Presentation is loading. Please wait.

Presentation is loading. Please wait.

Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.

Published byHugo Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh."— Presentation transcript:

1 Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh Managing Windows Environments with Group Policy

2 © 2013 Global Knowledge Training LLC. All rights reserved. Section Objectives After completing this section, you will be able to: Use Group Policy Management tools Describe the advantages of using domain policies instead of local policies List the capabilities of the Group Policy Management Console Describe the requirements for installing the Group Policy Management Console Explain how to use the different GPMC features to create and manage policies Describe the elements of the gpupdate command 2-2

3 © 2013 Global Knowledge Training LLC. All rights reserved. Local vs. Domain Policies Pre-image setup Workgroup only computers Kiosk computers Roving laptops Domain Affect a large number of systems Centrally managed More secure Local PoliciesDomain Policies 2-3

4 © 2013 Global Knowledge Training LLC. All rights reserved. Editing Local Policies ToolsFeatures Gpedit.msc Simple to run Edits local policies only MMC.exe with the GPOE snap-in Edit local or remote policies Edit policies for computer or multiple local users or groups Save as for future use 2-4

5 © 2013 Global Knowledge Training LLC. All rights reserved. Using Gpedit.msc 2-5 Run GPEdit.msc on a local machine to edit the local policies only. Useful for stand-alone or workgroup based machines.

6 © 2013 Global Knowledge Training LLC. All rights reserved. Using MMC.exe with the GPOE Snap-in 2-6 Add the GPOE Snap-in to the MMC in order to modify the local policy for a specific user or group.

7 © 2013 Global Knowledge Training LLC. All rights reserved. Managing Domain Policies 2-7 Using the GPMC Other Group Policy Tools Creating Policies Editing Policies Configuring Values

8 © 2013 Global Knowledge Training LLC. All rights reserved. Using the GPMC 2-8 Understanding the Group Policy Management Console Installing the GPMC Opening the GPMC Using the GPMC from the Server Manager Configuring the GPMC Searching and Filtering

9 © 2013 Global Knowledge Training LLC. All rights reserved. Understanding the Group Policy Management Console Centralized policy management tool Provides the capabilities of many separate tools and adds new functionality: OU hierarchy view Policy editing RSoP Backup and restore of policies 2-9

10 © 2013 Global Knowledge Training LLC. All rights reserved. Installing the GPMC Windows Vista and later: Install the free RSAT download from Microsoft Open Control Panel, Programs and Features, Turn Windows Features On or Off Within the RSAT section enable the Group Policy Management Tools Windows Server 2008 and Later: Open the Server Manager Click Add roles and features Add the Group Policy Management feature 2-11

11 © 2013 Global Knowledge Training LLC. All rights reserved. Opening the GPMC Windows 7 or Windows Server 2008: Click Start, Administrative Tools, and Group Policy Management. Click Start, and type gpmc.msc in the Search box. Windows 8 or Windows Server 2012: On the Start screen, type gpmc.msc. On Windows Server 2012 or Windows 8 Client, in the Server Manager click Tools, Group Policy Management. 2-13

12 © 2013 Global Knowledge Training LLC. All rights reserved. Using the GPMC from the Server Manager 2-14 The Tools menu within the Server Manager contains a link to the GPMC.

13 © 2013 Global Knowledge Training LLC. All rights reserved. Configuring the GPMC 2-15 The domain that your are logged on to will already be selected by default. In a multi-domain environment Right-click the Domains node, then select Show Domains.

14 © 2013 Global Knowledge Training LLC. All rights reserved. Searching and Filtering Searching for GPOs Can be useful when dealing with a very large policy infrastructure. Filtering in the GPO Editor Thousands of Administrative Templates items are available. Filter to display only policies that are configured. Filter by keyword. Narrow the policy listing to make it more manageable. 2-16

15 © 2013 Global Knowledge Training LLC. All rights reserved. Searching for GPOs Use the Search feature to find specific GPOs. 2-17

16 © 2013 Global Knowledge Training LLC. All rights reserved. Filtering in the GPO Editor 2-19 Use the Filter option to limit the number of Administrative Templates that are displayed.

17 © 2013 Global Knowledge Training LLC. All rights reserved. Other Group Policy Tools Group Policy Management Editor Use to edit the policy values Gpupdate.exe and Invoke-GPUpdate Use to update policies ahead of the default refresh Gpresult.exe and Get-GPResultantSetOfPolicy Command-line tools for RSOP processing 2-20

18 © 2013 Global Knowledge Training LLC. All rights reserved. Creating Policies 2-21 All policies are stored in the Group Policy Objects container. They become active when they are linked to a Site, Domain or OU.

19 © 2013 Global Knowledge Training LLC. All rights reserved. Editing Policies 2-22 Computer and user configuration items Policies Administrative Templates Preferences

20 © 2013 Global Knowledge Training LLC. All rights reserved. Configuring Values 2-23 Most policies have three states: Not Configured Enabled Disabled

21 © 2013 Global Knowledge Training LLC. All rights reserved. Understanding Group Policy Refresh The default refresh interval for policy update is 90 to 120 minutes Several methods are available to update ahead of this scheduled interval Invoke-GPUpdate GPUpdate.exe Remote GPUpdate in the GPMC 2-24

22 © 2013 Global Knowledge Training LLC. All rights reserved. Invoke-GPUpdate Invoke-GPUpdate is used from PowerShell Can update the local or remote systems Updates can be scheduled up to 31 days in the future 2-25

23 © 2013 Global Knowledge Training LLC. All rights reserved. GPUpdate.exe GPUpdate without any options will update only the policies that have been modified Using the /force switch will cause GPUpdate to download ALL policies Use the /force switch only if necessary 2-26

24 © 2013 Global Knowledge Training LLC. All rights reserved. Remote GPUpdate in the GPMC Update all machines in a specific OU from within the GPMC The update is scheduled with a random delay 2-27

25 © 2013 Global Knowledge Training LLC. All rights reserved. Summary The advantages of using domain policies instead of local policies are: You can apply policies on a broad basis to large number of computers and users. This provides a central management capability that is not available when you configure policies locally. Policies that are configured through the domain cannot be overridden by local policy settings, so they are more secure. 2-29

26 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) Group Policy Tools 2-29 Group Policy ToolUse it to… Group Policy Management Console View and manage all the policies that exist in a given Active Directory forest Group Policy Management Editor View and modify all of the policy settings within a GPO Gpupdate.exeRemotely update GPOs Gpresult.exeDisplay all the policy settings that are active for a computer or user RSoP snap-inTroubleshoot the policies that are applied to computers or users

27 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) Desktop Policies 2-29 PolicyDescription Computer Configuration User Configuration Settings that apply only to the computer objects that are within the scope of the policy Settings that apply to the user objects that are within the scope of the policy Desktop Settings and Restrictions Include a wide range of desktop settings, from changing the aesthetic background logo to a complete lockdown of system Logon ScriptsPerform actions at logon; settings are now incorporated into Group Policy as individual configurable items Folder RedirectionProcess that stores the user’s personal My Documents files on a server instead of locally

28 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) Software Policies 2-29 PolicyDescription Distributing Software Packages Software Installation section within Group Policy is used to distribute software packages User Configuration and Computer Configuration sections of Group Policy are used to distribute software to user or computer, respectively Add/Remove Programs on Windows XP and Windows Server 2003 or from Programs and Features within Windows Vista and later are used by the end user to install published packages Restricting Access to Software Four types of SRPs (Path Rule, Network Zone Rule, Hash Rule, Certificate Rule) are used to prevent suspect software from running

29 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) Using the GPMC, you can perform most of the common Group Policy operations without having to switch between separate windows in separate Active Directory utilities. The GPMC also offers the following capabilities: OU hierarchy view Policy editing RSoP Backup and restore of policies Back up policy objects (and restore them if necessary) Import settings from one policy object as the basis for creating a new object View all the links for a specific policy object 2-29

30 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) The GPMC is included in the RSAT pack for Windows Vista and later. It is also included in Windows Server 2008 and later, but you must enable it. The GPMC requires Windows XP or later to run. It also requires the following: The computer on which you run GPMC must be a member of either a domain in the forest that you wish to administer, or a domain that has a trust with that forest. Windows 2000 Server domain controllers must run SP2 or higher. Windows 2000 Server domain controllers in a separate forest to which you connect must run SP3 or higher. 2-29

31 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) For Windows XP, GPMC also requires the following: Upgrade Windows XP to SP1 Microsoft.NET Framework Hotfix Q326469 (updates gpedit.dll to version 5.1.2600.1186) For Windows Vista and later, the GPMC also requires the following: Download and install the RSAT Pack for Windows Vista Enable the GPMC in the Control Panel 2-29

32 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) Four subnodes (Domains, Sites, Group Policy Modeling, and Group Policy Results) appear under the forest node. You can use the GPMC to: Show multiple domains in the console pane at the same time (right-click the Domains subnode) Connect to a different forest (right-click the top node [Group Policy Management] and select Add Forest) Show the context menu for each node (Actions menu) 2-29

33 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) GPMC has two features for searching and filtering: Search: Allows you to search on a per-domain or per- forest basis; specify a condition to search by or create a list of conditions Filter: Allows you to limit the number of Administrative Templates that are displayed; limit the display by managed items, configured items, commented items, keyword filtering, and requirements filtering 2-30

34 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) The Group Policy Update tool is a command-line tool that is used to remotely update GPOs. The elements of the gpupdate command are: /Target: {Computer | User}: Used to specify that only the user or computer policy settings that are updated will use this switch /Force: Reapplies the policy settings /Wait:value: Specifies how long the system should wait (in seconds) for the policy processing to complete /Logoff: Indicates that the user is logged off after the policy settings have been applied /Boot: Causes the system to reboot after the policy settings are applied 2-30

35 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check 1.What are the advantages of using domain policies instead of local policies? (Choose all that apply.) a.They are more secure. b.They provide a central management capability. c.They affect a large number of computers and users. d.They are helpful in a workgroup scenario when you cannot use local-based policies. 2-30

36 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 2.List the capabilities of the GPMC. Provides a view of the OU hierarchy Contains built-in policy editing Contains inherent RSoP views Provides backup and restore of policies 3.How is the GPMC installed on Windows 8? It is installed as part of the RSAT package that must be downloaded from Microsoft. 2-30

37 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 4.Briefly describe the following elements of the gpupdate command: /force: This switch reapplies the policy settings. By default, only the policy settings that have changed are applied. /logoff: This switch indicates that the user is logged off after the policy settings have been applied. 2-31

38 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 5.In which ways can you limit the display of Administrative Templates? (Choose all that apply.) a.Managed items b.Deleted items c.Commented items d.Keyword filtering 2-31

39 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 6.Describe each tool, feature, or policy used to manage group policies in the space provided. Group Policy Management Editor: Is used to view and modify all of the policy settings within a GPO. Gpupdate.exe: Is used to remotely update GPOs. Folder Redirection: A process that stores the user’s personal My Documents files on a server instead of locally. User Configuration and Computer Configuration sections of Group Policy: User configuration settings apply only to the computer objects that are within the scope of the policy. Computer configuration settings apply only to the user objects that are within the scope of the policy. 2-31

Download ppt "Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh."

Similar presentations

Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 12: Deploying and Managing Software with Group Policy.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 12: Deploying and Managing Software with Group Policy.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Using Group Policy Lesson 4. Skills Matrix Technology SkillObjective Domain SkillDomain # Creating and Understanding Group Policy Modeling and Group Policy.

Using Group Policy Lesson 4. Skills Matrix Technology SkillObjective Domain SkillDomain # Creating and Understanding Group Policy Modeling and Group Policy.

Similar presentations

Ads by Google