VTC 2012
LESSON INTENDED LEARNING OUTCOMES
On completion of the lesson, students are expected to:
Understand the group policy infrastructure of Windo
VTC 2012
OVERVIEW
Group Policy is a mechanism used to centrally secur
e, configure, and deploy a common set of computer
and user configurations, security settings, and in so
VTC 2012
OVERVIEW
Group Policy settings are contained in Group Polic
y objects (GPOs), which are linked to the following
Active Directory directory service containers: sites,
VTC 2012
CREATING GROUP POLICIES
To create a new GP
O without linking it t
o a container, right-
VTC 2012
CREATING GROUP POLICIES
Supply a name for t
he GPO and then cli
ck OK.
VTC 2012
EDITING GROUP POLICIES
Creating a new GPO (and linking it) is only half of the work that you
have to do to create a functional GPO. You have to edit the new GPO
and configure its settings.
To edit a GPO, right-click on the GPO in the Group Policy Manageme
VTC 2012
EDITING GROUP POLICIES
GPOs contain two main sections or settings: Computer
Configuration and User Configuration.
Settings that you place in the Computer Configuration s
VTC 2012
EDITING GROUP POLICIES
VTC 2012
EDITING GROUP POLICIES
Administrative Templates:
Policy Definitions
enable you to control the s
ettings for Windows compo
nents such as Task Schedul
VTC 2012
GROUP POLICY INHERITANCE
Enabled Group Policies flow down through the Acti
ve Directory tree from top to bottom.
VTC 2012
GROUP POLICY INHERITANCE
By default, the local GPO is applied first, followed by site GPOs, an
d then domain GPOs, and finally OU GPOs.
To view GPOs linked to an object
Open the Group Policy Management Console (Start, Administrat
ive Tools, Group Policy Management).
13
VTC 2012
GROUP POLICY INHERITANCE
To view just the GPOs directly linked to an object, select
the Linked GPOs tab.
You can control which GPOs are inherited by an object.
14
VTC 2012
NETWORK ACCESS PROTECTION
Group Policy provides a both fine-grained and yet extens
ible strategy for deploying policies on the network that c
ontrol both computer and user behavior in the domain.
VTC 2012