05-Creating and Configuring Group Policies
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.25 MB, 40 trang )
<span class='text_page_counter'>(1)</span><div class='page_container' data-page=1></div>
<span class='text_page_counter'>(2)</span><div class='page_container' data-page=2>
Module Overview
• Overview of Group Policies
• Configuring the Scope of Group Policy Objects
• Evaluating the Application of Group Policy Objects
• Managing Group Policy Objects
</div>
<span class='text_page_counter'>(3)</span><div class='page_container' data-page=3>
Lesson 1: Overview of Group Policies
• What Are Group Policies?
• Group Policy Settings
• How Group Policies Are Applied
• Exceptions to Normal Group Policy Processing
• Group Policy Components
• What Are ADM and ADMX files?
• What Is the Central Store?
</div>
<span class='text_page_counter'>(4)</span><div class='page_container' data-page=4>
What Are Group Policies?
<b>Use Group Policies to:</b><sub> </sub>
•<b> Apply standard configurations</b>
•<b> Deploy software</b>
•<b> Enforce security settings</b>
•<b> Enforce a consistent desktop environment</b>
<b>Group Policies enable IT administrators to automate one-to-many </b>
<b>management of users and computers</b>
<b>Group Policies enable IT administrators to automate one-to-many </b>
<b>management of users and computers</b>
<b>Local group policies are always in effect for local and domain </b>
<b>users and local computer settings</b>
</div>
<span class='text_page_counter'>(5)</span><div class='page_container' data-page=5>
Group Policy Settings
• Software
• Windows
• Security
</div>
<span class='text_page_counter'>(6)</span><div class='page_container' data-page=6>
How Group Policies are Applied
<b>Computer starts</b>
•<b> Computer settings </b>
<b> applied</b>
•<b> Startup scripts run</b>
<b>Refresh Interval</b>
<b>Refresh Interval</b>
<b>User logs on</b>
•<b> User settings applied </b>
•<b> Logon scripts run</b>
<b>Refresh Interval</b>
<b>Refresh Interval</b>
<b>Every 90 minutes</b>
<b>Every 90 minutes</b>
<b>Every 90 minutes</b>
</div>
<span class='text_page_counter'>(7)</span><div class='page_container' data-page=7>
Exceptions to Group Policy Processing
Additional exceptions:
• Windows XP and Vista use cached credential
for faster logons
• Many GPO settings take two logons to take
effect
<b>Cached </b>
<b>credentials</b>
• 500 KPS by default
• Certain client side extensions are not
processed
• Prior to Vista, ICMP is used to detect a slow
link
• Vista uses Network Location Awareness
<b>Slow links </b>
• Remote access connections
</div>
<span class='text_page_counter'>(8)</span><div class='page_container' data-page=8>
Group Policy Components
<b>Group Policy Object</b>
<b>Group Policy Object</b>
• Stored in Active Directory
• Provides version information
<b>Group Policy Container</b>
<b>Group Policy Container</b>
• Stored in shared SYSVOL folder
• Provides Group Policy settings
• Supports both ADM and
ADMX templates
<b>Group Policy Template</b>
<b>Group Policy Template</b>
</div>
<span class='text_page_counter'>(9)</span><div class='page_container' data-page=9>
What Are ADM and ADMX Files?
ADM files are:
• Copied into every GPO in SYSVOL
• Difficult to customize
ADMX files are:
• Language neutral
• Not stored in the GPO
</div>
<span class='text_page_counter'>(10)</span><div class='page_container' data-page=10>
What Is the Central Store?
The Central Store:
• Is a central repository for ADMX and ADML files
• Is stored in SYSVOL
• Must be created manually
• Is detected automatically by Windows Vista or Server 2008
<b>Windows Vista </b>
<b>or Windows Server 2008</b>
<b>workstation</b>
<b>Windows Vista </b>
<b>or Windows Server 2008</b>
<b>workstation</b>
<b>ADMX files</b>
<b>ADMX files</b>
<b>Domain controller</b>
<b> with SYSVOL</b>
<b>Domain controller</b>
<b> with SYSVOL</b> <b>Domain controller with SYSVOL</b>
</div>
<span class='text_page_counter'>(11)</span><div class='page_container' data-page=11>
Demonstration: Configuring Group Policy Objects
In this demonstration, you will see how to:
• Create a GPO
</div>
<span class='text_page_counter'>(12)</span><div class='page_container' data-page=12>
Lesson 2: Configuring the Scope of Group
Policy Objects
• Group Policy Processing Order
• What Are Multiple Local Group Policies?
• Options for Modifying Group Policy Processing
• Demonstration: Configuring Group Policy Object Links
• Demonstration: Configuring Group Policy Inheritance
• Demonstration: Filtering Group Policy Objects Using
Security Groups
• Demonstration: Filtering Group Policy Objects Using
WMI Filters
• How Does Loopback Processing Work?
</div>
<span class='text_page_counter'>(13)</span><div class='page_container' data-page=13></div>
<span class='text_page_counter'>(14)</span><div class='page_container' data-page=14>
What Are Multiple Local Group Policies?
•<b> One layer of computer configurations that applies to </b>
<b> all users</b>
•<b> Layers apply only to individual users, not to groups</b>
<b> </b>
•<b> There are three layers of user configurations:</b>
• <b>Administrator</b>
• <b>Non-Administrator</b>
</div>
<span class='text_page_counter'>(15)</span><div class='page_container' data-page=15>
Options for Modifying Group Policy Processing
<b>Five methods to modify GPO default processing:</b>
•<b> Block inheritance</b>
• <b>Enforcement </b>
• <b>Filtering using security groups or WMI filters </b>
• <b>Disabling GPOs </b>
</div>
<span class='text_page_counter'>(16)</span><div class='page_container' data-page=16>
Demonstration: Configuring Group Policy
Object Links
• In this demonstration, you will see how to:
</div>
<span class='text_page_counter'>(17)</span><div class='page_container' data-page=17>
Demonstration: Configuring Group
Policy Inheritance
• In this demonstration, you will see how to:
</div>
<span class='text_page_counter'>(18)</span><div class='page_container' data-page=18>
Demonstration: Filtering Group Policy Objects By
Using Security Groups
</div>
<span class='text_page_counter'>(19)</span><div class='page_container' data-page=19>
Demonstration: Filtering Group Policy Objects
Using WMI Filters
</div>
<span class='text_page_counter'>(20)</span><div class='page_container' data-page=20></div>
<span class='text_page_counter'>(21)</span><div class='page_container' data-page=21>
Discussion: Configuring the Scope of Group Policy
Processing
<b>Woodgrove Bank Domain Tree</b>
<b>Woodgrove Bank Domain Tree</b>
<b>Woodgrove Bank</b>
<b>Head Office</b>
<b>Branches</b>
<b>Servers</b>
<b>Toronto</b>
<b>Winnipeg</b>
<b>SQL Server</b>
<b>Exchange </b>
<b>Server</b>
<b>Toronto site</b>
<b>Winnipeg</b> <b>Head Office</b>
<b>Head Office site</b>
<b>High-speed link</b>
</div>
<span class='text_page_counter'>(22)</span><div class='page_container' data-page=22>
Lesson 3: Evaluating the Application of Group
Policy Objects
• What Is Group Policy Reporting?
• What Is Group Policy Modeling?
</div>
<span class='text_page_counter'>(23)</span><div class='page_container' data-page=23>
What Is Group Policy Reporting?
•<b> Group Policy results are provided by the GPMC </b>
• <b>GPResult is a command line utility </b>
<b>Group policy reporting is a method of planning and </b>
<b>troubleshooting group policy</b>
</div>
<span class='text_page_counter'>(24)</span><div class='page_container' data-page=24>
What Is Group Policy Modeling?
<b>The Group Policy Modeling Wizard simulates:</b>
• <b>Site membership</b>
• <b>Security group membership</b>
• <b>WMI filters</b>
• <b>Slow links</b>
• <b>Loopback processing</b>
• <b>The effects of moving user or computer objects to a </b>
<b>different Active Directory container</b>
</div>
<span class='text_page_counter'>(25)</span><div class='page_container' data-page=25>
Demonstration: How to Evaluate the Application
of Group Policies
</div>
<span class='text_page_counter'>(26)</span><div class='page_container' data-page=26>
Lesson 4: Managing Group Policy Objects
• GPO Management Tasks
• What Is a Starter GPO?
• Demonstration: How to Copy a GPO
• Demonstration: Backing up and Restoring GPOs
• Demonstration: Importing a GPO
</div>
<span class='text_page_counter'>(27)</span><div class='page_container' data-page=27>
GPO Management Tasks
<b>GPO management tasks:</b>
• <b>Back up GPOs</b>
• <b>Restore GPOs</b>
• <b>Copy GPOs</b>
</div>
<span class='text_page_counter'>(28)</span><div class='page_container' data-page=28>
What Is a Starter GPO?
• Stores administrative template settings on which the new
GPOs will be based
• Can be exported to .cab files
• Can be imported into other areas of the enterprise
<b>Exported to cab file</b>
<b>Exported to cab file</b>
<b>starterGPO</b>
<b>starterGPO</b> <b><sub>Cab file</sub><sub>Cab file</sub></b>
<b>Imported to GPMC</b>
<b>Imported to GPMC</b>
<b>Load </b>
<b>cabinet file</b>
</div>
<span class='text_page_counter'>(29)</span><div class='page_container' data-page=29>
Demonstration: How to Copy a GPO
</div>
<span class='text_page_counter'>(30)</span><div class='page_container' data-page=30>
Demonstration: Backing up and Restoring GPOs
</div>
<span class='text_page_counter'>(31)</span><div class='page_container' data-page=31>
Demonstration: Importing a GPO
• In this demonstration, you will see how to:
Import a GPO
</div>
<span class='text_page_counter'>(32)</span><div class='page_container' data-page=32>
Migrating Group Policy Objects
<b>The ADMX Migrator utility:</b>
• <b>Can be used to convert custom ADM files to ADMX</b>
</div>
<span class='text_page_counter'>(33)</span><div class='page_container' data-page=33>
Lesson 5: Delegating Administrative Control of
Group Policies
• Options for Delegating Control of GPOs
</div>
<span class='text_page_counter'>(34)</span><div class='page_container' data-page=34>
Options for Delegating Control of GPOs
<b>Methods to delegate </b>
<b>control of GPOs</b>
<b>Create </b>
<b>GPOs in </b>
<b>the </b>
<b>domain</b>
<b>Edit or </b>
<b>delete </b>
<b>GPOs</b>
<b>Link GPOs </b>
<b>to </b>
<b>containers</b>
<b>Use </b>
<b>reporting </b>
<b>tools</b>
Membership in Group
Policy Creator Owners
group or explicit
permission to create
GPOs
Assign Edit rights to
individual policies
Delegate the right to
link GPOs to
containers
Delegate the right to
use group policy
</div>
<span class='text_page_counter'>(35)</span><div class='page_container' data-page=35>
Demonstration: How to Delegate Administrative
Control of GPOs
</div>
<span class='text_page_counter'>(36)</span><div class='page_container' data-page=36>
Lab: Creating and Configuring GPOs
• Exercise 1: Creating Group Policy Objects
• Exercise 2: Managing the Scope of GPO Application
• Exercise 3: Verifying GPO Application
• Exercise 4: Managing GPOs
• Exercise 5: Delegating Administrative Control of GPOs
<b>Estimated time: 75 minutes</b>
Logon information
Virtual machine <b>NYC-DC1, NYC-<sub>CL1 </sub></b>
User name <b>Administrator</b>
</div>
<span class='text_page_counter'>(37)</span><div class='page_container' data-page=37>
Lab Review
• What other method could be used to grant a user the right
to create GPOs in the domain?
</div>
<span class='text_page_counter'>(38)</span><div class='page_container' data-page=38>
Module Review and Takeaways
• Considerations
</div>
<span class='text_page_counter'>(39)</span><div class='page_container' data-page=39>
Beta Feedback Tool
• Beta feedback tool helps:
Collect student roster information, module feedback, and
course evaluations.
Identify and sort the changes that students request, thereby
facilitating a quick team triage.
Save data to a database in SQL Server that you can later
query.
</div>
<span class='text_page_counter'>(40)</span><div class='page_container' data-page=40>
Beta Feedback
• <b>Overall flow of module:</b>
Which topics did you think flowed smoothly, from topic to
topic?
Was something taught out of order?
• <b>Pacing:</b>
Were you able to keep up? Are there any places where the
pace felt too slow?
Were you able to process what the instructor said before
moving on to next topic?
Did you have ample time to reflect on what you learned? Did
you have time to formulate and ask questions?
• <b>Learner activities:</b>
Which demos helped you learn the most? Why do you think
that is?
Did the lab help you synthesize the content in the module?
Did it help you to understand how you can use this
knowledge in your work environment?
Were there any discussion questions or reflection questions
</div>
<!--links-->
