Presentation Plan
Summary:
Overview of Group Policies. Configuring the Scope of Group Policies Objects. Evaluating the Application of Group Policies Objects. Managing Group Policies Objects. Delegating Administrative Control of Group Policies
Preview
What Are Group Policies? Group Policies enable IT administrators to automate one-to-many management of users and computers
Use Group Policies to : Apply standard configurations Deploy software Enforce security settings Enforce a consistent desktop environment
Local group policies are always in effect for local users and local computer settings..
9 aot 2011 - Group Policy Objects - This document is classified as Public
Group Policy Settings Group Policy settings for users Software Settings Windows Settings Security Settings Desktop Settings Group Policy settings for computers Software Settings Windows Settings Security Settings Operating systems Settings
9 aot 2011 - Group Policy Objects - This document is classified as Public
Computer starts
Refresh Interval
Every 90 minutes
User logs on
Refresh Interval
Every 90 minutes
Group Policy Processing and Exeptions Local Policy Machine/User Site Policy Machine/User Domain Policy Machine/User OUtop OUbottom Policy Machine/User 500 Kbps by default Certain client side extensions are not processed Prior to Vista, ICMP is used to detect a slow link Vista uses Network Location Awareness Windows XP and Vista use cached credential for faster logons Many GPO settings take two logons to take effect
Slow Links
Cached Credential
Group Policy Template Contains Group Policy settings Stores content in two locations
Stored in shared SYSVOL folder Provides Group Policy settings Supports both ADM and ADMX templates
ADM files are: Copied into every GPO in SYSVOL Difficult to customize
ADMX files are: Language neutral Not stored in the GPO Extensible through XML
10
11
Preview
12
Group Policy Processing Order GPO1 Local Group Policy Site GPO3 GPO4 Domain GPO5
OU OU
GPO2
OU
9 aot 2011 - Group Policy Objects - This document is classified as Public 13
One layer of computer configurations that applies to all users Layers apply only to individual users, not to groups There are three layers of user configurations: Administrator Non-Administrator User-specific
14
Options for Modifying Group Policy Processing Five methods to modify GPO default processing: Block inheritance Enforcement Filtering using security groups or WMI filters Disabling GPOs Loopback processing
15
16
17
Preview
18
Group Policy results are provided by the GPMC GPResult is a command line utility
19
The Group Policy Modeling Wizard calculates the simulated net effect of GPOs
The Group Policy Modeling Wizard simulates: Site membership Security group membership WMI filters Slow links Loopback processing The effects of moving user or computer objects to a different Active Directory container
20
21
Preview
22
A copy of a GPO transfers only the settings within a GPO The new GPO is created unlinked
23
GPO1
In a backup operation, Group Policy Management export all data in the GPO to the selected file and saves the GPT files
24
In a restore operation, the contents of the GPO are returned to exactly the same state
25
GPO2
In an import operation, all GPO settings are copied from the source to the target GPO
26
Starter GPO
9 aot 2011 - Group Policy Objects - This document is classified as Public
CAB file
27
28
29
X X X X X X
30
X X X
X X X
31