Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Server 2003 群組原則設定與管理 林寶森

Published byMaryann Davidson Modified over 8 years ago

Similar presentations

Presentation on theme: "Windows Server 2003 群組原則設定與管理 林寶森"— Presentation transcript:

1 Windows Server 2003 群組原則設定與管理 林寶森 jeffl@ms11.hinet.net

2 Introduction to Group Policy Group Policy Enables You to: –Set centralized and decentralized policies –Ensure users have their required environments –Lower total cost of ownership by controlling user and computer environments –Enforce corporate policies Site Domain OU Windows Applies Settings Continually Users Computers Administrator Sets Group Policy Once Group Policy

3 Group Policy Settings IntelliMirror Technology Establish Enforceable Configurations Specify Settings for:AdministrativeTemplatesAdministrativeTemplatesSecuritySecurity SoftwareInstallationSoftwareInstallation ScriptsScripts Folder Redirection Registry-based policy settings Options for local, domain, and network security Central management of software installation Startup, shutdown, logon, and logoff scripts Store users’ folders on the network

4 What Are User and Computer Configuration Settings? Group Policy settings for users: –Desktop settings –Software settings –Windows settings –Security settings Group Policy settings for computers: –Desktop behavior –Software settings –Windows settings –Security settings

5 When Is Group Policy Applied? Computer starts Computer settings applied Startup scripts run Computer settings applied Startup scripts run Refresh Interval User logs on User settings applied Logon scripts run User settings applied Logon scripts run Refresh Interval The GetGPOList Function Executes on the Client Computer During:

6 GPO Components Contains Group Policy settings Stores content in two locations Group Policy Object Stored in shared SYSVOL folder Provides Group Policy settings Stored in shared SYSVOL folder Provides Group Policy settings Group Policy Template Stored in Active Directory Provides version information Stored in Active Directory Provides version information Group Policy Container

7 What Is a GPO Link? Organizational Unit GPO Site GPO Domain GPO Site Domain OU

8 Group Policy Objects and Active Directory Containers GPO Settings Affect User and Computer Objects Within Sites, Domains, and OUs to Which a GPO Is Linked –You can link one GPO to multiple sites, domains, or OUs –You can link multiple GPOs to one site, domain, or OU You Cannot Link GPOs to Default Active Directory Containers Site Domain OU OU GPO Site GPO Domain GPO

9 Group Policy Inheritance Windows 2003 Applies GPO Settings in a Specific Order Child Containers Inherit GPO Settings from Parent Containers Domain OU Site GPO Computers Users Payroll Domain Domain GPO

10 What Is Local Group Policy?

11 Tools Used to Create GPOs Default Group Policy tools –Active Directory Users and Computers Domain and organizational unit GPOs –Active Directory Sites and Services Site GPOs –Local Security Policy Local computer security settings Add-in tools –Group Policy Management Domain, organizational unit, and site GPOs

12 Creating a Group Policy Object dsa - [Active Directory Users and Computers] Console Window Help Active View Active Directory Samerica1.contoso. Builtin Computers Domain Controllers Ohio Users Accounting Delegate control… Add members to a Group Move... Find…. New All Tasks View New Window from Here Delete Rename Refresh Export List… Properties Help Delegate control… Add members to a Group Move... Find…. New All Tasks View New Window from Here Delete Rename Refresh Export List… Properties Help Properties Accounting Properties GeneralManaged By Group Policy Current Group Policy Object Links for Account Group Policy Object Links No OverrideDisabled Group Policy Objects higher in the list have the highest priority. This list obtained from the primary domain controller. NewAdd...Edit Options...Delete...Properties Block Policy inheritance OKCancel Apply UpUp UpUp Down New Properties

13 Examining the Group Policy Interface Group Policy Editor ActionView TreeName Default Domain Policy [London.conto Computer configuration Software Settings Windows Settings Administrative Templates User Configuration Software Settings Windows Settings Administrative Templates Computer Configuration User Configuration

14 What Are Disabled and Enabled Group Policy Settings? Enable / Disable Multi-valued settings

15 What Is GPO Management?

16 What Is Group Policy Reporting?

17 What Is a Copy Operation? A copy of a GPO transfers only the settings within a GPO The new GPO is created unlinked A copy of a GPO transfers only the settings within a GPO The new GPO is created unlinked DACL User 1 GPO1 Read Full Control DACL User 1 GPO2 Read Full Control Copy Operation

18 What Is a Backup Operation? In a backup operation, Group Policy Management export all data in the GPO to the selected file and saves the GPT files Backup Operation Backup of a GPO Backup of a GPO GPO1

19 What Is a Restore Operation? In a restore operation, the contents of the GPO are returned to exactly the same state Restore Operation GPO1 Backed-up GPO GPO1

20 What Is an Import Operation? In an import operation, all GPO settings are copied from the source to the target GPO GPO1 Import Operation GPO2 GPO Settings GPO Settings

21 What Are Administrative Templates? Administrative Template Settings Modify Registry Settings That Control User Environments Settings Modify Registry Settings in the Registry Subtrees –HKEY_LOCAL_MACHINE for computer settings –HKEY_CURRENT_USER for user settings If a GPO No Longer Applies, Policy Settings Are Removed Windows 2003 Applies Both Group Policy and Local Default-Registry Settings Unless There Is a Conflict Use administrative template (.adm) files to control the user environment of client computers Windows XP Service Pack 2 administrative templates: –system.adm, inetres.adm, conf.adm, wmplayer.adm, wuau.adm

22 How Computers Apply Administrative Template Settings GPO List 11 Client computer starts or user logs on, retrieves a list of GPOs that apply Client computer connects to SYSVOL and locates the Registry.pol files Sysvol Registry.pol GPT 22 Client computer writes to the registry subtrees (HKLM or HKCU) Registry.pol HKCU Registry.pol HKLM 33 Logon dialog box (for computer) or the desktop (for user) appears4

23 What Is a Security Policy?

24 What Are Security Templates? TemplateDescription Default Security (Setup security.inf) Specifies default security settings Domain Controller Default Security (DC security.inf) Specifies default security settings updated from Setup security.inf for a domain controller Compatible (Compatws.inf) Modifies permissions and registry settings for the Users group to enable maximum application compatibility Secure (Securedc.inf and Securews.inf) Enhances security settings that are least likely to impact application compatibility Highly Secure (Hisecdc.inf and Hisecws.inf) Increases the restrictions on security settings System Root Security (Rootsec.inf) Specifies permissions for the root of the system drive

25 What Are Security Template Settings? Security Template: Setup Security Sample of Settings

Download ppt "Windows Server 2003 群組原則設定與管理 林寶森"

Similar presentations

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter
Understanding Group Policy on Windows Server 2003.

Understanding Group Policy on Windows Server 2003.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
Chapter 8 Configuring Group Policies

Chapter 8 Configuring Group Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Lesson 16: Creating Group Policy Objects

Lesson 16: Creating Group Policy Objects
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 9-10-11 2008.

(ITI310) By Eng. BASSEM ALSAID SESSIONS
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

Similar presentations

Ads by Google