKCU\Software\Policies\Microsoft\ExampleKey" - ValueName "ValueOne", "ValueTwo", "ValueThree" - Type String -Value "String 1", "String 2", "String 3" Configure a registry key to policy with a set of values

17 PowerShell Scripts supported in GPO Startup/Shutdown & Logon/Logoff scripts By default, Windows PowerShell scripts run after non-Windows PowerShell scripts

18  Group Policy TechNet page http://www.microsoft.com/technet/grouppolicy http://www.microsoft.com/technet/grouppolicy  Group Policy Wiki http://grouppolicy.editme.com  Group Policy Team Blog http://blogs.technet.com/grouppolicy http://blogs.technet.com/grouppolicy  Group Policy Settings Reference http://go.microsoft.com/fwlink/?LinkID=131389 http://go.microsoft.com/fwlink/?LinkID=131389  Remote Server Administration Tools (RSAT) http://www.microsoft.com/downloads/en/details.aspx?Famil yID=7d2f6ad7-656b-4313-a005-4e344e43997d

19 New UI: More intuitive, integrated help content, no more tabs Support for: ◦ REG_MultiSZ ◦ REG_QWORD Easier to use authoring experience Support for more data types

20 www.microsoft.com/teched Sessions On-Demand & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification & Training Resources

Download ppt "Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Clyde G. Johnson.  Preference?  Overview  Targeting  Settings  Things to know  GPP Scenarios.

Clyde G. Johnson.  Preference?  Overview  Targeting  Settings  Things to know  GPP Scenarios.
Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.

Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.
NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.

NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.
Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter
Understanding Group Policy on Windows Server 2003.

Understanding Group Policy on Windows Server 2003.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Michael Kleef Program Manager Microsoft Session Code: WSV326.

Michael Kleef Program Manager Microsoft Session Code: WSV326.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Lesson 16: Creating Group Policy Objects

Lesson 16: Creating Group Policy Objects
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Group Policy – Tips, Tricks and Best Practices

Group Policy – Tips, Tricks and Best Practices
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.

Similar presentations

Ads by Google