WordPress.com

?Group PolicyGroup Policy Settings are effective for computers running Microsoft Windows 2000 or later.Group Policy Configuration features:Software Installation and ManagementScriptsSecurity SettingsFolder RedirectionPolicy Based Quality of ServiceInternet Explorer SettingsAdministrative TemplatesPreferencesPrintersBlocking device installationPower management settings2 Default GPO?s: Default Domain Policy Default Domain Controller PolicyLocal Group Policy Object (LGPO)Processing order: Local -> Site -> Domain - OUGPO?s are from bottom of the list and up.The GPMC is now an integrated feature of Windows Server 2008.GPMC can be added as a feature on a member server. Is installed by default when on an DC.Group Policy now runs as a serviceNew XML-based file format known as ADMX files.ADMX templates can be stored within a centralized repository located on the SYSVOL share on domain controllers.New Group Policy Operational log.Support for multiple LGPO on a single computer.2 components: Logical stored in AD: Group Policy container (GPC). Replicated as part of the AD DS.Physical stored in SYSVOL: Group Policy Template (GPT). Stored in %Systemroot%\SYSVOL\domain\policies. Replicated as part of DFS-R or FRS depending on Domain Functional Level.SSE?s: Server Side Extensions. Snap-ins you use to administer the GPO?s.CSE?s: Client Side Extensions. Interpret the Group Policy settings configured on the server.Background refresh settings: 5 minutes for a DC, 90 + random 30 for a domain member.When a computer starts up the computer policy settings are applied.When a user logs in the user policy settings are applied.Software Installation and Folder redirection policies only apply during synchronous policy processing.Security processing is also refreshed every 16 hours on non-domain controllers and every 5 minutes on domain controllers whether or not the GPO settings have changed.When default background refresh interval is not followed: A GPUpdate is run. Group Policy Detects a slow link. Loopback processing takes place.Gpupdate /target /force /wait:Value /boot /?.If network speed is below 500 kbs only CSE?s that are critical are processed.Loopback processing:Setup:GPMC Overview:You can add additional forests to manage group policies for domains in other forests. Requires a trust relation ship.By default the Sites node are hidden from the console.By default administration takes place on the DC that holds the PDC emulator role.A Starter GPO is a template that holds settings that you can start to use.You cannot create and link a GPO to a Site at the same time. You need first to create it and then link it.A point to remember is that GPO links are processed from the bottom of the list to the top. In other words, highest numbers are processed first.In the Group Policy Inheritance Tab you can see all the policies that are hitting the site, domain or OU. Enabling and Disabling Policy Processing: In details tab of the specific GPO: All Settings Disabled, Computer configuration settings disabled, Enabled, User configuration settings disabledYou can disable a link that is associated with a OU.Blocking and Enforcing GPO Processing: When Block Inheritance is enabled, only policy settings linked directly to the container will apply. Done on the container.To prevent administrators from blocking mandatory inherited policies, you can enforce inheritance. Done on the link.Security Filtering: By default to: authenticated users (Includes: standard users, computers, and administrators).Target can be: Security groups, users or computers.WMI Filtering: Done with WQL query, create a WMI filter in the GPMC and associate it with the GPO.Delegating the Administration of GPO?s: 3 ways.Delegation Tab: By Default, only the Domain Admins group, Group Policy Creator Owners Group, and the System Account have create, delete and modify right. The Group Policy Creator Owners Group have an additional restriction in that members only can modify the settings on GPO?s they actually created.Delegate rights to manage Group Policy Links: Done through Delegation of Control Wizard in AD Users and Computers.Give users the right to generate RSoP.Implementing Group Policy Between Domains and Forests:Users and Computers from the other domain must have Read access to both the GPC in AD and the GPT in the SYSVOL folder.You can share GPO?s between trusted forests.Managing Group Policy ObjectsBacking up and Restoring GPO?s: Individual GPO?s or set of GPO?s.Must have Read permissions on the GPO and Write on the target folder.Right click Group Policy Objects to backup all or right click the GPO if only a particular.In order to restore a GPO you need to have the right to create a GPO and read permission to the source folder.You use Manage Backup?s in GPMC -> Group Policy Objects to restoreCopying Gorup Policy Objects:Read in source domain, Write in Target Domain.Right click GPO and select copy, go to other domain and right click Group Policy Objects and select paste.You can copy and import if locations are separated.Modeling and Reporting Group Policy Results RSoP in 2 modes – logging mode and planning mode:Logging mode: Overall results.Planning mode: A method of simulating results.Gpresult.exe /s <computer> /u <domain\user /p <password> /scope <{user/computer} /user <TargetUserName> /r /v /z /x <filename> /h <filename> /f /?You can only script management tasks based on entire GPO?s, you cannot use scripting to modify settings within GPO?s.Group Policy Operational log. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download