Presentation is loading. Please wait.

Presentation is loading. Please wait.

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

Published byRosa Hill Modified over 8 years ago

Similar presentations

Presentation on theme: "Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows."— Presentation transcript:

1 Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows Vista New Group Policy Features Introduced with Windows Server 2008 R2 and Windows 7 New Group Policy Features in Windows Server 2012 and Windows 8 Client Managing Windows Environments with Group Policy

2 © 2013 Global Knowledge Training LLC. All rights reserved. Section Objectives After completing this section, you will be able to: Define Group Policy List the ways you can use Group Policy Describe the tools, features, and policies you can use to manage group policies Describe the new Group Policy features available in the latest versions of Windows 1-2

3 © 2013 Global Knowledge Training LLC. All rights reserved. What Is Group Policy? Group Policy is built on the Active Directory structure Desktop settings and restrictions Security policies Folder redirection Software deployment Software restrictions Logon scripts Group Policy controls: 1-3

4 © 2013 Global Knowledge Training LLC. All rights reserved. Desktop Settings and Restrictions Configure standardized settings for the desktop environment Screen saver Desktop background Shortcuts to Applications Configure desktop restrictions to reduce support calls Lock the taskbar Prevent access to control panel apps Restrict or hide Start screen/menu items 1-4

5 © 2013 Global Knowledge Training LLC. All rights reserved. Security Policies Password Policy Account Lockout Policy Audit Policy and Advanced Audit Policies User Rights Assignment Security Options Event Log Restricted Groups System Services File System Windows Firewall with Advanced Security 1-5

6 © 2013 Global Knowledge Training LLC. All rights reserved. Folder Redirection Use Folder Redirection to store the user’s personal documents on a server instead of locally 1-5 AppData(Roaming)Favorites DesktopContacts Start MenuDownloads DocumentsLinks Pictures Searches MusicSaved Games Videos

7 © 2013 Global Knowledge Training LLC. All rights reserved. Software Deployment Myapp.msi Distribute MSI packages to the Computer or User Configure as Assigned or Published 1-6

8 © 2013 Global Knowledge Training LLC. All rights reserved. Software Restrictions Software Restriction Policies Compatible with Windows XP and later Are more difficult to configure for large numbers of files AppLocker Policies Compatible with Windows 7 and later Can be created by scanning a folder structure Can use wild-card values to restrict or allow access 1-7

9 © 2013 Global Knowledge Training LLC. All rights reserved. Logon Scripts Computer scripts Startup script Shutdown script User scripts Logon script Logoff script Scripts can be written as: Executables VBScript, JavaScript, Perl scripts Powershell scripts 1-8

10 © 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Scenarios 1-9 Scenario Prevent changes to the desktop environment Enforce an Audit policy for servers Maintain user documents on a central server Assign a software package to many computers Prevent users from running unauthorized code Map a drive letter to a server resource Solution Use desktop restriction policy settings Use security policies Use Folder Redirection Create a software deployment policy Use a software restriction policy Create a login script in a policy

11 © 2013 Global Knowledge Training LLC. All rights reserved. New Group Policy Features Introduced with Windows Server 2008 and Windows Vista 1-10 Group Policy Management Editor Enhancements Group Policy Service Changes New GPO Settings

12 © 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Management Editor Enhancements New Feature Description New format for ADMX (Administrative Templates) XML format Starter GPO Templates for GPO creation Comments for GPOs Ability to add custom comments to GPOs GPO filtered view Ability to sort or limit the display of policies GPMC Now the default Group Policy tool 1-11

13 © 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Service Changes New Group Policy service Restarts and logoff/logon not required Local Group Policy enhancements Multiple local GPOs Network location awareness No longer relies on ICMP Ability to sort or limit the display of policies 1-12

14 © 2013 Global Knowledge Training LLC. All rights reserved. New GPO Settings New Hundreds of new policy settings have been added: New power management options Block device driver installation Windows Firewall with Advanced Security options New Windows Internet Explorer options Location-Based printer installation Printer driver installation for non-administrators 1-13

15 © 2013 Global Knowledge Training LLC. All rights reserved. New Group Policy Features Introduced with Windows Server 2008 R2 and Windows 7 1-15 Windows PowerShell Cmdlets Group Policy Preferences Starter GPOs Administrative Template Settings AppLocker

16 © 2013 Global Knowledge Training LLC. All rights reserved. New Group Policy Features in Windows Server 2012 and Windows 8 Client 1-16 Remote Update from the GPMC PowerShell Invoke-GPUpdate Group Policy Infrastructure Status Policy Error Links in RSOP Results Hundreds of New GPO Items

17 © 2013 Global Knowledge Training LLC. All rights reserved. Summary Group Policy is a mechanism for applying computer and user settings to one or many computers throughout an Active Directory environment. Use Group Policy to: Prevent changes to the desktop environment Enforce an Audit policy for servers Maintain user documents on a central server Assign a software package to many computers Prevent users from running unauthorized code Map a drive letter to a server resource 1-18

18 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) New Group Policy features in Windows Server 2008 and Windows Vista 1-18 FeatureDescription Group Policy Management Editor Enhancements New format for ADMX: Based on XML file format; new GPO tools can read ADM and ADMX files Starter GPO: Creates a template of GPO settings that you can reuse Comments for GPOs: Add custom comments to GPOs GPO filter view: Displays settings in a variety of ways, including sort view or filtered view GPMC: Standard tool for managing group policies Group Policy Service Changes Group Policy service: Runs as a service of its own Local Group Policy enhancements: Create multiple GPOs for the local computer Network location awareness: Group Policy now uses event detection and event notification and provides faster startup times when group policies are applied

19 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) New Group Policy features in Windows Server 2008 and Windows Vista (cont.) 1-19 FeatureDescription New GPO Settings New power management options: Set central standard for power management settings Block device driver installation: Settings are now more granular; can block or allow device driver installation down to a specific PnP hardware identifier; can block installation of removable media devices; can customize a balloon tip message when installation is prevented Windows Firewall with Advanced Security options: With a new interface you can easily create outbound filters; IPSec functionality has been integrated directly into the Windows Firewall interface New Internet Explorer options: Most new Windows Internet Explorer settings are now configurable through Group Policy; can centrally define homes pages, security settings, history retention, etc. Printer installation: Location-based printer installation (shared printer connections are automatically available to computer or user side of the GPO); printer driver installation for non-administrators (installation of printer device drivers now occurs in the background with elevated privileges)

20 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) New Group Policy features in Windows Server 2008 R2 and Windows 7 1-20 FeatureDescription Windows PowerShell cmdlets Manage Group Policy from Windows PowerShell and run Windows PowerShell scripts during logon and startup; cmdlets allow GPO configuration from command line and for automation Group Policy Preferences Additional types of GPO preference items were added Starter GPOsNew default Starter GPOs were added to the GPMC interface Administrative Template Settings New user interface and additional policy settings were added; Administrative Templates section was augmented with new settings and an editor window that is easier to navigate AppLockerA new mechanism for restricting access to software that is only supported by Windows Server 2008 R2 and Windows 7; supports wildcards for version numbering, allowing a single policy to restrict multiple versions of a file; can restrict by user name or group

21 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check 1.What is Group Policy used for? (Choose all that apply.) a.To configure desktop settings b.To deploy software c.To enforce security policies d.To run logon scripts 2.What is Group Policy? It is a mechanism for applying computer and user settings to one or many computers throughout an Active Directory environment. 1-20

22 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 3.Match each Group Policy feature with its correct description. 1-23 Group Policy FeatureDescription GPMCA.A tool used to create inbound and outbound firewall policies. IPSec functionality has been integrated directly into the interface. Windows Firewall with Advanced Security B.These allow GPO configuration from the command line and for automation. AppLockerC.These set the central standard for power management settings. Windows PowerShell cmdlets D.A standard tool used to manage group policies. Power management options E.A new mechanism for restricting access to software that is only supported by Windows Server 2008 R2 and Windows 7; supports wildcards for version numbering, allowing a single policy to restrict multiple versions of a file; can restrict by user name or group. A D E B C

Download ppt "Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows."

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.

NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Group Policy in Microsoft Windows Active Directory.

Group Policy in Microsoft Windows Active Directory.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
GROUP POLICY An overview of Microsoft Windows Group Policy.

GROUP POLICY An overview of Microsoft Windows Group Policy.

Similar presentations

Ads by Google