Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.

Published byShanon Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10."— Presentation transcript:

1 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10

2 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY2 FILTERING GROUP POLICY’S SCOPE  By default, settings flow from site to domain to OU.  Three ways to control Group Policy settings inheritance  Block Policy Inheritance:  Security filtering  WMI filters  By default, settings flow from site to domain to OU.  Three ways to control Group Policy settings inheritance  Block Policy Inheritance:  Security filtering  WMI filters

3 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY3 SECURITY FILTERING

4 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY4 WMI FILTERS  Windows Management Instrumentation (WMI)  Used for queries and filters concerning  Hardware  Software  Operating system type  Can be linked to multiple GPOs  Windows Management Instrumentation (WMI)  Used for queries and filters concerning  Hardware  Software  Operating system type  Can be linked to multiple GPOs

5 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY5 WMI FILTER EXAMPLES Table 10-1 WMI Filter Examples T T a a r r g g e e t t C C o o m m p p u u t t e e r r S S a a m m p p l l e e W W M M I I All computers that are running Windows XP Professional Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional" All computers that have more than 10 MB of availabledrive space on a C: NTFS partition Select * from Win32_LogicalDisk WHEREName= "C:" ANDDriveType = 3 ANDFreeSpace > 10485760 AND FileSystem = "NTFS" All computers with a modem installed Select * from Win32_POTSModem Where Name = "MyModem" F F i i l l t t e e r r S S t t r r i i n n g g

6 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY6 CREATING WMI FILTERS

7 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY7 GROUP POLICY MANAGEMENT CONSOLE (GPMC)  Free add-on tool that can be used to manage Group Policy. Installs on:  Windows XP with Service Pack 1  Any edition of Windows Server 2003  Can be used for:  Importing and copying GPO settings  Backing up and restoring of GPOs  Executing the Resultant Set of Policy (RSoP) snap-in  Generating HTML reports  Free add-on tool that can be used to manage Group Policy. Installs on:  Windows XP with Service Pack 1  Any edition of Windows Server 2003  Can be used for:  Importing and copying GPO settings  Backing up and restoring of GPOs  Executing the Resultant Set of Policy (RSoP) snap-in  Generating HTML reports

8 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY8 INSTALLING GPMC  GPMC is not on the Windows Server 2003 CD-ROM.  Can be downloaded for free from the Microsoft Web site.  In this course, gpmc.msi is on your supplemental CD-ROM.  Double-click the gpmc.msi file and run through the wizard.  Distribute through Group Policy.  GPMC is not on the Windows Server 2003 CD-ROM.  Can be downloaded for free from the Microsoft Web site.  In this course, gpmc.msi is on your supplemental CD-ROM.  Double-click the gpmc.msi file and run through the wizard.  Distribute through Group Policy.

9 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY9 GPMC CHANGES ACTIVE DIRECTORY USERS AND COMPUTERS

10 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY10 CREATING WMI FILTERS IN GPMC

11 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY11 LINKING WMI FILTERS

12 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY12 NAVIGATING WITH GROUP POLICY MANAGEMENT

13 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY13 INFORMATION DISPLAYED IN THE GPMC INTERFACE

14 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY14 DETERMINING AND TROUBLESHOOTING EFFECTIVE POLICY SETTINGS  Resultant Set Of Policy (RSoP) Wizard  Group Policy Results  Group Policy Modeling  Gpresult.exe command line tool  Resultant Set Of Policy (RSoP) Wizard  Group Policy Results  Group Policy Modeling  Gpresult.exe command line tool

15 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY15 RSOP LOGGING MODE

16 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY16 RSOP PLANNING MODE

17 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY17 GROUP POLICY MODELING IN GPMC

18 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY18 GROUP POLICY RESULTS

19 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY19 Gpresult.exe

20 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY20 DELEGATING GROUP POLICY ADMINISTRATIVE CONTROL  Creation of GPOs  Permissions on GPOs  Linking of GPOs  Use of Group Policy Modeling and Group Policy Results  Creation of WMI filters  WMI permissions  Creation of GPOs  Permissions on GPOs  Linking of GPOs  Use of Group Policy Modeling and Group Policy Results  Creation of WMI filters  WMI permissions

21 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY21 DELEGATING GPO CREATION

22 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY22 DELEGATING PERMISSIONS TO AN INDIVIDUAL GPO GPMC Individual GPO Permissions A A l l l l o o w w e e d d P P e e r r m m i i s s s s i i o o n n s s C C a a t t e e g g o o r r y y U U n n d d e e r r l l y y i i n n g g P P e e r r m m i i s s s s i i o o n n s s a a n n d d E E f f f f e e c c t t s s ReadAllows Read Access on the GPO. Edit settingsIncludes Read, Write, Create Child Objects, and Delete Child Objects. Edit, delete, and modify security Includes Read, Write, Create Child Objects, Delete Child Objects, Delete, Modify Permissions, and Modify Owner. Implies Full Control without the Apply Group Policy permission being set. Read (from Security Filtering) An automatic setting that appears when a user has Read and Apply Group Policy permissions to the GPO. CustomThese permissions include those set individually using the ACL editor for the GPO. The ACL editor is invoked by using the Advanced button and shows the Security tab contents for the GPO.

23 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY23 DELEGATING LINKING, MODELING, AND RESULTS

24 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY24 DELEGATING WMI FILTERING

25 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY25 PLANNING GROUP POLICY INTEGRATION  Create policies at the highest level possible.  Limit the number of GPOs created.  Create specialized GPOs for policies.  Disable unnecessary portions (user or computer).  Only apply GPOs to sites when settings are required on a site basis.  Create policies at the highest level possible.  Limit the number of GPOs created.  Create specialized GPOs for policies.  Disable unnecessary portions (user or computer).  Only apply GPOs to sites when settings are required on a site basis.

26 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY26 RECOMMENDATIONS ON GROUP POLICY INHERITANCE  Limit use of the following:  No Override  Block Policy Inheritance  Security filtering  Limit use of the following:  No Override  Block Policy Inheritance  Security filtering

27 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY27 PLANNING ADMINISTRATION AND IMPLEMENTATION OF GPOS  Determine which administrators will have policy delegation roles  Test policy settings  Document the plan  Determine which administrators will have policy delegation roles  Test policy settings  Document the plan

28 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY28 RESTORING DEFAULT SECURITY SETTINGS

29 Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY29 CHAPTER SUMMARY  Name two methods you can use to filter GPOs.  How many WMI filters can be applied to each GPO?  What can you do with GPMC?  What two modes are available in RSoP?  List ways in which you can delegate Group Policy control.  Name two methods you can use to filter GPOs.  How many WMI filters can be applied to each GPO?  What can you do with GPMC?  What two modes are available in RSoP?  List ways in which you can delegate Group Policy control.

Download ppt "11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10."

Similar presentations

Understanding Group Policy on Windows Server 2003.

Understanding Group Policy on Windows Server 2003.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK

Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Similar presentations

Ads by Google