Chapter 9: Implementing and Using Group Policy

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003

Environment, Enhanced

Chapter 9: Implementing and Using

Group Policy

Objectives

? Create and manage Group Policy objects to control user desktop settings, security, scripts, and folder redirection

? Manage and troubleshoot Group Policy inheritance

? Deploy and manage software using Group Policy

Guide to MCSE 70-290, Enhanced

2

Introduction to Group Policy

? Group policy centralizes management of user and computer configuration settings throughout a network

? A group policy object is an Active Directory object used to configure policy settings for user and computer objects

? There are two default Group Policy Objects:

? Default Domain Policy (linked to domain container)

? Default Domain Controllers Policy (linked to domain controller OU)

Guide to MCSE 70-290, Enhanced

3

1

Introduction to Group Policy (continued)

? You can modify default GPOs

? You can create new GPOs and link them to particular sites, domains, and OUs

? Policy settings will be propagated to all users and computers in container including child OUs

? Group policy can only be applied to computers running Windows Server 2003, Windows 2000, and Windows XP

Guide to MCSE 70-290, Enhanced

4

Creating a Group Policy Object

? Two ways to create a GPO:

? Group Policy standalone Microsoft Management Console (MMC) snap-in

? Group Policy extension in Active Directory Users and Computers

Guide to MCSE 70-290, Enhanced

5

Activity 9-1: Creating a Group Policy Object Using the MMC

? Objective: To create a GPO using the Group Policy Object Editor MMC snap-in

? Locate the MMC Group Policy Object Editor snap-in ? Create a new GPO

Guide to MCSE 70-290, Enhanced

6

2

Activity 9-2: Creating OUs and Moving User Accounts

? Objective: To create new Organizational Units and move existing user accounts into them.

? Must be familiar with using OUs for controlling the application of Group Policy settings

? Create new OUs using Active Directory Users and Computers

? Move users into the new OUs

Guide to MCSE 70-290, Enhanced

7

Activity 9-3: Creating a Group Policy Object and Browsing

Settings Using Active Directory Users and Computers

? Objective: Create a GPO using Active Directory Users and Computers as an alternative to MMC snap-in

? From Active Directory Users and Computers, use the Group Policy tab of the Properties of an existing OU to add and create GPOs

? Browse configuration settings of a Group Policy Object

Guide to MCSE 70-290, Enhanced

8

Editing a GPO

Guide to MCSE 70-290, Enhanced

9

3

Editing a GPO (continued)

? Table 9-1 shows configuration categories for both computer and user configurations

? Two tabs in Properties of each setting:

? Setting allows you to enable or disable the setting ? Explain provides information about the setting

? GPO content is stored in 2 locations:

? Group Policy container (GPC) ? Group Policy template (GPT)

? A GPO is identified by a 128-bit globally unique identifier (GUID)

Guide to MCSE 70-290, Enhanced

10

Activity 9-4: Deleting Group Policy Objects

? Objective: To delete a GPO using Active Directory Users and Computers

? A previously created GPO is deleted from an OU

Guide to MCSE 70-290, Enhanced

11

Application of Group Policy

? Two main categories to a Group Policy

? Computer configuration (settings apply to computers in the container)

? User configuration (settings apply to users in the container)

? Upon computer startup (or user logon)

? Computer queries domain controller for GPOs. Domain controller finds applicable GPOs.

? Domain controller presents list of GPOs. The client gets Group Policy templates, applies the settings and runs the scripts.

? Same basic process happens for user logons

Guide to MCSE 70-290, Enhanced

12

4

Controlling User Desktop Settings

? Administrative templates

? Used to limit user manipulation of user desktop and computer configurations

? Aim is to reduce administrative costs ? Seven main categories of configuration settings can be

applied to either computer or user section of a GPO

Guide to MCSE 70-290, Enhanced

13

Controlling User Desktop Settings (continued)

Guide to MCSE 70-290, Enhanced

14

Activity 9-5: Configuring

Group Policy Object User

Desktop Settings

? Objective: To configure and test the application of Group Policy settings

? Use Active Directory Users and Computers to access the desired configuration settings

? Configure settings using the Group Policy Object Editor

? Verify that the configured settings have the expected results

Guide to MCSE 70-290, Enhanced

15

5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download