Presentation is loading. Please wait.

Presentation is loading. Please wait.

Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.

Published byLeo Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode."— Presentation transcript:

1 Administering Group Policy Chapter Eleven

2 Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode  Troubleshoot Group Policy application deployment issues  Troubleshoot the application of Group Policy security settings  Redirect folders using Group Policy

3 In this Chapter:  Managing Group Policy with RSoP  Managing Special Folders with Group Policy  Troubleshooting Group Policy

4 To Complete this Chapter:  As outlined on pate 11-2

5 Understanding RSoP  Resultant Set of Policy (RSoP)  RSoP is the sum of the group policies applied to a user or computer.  RSoP is the sum of the policies applied to a user or computer, including the application of filters, such as through security groups and Windows Management Instrumentation (WMI), and exceptions, such as No Override and Block Policy Inheritance.

6 Generating RSoP Queries  The Resultant Set Of Policy Wizard uses existing GPO settings to report the effects of GPOs on users and computers.  Resultant Set Of Policy Wizard uses two modes : Logging mode Planning mode

7 Logging Mode  RSoP Logging mode enables you to review existing GPO settings, software installation applications, and security for a computer account or a user account Use Logging mode to  Find failed or overwritten policy settings  See how security groups affect policy settings  Find out how local policy is affecting group policies

8 Planning Mode  Using RSoP Planning mode, you can poll existing GPOs for policy settings, software installation applications, and security, and you can use WMI filter queries to read hardware and software properties.

9 Planning mode  Use Planning mode in the following situations: You want to test policy precedence in cases where…  The user and the computer are in different security groups  The user and the computer are in different OUs  The user or the computer is moving to a new location. You want to simulate a slow link You want to simulate loopback.

10 RSoP Planning Mode Options  Slow-network connection This option simulates a slow connection.  Loopback processing This option simulates enabling of the GPO setting User Group Policy Loopback Processing Mode, located in Computer Configuration, Administrative Templates, System, Group Policy.  can be set to Merge or Replace

11 RSoP Planning Mode Options  Site name This option simulates the application of alternate subnets for startup or logging on, enabling you to predict the RSoP if the subnet is changed.  Alternate user and computer locations This option simulates the application of alternate locations for both users and computers, enabling you to predict the RSoP if the user and/or computer is moved.

12 RSoP Planning Mode Options  Alternate user and computer security groups This option simulates the application of alternate security groups to both computer and user configurations, enabling you to predict the RSoP using security groups to filter GPO scope.

13 RSoP Planning Mode Options  WMI filters for users and computers This option simulates the use of WMI filters to help define the policy settings that are applied, enabling you to predict the RSoP using WMI queries to filter GPO scope.

14 Exam Tip  Make sure you understand the differences between using RSoP in Logging mode and in Planning mode.

15 Creating RSoP Queries  Mode Selection: Logging mode Planning mode

16 Creating RSoP Queries  Computer Selection: This computer Another computer

17 Creating RSoP Queries  User Selection: Current user Select a specific user

18 Creating RSoP Queries  Summary of Selections

19 RSoP Wizard  User and Computer Selection:

20 RSoP Wizard  Advanced Simulations Options:

21 RSoP Wizard  Alternate Active Directory Paths:

22 RSoP Wizard  User Security Groups:  Computer Security:

23 RSoP Wizard  WMI Filters for Users: All linked filters Only these filters

24 RSoP Wizard  Summary of Selections

25 Saving and Viewing RSoP Queries  Steps on pages 14 – 15.

26 Administrative Templates Results  Computer Configuration Properties filtering status  Displaying filtering status

27 Administrative Templates Results  Computer Configuration Properties Scope management  Displaying Scope management

28 Administrative Templates Results  Computer Configuration Properties Revision information  Displaying Revision information

29 Gpresult Command-Line Tool  Gpresult provides general information about the operating system, user, and computer.

30 Gpresult Command-Line Tool  Gpresult provides the following information about Group Policy: The last time Group Policy was applied and the domain controller that applied policy—for the user and for the computer The complete list of applied GPOs and their details, including a summary of the extensions that each GPO contains Registry settings that are applied and their details Folders that are redirected and their details Software management information, including details about assigned and published applications Disk quota information Internet Protocol (IP) security settings Scripts

31 Gpresult Command Parameters  Gpresult has the following syntax: gpresult [/s computer [/u domain\user /p password]] [/user username] [/scope {user|computer}] [/v] [/z]  Note table 11-4  Examples on page 11-21

32 Advanced System Information–Policy Tool  The Advanced System Information–Policy tool enables you to create an RSoP query and view the results in an HTML report that appears in the Help And Support Center window.  This report can be printed, and it can be saved to an.htm file.

33 Advanced System Information–Policy Tool  The report generated displays policy-related information for the following categories: Computer name, associated domain, and current site User name and associated domain Applied GPOs for the computer and user Security group memberships for the computer and user Microsoft Internet Explorer settings Scripts: logon, logoff, startup, shutdown Security settings Programs installed Folder redirection Registry settings

34 Advance System Information

35 Delegating Control of RSoP  Permission for generating an RSoP query is set for the domain or OU by selecting one of the Generate Resultant Set Of Policy Planning options in the Delegation Of Authority Wizard.  You must be a member of the Enterprise Administrators group to delegate RSoP control at the domain and site level

36 Practice:  Generating RSoP Queries Exercise 1: Creating an RSoP Query with the Resultant Set Of Policy Wizard Logging Mode  Page 11-24 Exercise 2: Creating an RSoP Query with the Gpresult Command-Line Tool Exercise 3: Creating an RSoP Query with the Advanced System Information– Policy Tool  Page 11-25

37 Managing Special Folders with Group Policy  Two ways to set up folder redirection: 1. One location for everyone in the site, domain, or OU 2. A location according to security group membership  Folder Redirection  Offline Folder

38 Folder Redirection  You redirect users’ folders to provide a centralized location for key Microsoft Windows XP Professional folders on a server or servers.

39 Special Folders To Be Redirected:  Application Data  Desktop  My Documents  My Pictures  Start Menu

40 Advantages of Redirecting Folders  Documents are always available  When roaming user profiles are used, only the network path to the My Documents folder is part of the roaming user profile, not the My Documents folder itself.  Offline File technology provides users with access to My Documents even when they are not connected to the network

41 Advantages of Redirecting Folders  Data stored on a shared network server can be backed up as part of routine system administration  The system administrator can use Group Policy to set disk quotas, limiting the amount of space taken up by users’ special folders  Data specific to a user can be redirected to a different hard disk on the user’s local computer from the hard disk holding the operating system files.

42 Redirecting My Documents to Home Folders  When you redirect My Documents to a user’s home folder, the system assumes that the administrator has set the following items correctly: Security Ownership Home directory property on the user object

43 Default Special Folder Locations  Note table 11-5

44 Setting Up Folder Redirection  Two ways to set up folder redirection: Redirect special folders to one location for everyone in the site, domain, or OU. Redirect special folders to a location according to security group membership. Follow the steps on pages 30 – 37

45 Exam Tip  Be sure you know the two ways to set up folder redirection.

46 Policy Removal Considerations  Note table 11-6 page 11-38

47 Folder Redirection and Offline Files  The Offline Files feature provides users with access to redirected folders even when they are not connected to the network.  Offline Files caches files accessed through folder redirection onto the hard drive of the local computer.  When a user accesses a file in a redirected folder, the file is accessed and modified locally.  When a user has finished working with the file and has logged off, only then does the file traverse the network for storage on the server.

48 Folder Redirection Best Practices Allow the system to create the folders Use fully qualified UNC paths, for example: \\servername\sharename Accept defaults Place the My Pictures folder in the My Documents folder Consider what will happen if the policy is removed Do not redirect My Documents to the home folder unless you have already deployed home directories in your organization Enable Offline Files

49 Practice:  Managing Special Folders Exercise 1: Setting Up Folder Redirection Exercise 2: Setting Up Offline Files  Page 11-47

50 Troubleshooting Group Policy  Troubleshooting Group Policy involves using the Resultant Set Of Policy Wizard, the Gpresult and Gpupdate command-line tools, the Event Viewer, and log files to solve policy-related problems.

51 Tools include:  Resultant Set Of Policy Wizard and Gpresult  Gpupdate  Event Viewer To enable verbose logging for the event log, complete the steps on page 11-52  Log Files

52 Group Policy Troubleshooting Scenarios  Pages 54 - 57

53 Summary  Case Scenario Exercise Pages 59 – 60.  Troubleshooting Lab Pages 60 - 64  Exam Highlights Key points Key terms  Page 65

Download ppt "Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode."

Similar presentations

Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Lesson 16: Creating Group Policy Objects

Lesson 16: Creating Group Policy Objects
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK

Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.

1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Similar presentations

Ads by Google