Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.

Published byMartin Houston Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies."— Presentation transcript:

1 1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies

2 2 Publishing Resources in Active Directory Service Active Directory Holds information about network resources Helps users find users, equipment, or software on the network As an administrator, you must Securely and selectively publish resources, which include objects such as users, computers, printers, folders, files, and network services Make it easy for users to find what they need

3 3 Creating and Publishing Objects in the Active Directory Service You can create some objects in Active Directory, such as user and computer objects. Some objects are created automatically by Microsoft Windows 2000. All objects published in Active Directory have attributes that help users locate the resource represented by the object.

4 4 Publishing Shared Resources You can publish information about shared resources to help users find these resources on the network. Windows 2000 automatically creates and publishes network printer objects in Active Directory. To publish information about shared folders and pre–Windows 2000 printers, you can create objects manually by using Active Directory Users And Computers.

5 5 The New Object – Shared Folder Dialog Box

6 6 Publishing Folders and Printers Publishing a folder in Active Directory does not share it. You must first share the folder, and then you can publish it. A pre–Windows 2000 printer must be installed and shared before you can publish it in Active Directory.

7 7 Publishing Network Services You can publish network-enabled services so that administrators can find them and administer them regardless of which computer is providing the service. You use Active Directory Sites And Services to administer published services.

8 8 Categories of Service Information Binding information Publishing this information lets clients connect to services that do not have well-known bindings and that conform to a service-centric model. Configuration information Publishing this information lets you distribute current configuration information for these services to all clients in the domain. This information is accessed by client applications as needed.

9 9 Characteristics of Service Information Service information published in Active Directory is most effective when it is Useful to many clients Relatively stable and unchanging Well-defined, and has reasonable properties Use Active Directory Sites And Services to publish services.

10 10 Lesson Summary You can create Active Directory objects to represent shared folders on the network and place these objects in any container of the directory tree. Windows 2000 automatically creates printer objects in Active Directory. You can manually publish shared folders and pre–Windows 2000 printers by using Active Directory Users And Computers. You can publish services by using Active Directory Sites And Services.

11 11 Redirecting Folders Using Group Policies You can use the Folder Redirection extension in the Group Policy snap-in to redirect the folders containing a user's profile to an alternate location on the network. You can Redirect special folders based on group membership Redirect special folders for an entire site, domain, or organizational unit (OU) Control the redirection of the \My Pictures folder

12 12 Redirecting Folders You can redirect the following special folders: \Application Data \Desktop \My Documents \My Pictures \Start Menu The Folder Redirection extension is located under User Configuration\Windows Settings in the Group Policy snap-in.

13 13 The Folder Redirection Extension in the Group Policy Snap-In

14 14 Advantages of Redirecting Folders Even if users log on to various computers, their documents are always available to them. When roaming user profiles are used, the contents of the folder are not copied between the server and the client computer each time the user logs on. Regular backups of the folder are more manageable. Disk quotas can be used to limit the folder's size. You can redirect the user-specific data to a different hard disk from the disk holding the operating system files, to safeguard the user’s data.

15 15 Default Special Folder Locations Locations depend on the operating system that was in place prior to Windows 2000 installation. Operating SystemDefault Location of Special Folders  Windows 2000 new installation (no previous operating system), or  Windows 2000 upgrade of Microsoft Windows 95 or Microsoft Windows 98 with user profiles disabled \Documents and Settings (on the system drive, usually C:\Documents and Settings)  Windows 2000 upgrade of Microsoft Windows NT 4 or  Microsoft Windows NT 3.51 \Profiles (in the system root, such as C:\Winnt\Profiles)  Windows 2000 upgrade of Windows 95 or  Windows 98 with user profiles enabled \Profiles (in the system root, such as C:\Windows\System\Profiles)

16 16 Setting Up Folder Redirection There are two ways to implement folder redirection: Redirect special folders to a location based on users' security group membership. Redirect special folders to one location for everyone in the site, domain, or OU to which the group policy object (GPO) is applied. In addition, you can direct the \My Pictures folder to follow the redirection of the \My Documents folder.

17 17 Redirecting Folders Based on Group Membership To redirect special folders to a location based on users' security group membership, open and configure the GPO linked to the site, domain, or OU containing the users. The process includes configuring the properties of the folder you want to redirect, including specifying security group membership and a target folder location.

18 18 The Target Tab of the Properties Dialog Box

19 19 The Specify Group And Location Dialog Box

20 20 The Settings Tab of the Properties Dialog Box

21 21 Redirecting Folders to a Single Location To redirect special folders to one location for everyone in the site, domain, or OU, open and configure the GPO linked to the site, domain, or OU containing the users.

22 22 Configuring \My Pictures Redirection You can configure the \My Pictures folder so it will remain a subfolder of \My Documents, wherever \My Documents is redirected. To do this: 1. Open the GPO linked to the site, domain, or OU containing the users whose \My Pictures folder you want to redirect. 2. Then configure the properties of the \My Pictures folder to follow the \My Documents folder.

23 23 Policy Removal Considerations When you redirect a special folder, you specify Whether the contents of the special folder are to be moved to the new location Whether the folder will remain in place or be moved back to its original location if the GPO for the container is ever removed The default setting (Leave The Folder In The New Location When Policy Is Removed) is the best setting in most instances. This setting causes the special folder to remain at its redirected location, and the user continues to have access to its contents.

24 24 Lesson Summary Folder redirection is a feature of group policies that enables you to store the contents of users' special folders on network drives. You can redirect special folders based on group membership, or you can redirect the folders for all users in a site, domain, or OU to the same location. You can configure the \My Pictures folder to follow the \My Documents folder. Redirected folders can be configured to remain in place or to be moved back to their original locations when a GPO is removed.

25 25 Deploying Applications Using Group Policies The Software Installation extension snap-in is the administrator's primary tool for managing software within an organization. Other Microsoft Windows 2000 Server software installation and management tools are Windows Installer The Add/Remove Programs tool in Control Panel

26 26 The Software Installation Extension Snap-In Works with group policy and Active Directory Establishes a group policy–based software management system that enables you to centrally manage The initial deployment of software Upgrades, patches, fixes, and removal Two ways to centrally manage the software installation on client computers: Assigning applications to users or computers Publishing applications to users

27 27 Assigning Applications You assign required or mandatory applications to users or computers. When you assign an application to a user The application is advertised the next time the user logs on Windows 2000 installs the application the first time the user activates it on the computer, either from the Start menu or by loading a document associated with the application

28 28 Publishing Applications You publish applications to users that they might find useful to perform their jobs. When you publish an application to a user No shortcuts are placed on the user's desktop The application is not present in the Start menu There are two ways that the user can install the application: Load a file associated with the application. Install the application by using Add/Remove Programs.

29 29 How the Software Installation Extension Works The Software Installation extension snap-in uses Windows Installer technology to package, assign, and publish software. Windows Installer is a service that enables the operating system to manage the software installation process. Windows Installer consists of An operating system service The Windows Installer package An application programming interface (API)

30 30 Understanding Windows Installer Package Files The Windows Installer package Is a file with an.msi extension Contains instructions about installing and removing a specific application To use Software Installation to deploy software, the file must be one of the following types: Native Windows Installer package (.msi) Repackaged application (.msi) An existing setup program—a down-level application package (.zap) file

31 31 Customizing Windows Installer Packages You can customize Windows Installer applications by using modifications, also called transforms. You can transform the Windows Installer package by using authoring and repackaging tools. Some applications also provide wizards or templates that permit a user to create modifications.

32 32 Implementing Software Installation Tasks for installing software by using group policies: 1. Planning and preparing a software installation 2. Setting up a software distribution point 3. Specifying software installation defaults 4. Deploying software applications 5. Setting automatic installation options 6. Setting up application categories 7. Setting software application properties 8. Maintaining software applications

33 33 Planning and Preparing a Software Installation Begin by reviewing your organization's software requirements, Active Directory organizational structure, and available GPOs. With this information, you can determine how to deploy the software. Create a test environment to determine exactly how to assign or publish the software. Prepare the software using a format that enables you to manage it. Test all of the Windows Installer packages extensively.

34 34 Strategies for Software Deployment Using Group Policies Create OUs based on software management needs. Deploy software close to the root of your Active Directory domain. Deploy multiple applications with a single GPO. Publish or assign applications only once to a given group of users or computers. Specify application categories for your organization.

35 35 More Strategies for Software Deployment Using Group Policies Make sure Windows Installer packages include the modifications you publish or assign them. Take advantage of authoring tools. Repackage existing software. Use Microsoft Systems Management Server (SMS) and distributed file system (Dfs). Use Software Installation properties for broad control. Use Windows Installer package properties for fine control.

36 36 Setting Up a Software Distribution Point To set up a software distribution point: 1. On a file server, create shared folders for the software (these folders will function as the software distribution point). 2. Copy all of the software distribution components, including software packages, modifications, and other necessary files, to the software distribution point. 3. Set the appropriate permissions on the software distribution point folders. Only Administrators need both Read and Write access to the files. Users need only the Read permission.

37 37 Specifying Software Installation Defaults A GPO can contain several settings that affect how an application is installed, managed, and removed. You can globally define the default settings for the new software packages within the GPO by configuring the General tab of the Software Installation Properties dialog box.

38 38 The General Tab in the Software Installation Properties Dialog Box

39 39 Deploying Software Applications Consider the following for group policy installations: Whether you want the software to be automatically installed for the user, or want the user to install or trigger an installation of the software Whether you want the user to be able to remove the software The type of installation file you plan to use

40 40 Assigning Applications Assign an application when you want all of your users to have the application installed on their computers. An application can be assigned to both computers and users. To assign an application: 1. Open the Group Policy snap-in, open Software Settings, right-click the Software Installation node, point to New, and then click Package. 2. Select the package to be assigned, click Open, and then select Assigned.

41 41 The Deploy Software Dialog Box

42 42 Publishing Applications Publish an application when you want it to be available to users managed by the GPO, if they want it. You can publish applications to users only. To publish an application: 1. Open the Group Policy snap-in. 2. Under User Configuration, open Software Settings, right-click the Software Installation node, point to New, and then click Package. 3. Select the package to be published, click Open, and then select Published.

43 43 Deploying Applications with Modifications You associate modifications with a Windows Installer package at deployment. You must set the order for modifications to be applied before the application is assigned or published. Modifications (.mst files) are applied to the Windows Installer package (with the.msi extension) in the order you set. To add or remove modifications for applications, use the Modifications tab in the Properties dialog box for the package.

44 44 The Modifications Tab in the Properties Dialog Box of a Package

45 45 Setting Automatic Installation Options You can determine which application is automatically installed when a user loads a data file by selecting a file extension and configuring a priority for installing applications associated with that file extension. File extensions are managed on a per-GPO basis. Use the File Extensions tab in the Software Installation Properties dialog box to configure application order.

46 46 The File Extensions Tab in the Software Installation Properties Dialog Box

47 47 Setting Up Application Categories Logical, intuitive categories help users find the appropriate application in the Add/Remove Programs tool. Windows 2000 does not provide predefined categories. Categories are set up on a per-domain (not per-GPO) basis. Use the Categories tab in the Software Installation Properties dialog box to set up categories for managing applications.

48 48 The Categories Tab in the Software Installation Properties Dialog Box

49 49 Setting Software Application Properties You can fine-tune each application by Editing its installation options Specifying the application category it should use Setting permissions for the software installation

50 50 Editing Installation Options for Applications Installation options affect how an application is installed, managed, and removed. Even if you have globally defined default settings for new packages within a GPO, you can change some of these settings by editing the package properties. To edit installation options for an application, in the Software Installation node of the Group Policy snap-in, configure settings in the Deployment tab in the Properties dialog box of the application.

51 51 The Deployment Tab in the Properties Dialog Box of an Application

52 52 Specifying Application Categories Associate applications with categories to control how they appear in Add/Remove Programs on the user's computer. To specify the category for an application, in the Software Installation node of the Group Policy snap-in, configure settings in the Categories tab in the Properties dialog box of the application.

53 53 Setting Permissions for Software Installation Permissions set for software installations pertain only to the installation of the application, not its execution. To set software installation permissions, in the Software Installation node of the Group Policy snap-in, configure settings in the Security tab in the Properties dialog box of the application. Administrators need the Full Control permission set to Allow. Users should have the Read permission set to Allow.

54 54 Upgrading Applications An application upgrade usually contains several changed files. Once you assign or publish the upgrade as a package, you can use the Software Installation snap-in, in conjunction with group policy and Active Directory, to upgrade an existing application to the current release.

55 55 The Add Upgrade Package Dialog Box

56 56 Removing Applications The Software Installation snap-in has configuration settings that enable you to respond to two common scenarios: A version of a software application is no longer supported: allow users who have installed this software to continue using the application, but prevent its future installation by all other users. A software application is no longer used: force the removal of the software the next time a user logs on or restarts the computer.

57 57 Lesson Summary The Software Installation extension snap-in of the Group Policy snap-in enables you to centrally deploy applications and upgrades to users and computers on your network. You deploy applications using group policies by supplying users and computers with Windows Installer package files (.msi files), which can be supplied by the application's manufacturer or created by a third party. You can assign an application to a user or computer. You can publish an application only to a user.

Download ppt "1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies."

Similar presentations

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Performing Software Installation with Group Policy

Performing Software Installation with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

Similar presentations

Ads by Google