1 / 41

GROUP POLICY STRATEGY

Chapter 4. GROUP POLICY STRATEGY. OVERVIEW. Describe how you might configure the user environment using Group Policy Understand how the computer environment can be configured by using Group Policy Use the Resultant Set of Policy (RSoP) tool planning mode to develop Group Policy strategy

buck
Download Presentation

GROUP POLICY STRATEGY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 4 GROUP POLICY STRATEGY

  2. Chapter 4: GROUP POLICY STRATEGY OVERVIEW • Describe how you might configure the user environment using Group Policy • Understand how the computer environment can be configured by using Group Policy • Use the Resultant Set of Policy (RSoP) tool planning mode to develop Group Policy strategy • Troubleshoot the application of Group Policy security settings

  3. Chapter 4: GROUP POLICY STRATEGY OVERVIEW (CONTINUED) • Use Group Policy to redirect special folders to alternative locations on the network • Describe IntelliMirror and its benefits • Describe Offline Files and Synchronization Manager • Describe roaming profiles

  4. Chapter 4: GROUP POLICY STRATEGY REVIEWING GROUP POLICY COMPONENTS • Group Policy enables you to manage user and computer configuration from a single, central point of administration. • A Group Policy Object (GPO)isa collection of Group Policy settings. • GPOs can be applied, or linked, to a computer, site, domain, or organizational unit (OU).

  5. Chapter 4: GROUP POLICY STRATEGY UNDERSTANDING GPOs • Local GPOs • Active Directory–based GPOs • GPO storage • Creating, linking, and editing GPOs

  6. Chapter 4: GROUP POLICY STRATEGY LOCAL GPOs • Exist on every computer running Microsoft Windows 2000, Windows XP, or Windows Server 2003 • Stored in %Systemroot%\System32\GroupPolicy • Can be applied only to that computer

  7. Chapter 4: GROUP POLICY STRATEGY ACTIVE DIRECTORY–BASED GPOs • GPOs are stored in the Active Directory directory service. • Two Active Directory GPOs are created by default: • Default Domain Policy • Default Domain Controllers Policy

  8. Chapter 4: GROUP POLICY STRATEGY GPO STORAGE • GPOs have a corresponding object in Active Directory. • Each policy is physically stored in %Systemroot%\Sysvol\Domain Name\Policies\GPO GUID\Adm.

  9. Chapter 4: GROUP POLICY STRATEGY CREATING GPOs

  10. Chapter 4: GROUP POLICY STRATEGY LINKING GPOs • After creation, a GPO can be linked with one or more Active Directory objects. • GPOs created for one type of object can be linked with objects of another type. • More than one GPO can be linked to a single Active Directory object.

  11. Chapter 4: GROUP POLICY STRATEGY EDITING GPOs

  12. Chapter 4: GROUP POLICY STRATEGY EXPLORING GROUP POLICY SETTINGS • Computer and User Configuration nodes • Software Settings node • Windows Settings node • Administrative Templates node

  13. Chapter 4: GROUP POLICY STRATEGY COMPUTER CONFIGURATION AND USER CONFIGURATION NODES Computer Configuration and User Configuration nodes: • Define settings for installing software, configuring and securing the Windows operating system, and registry settings • Are applied when the operating system starts up • Are supported by Microsoft Windows XP Professional, Windows 2000, and Windows Server 2003

  14. Chapter 4: GROUP POLICY STRATEGY SOFTWARE SETTINGS NODE

  15. Chapter 4: GROUP POLICY STRATEGY WINDOWS SETTINGS NODE

  16. Chapter 4: GROUP POLICY STRATEGY ADMINISTRATIVE TEMPLATES NODE

  17. Chapter 4: GROUP POLICY STRATEGY UNDERSTANDING GPO APPLICATION

  18. Chapter 4: GROUP POLICY STRATEGY GROUP POLICY INHERITANCE • If a Group Policy setting is configured for a parent OU, and the same policy setting is set to Not Configured for child OUs, the users and computers in the child OUs inherit the parent’s policy setting. • If a Group Policy setting is configured for a parent OU, and the same policy setting isconfigured for a child OU, the child OU Group Policy setting overrides the setting from the parent OU. • If a policy setting of a parent OU is set to Not Configured, the child OU does not inherit that setting.

  19. Chapter 4: GROUP POLICY STRATEGY EXCEPTIONS TO THE APPLICATION PROCESS Block Policy Inheritance • Prevents settings from all the GPOs higher in the hierarchy from being inherited No Override • Prevents a setting in a GPO from being overridden by a setting in a later GPO Loopback • Causes configuration of a user to be determined by the Computer Configuration node policies of GPOs that apply to the computerobject

  20. Chapter 4: GROUP POLICY STRATEGY USING SECURITY GROUPS TO FILTERGPO SCOPE

  21. Chapter 4: GROUP POLICY STRATEGY USING WMI QUERIES TO FILTER GPO SCOPE • Windows Management Instrumentation (WMI) provides unified access to the management functions of local and remote systems. • WMI allows GPO scope to be filtered by criteria such as hardware specifications. • WMI provides versatility in distribution of applications or operating system updates.

  22. Chapter 4: GROUP POLICY STRATEGY PLANNING WITH THE RSoP TOOL • Analysis mode allows you to determine what the result of Group Policy application will be for a given user or computer object. • Planning mode allows you to create what-if scenarios that can simulate changes in Group Policy and their resultant effect on a user or computer object. • You must be a member of the Domain Admins or Enterprise Admins group or must have been delegated the Generate Resultant Set Of Policy (planning) right to run RSoP.

  23. Chapter 4: GROUP POLICY STRATEGY TROUBLESHOOTING GROUP POLICY APPLICATION • Resultant Set Of Policy Wizard • Gpresult command-line tool • Gpupdate command-line tool • Event Viewer • Log files • Advanced System Information Policy tool • Group Policy Management Console

  24. Chapter 4: GROUP POLICY STRATEGY TROUBLESHOOTING GROUP POLICY WITH THE RESULTANT SET OF POLICY WIZARD

  25. Chapter 4: GROUP POLICY STRATEGY TROUBLESHOOTING GROUP POLICYWITH GPRESULT • Command-line utility that allows the RSoP to be calculated and the results to be displayed as text • Allows results to be written to a text file for logging or analysis

  26. Chapter 4: GROUP POLICY STRATEGY TROUBLESHOOTING GROUP POLICYWITH GPUPDATE • Gpupdate allows Group Policy to be immediately refreshed. • Group Policy is automatically refreshed on member servers and workstations every 90 minutes. • Group Policy is automatically refreshed on domain controllers every 5 minutes.

  27. Chapter 4: GROUP POLICY STRATEGY TROUBLESHOOTING GROUP POLICY WITH EVENT VIEWER

  28. Chapter 4: GROUP POLICY STRATEGY TROUBLESHOOTING GROUP POLICY WITHLOG FILES

  29. Chapter 4: GROUP POLICY STRATEGY TROUBLESHOOTING WITH THE GROUP POLICY MANAGEMENT CONSOLE

  30. Chapter 4: GROUP POLICY STRATEGY GROUP POLICY TROUBLESHOOTING SCENARIOS Group Policy troubleshooting scenarios are summarized in the textbook in two tables: • Table 4-2, “Group Policy Object Editor Console Troubleshooting Scenarios” • Table 4-3, “Group Policy Settings Troubleshooting Scenarios”

  31. Chapter 4: GROUP POLICY STRATEGY MANAGING SPECIAL FOLDERS USINGGROUP POLICY Folder redirection: • Allows key user data and configuration folders to be redirected to a central location • Enables centralized backup and administration of user data • Provides resiliency in the event of workstation failure

  32. Chapter 4: GROUP POLICY STRATEGY FOLDER REDIRECTION Windows Server 2003 allows the following special folders to be redirected: • Application Data • Desktop • My Documents • My Pictures • Start Menu

  33. Chapter 4: GROUP POLICY STRATEGY ADVANTAGES OF REDIRECTING FOLDERS • Even if a user logs on to various computers on the network, his or her documents are always available. • Data stored on a shared network server can be backed up as part of routine system administration. • Group Policy can be used to set disk quotas, limiting the amount of space taken up by users’ special folders. • Data specific to a user can be redirected to a hard disk on the user’s local computer different from the hard disk holding the operating system files.

  34. Chapter 4: GROUP POLICY STRATEGY OFFLINE FILES • Offline Files lets users disconnect from the network and work as if they were still connected. • When the computer is offline, the files and folders appear in the same directory as they do when the system is online. • Offline Files works best in conjunction with folder redirection.

  35. Chapter 4: GROUP POLICY STRATEGY SYNCHRONIZATION MANAGER • When using Offline Files and folders, users can synchronize all network resources by using the Synchronization Manager. • Only resources that have changed are updated.

  36. Chapter 4: GROUP POLICY STRATEGY REDIRECTING MY DOCUMENTS TOHOME FOLDERS • With Windows Server 2003, you can redirect My Documents to a user’s home folder. • Such redirection only works with client systems running Windows XP Professional. • Redirecting My Documents to a user’s home folder is recommended only for organizations that have already deployed home folders and want to provide backward compatibility.

  37. Chapter 4: GROUP POLICY STRATEGY SETTING UP FOLDER REDIRECTION You can set up folder redirection to operate in one of two ways: • Redirect special folders to one location • Redirect special folders to a location according to security group membership

  38. Chapter 4: GROUP POLICY STRATEGY POLICY REMOVAL CONSIDERATIONS • When a folder redirection policy no longer applies to a user, that user’s folders are copied, moved, or left intact depending on the configuration. • When moving user accounts or reconfiguring GPOs, special consideration should be given to the potential effect on redirected folders.

  39. Chapter 4: GROUP POLICY STRATEGY FOLDER REDIRECTION BEST PRACTICES • Allow the system to create the folders and accept default settings. • Use fully qualified Universal Naming Convention (UNC) paths for destination folders. • Place the My Pictures folder in the My Documents folder. • Consider what will happen if the policy is removed. • Enable Offline Files.

  40. Chapter 4: GROUP POLICY STRATEGY SUMMARY • Group Policy enables administrators to manage change and configuration for users and computers centrally. • Configuration is specified by enabling or disabling Group Policy settings within one or more GPOs. • GPOs are applied by linking them to sites, domains, or OUs. The user and computer objects beneath the link are said to be within the scope of the GPO. • The Group Policy settings in a GPO are said to be inherited by users and computers below the linked site, domain, or OU.

  41. Chapter 4: GROUP POLICY STRATEGY SUMMARY (CONTINUED) • RSoP analyses provide insight into the net effect of GPOs on a user or computer and can be used to plan, report, and troubleshoot Group Policy. • Folder redirection is a feature of IntelliMirror that enables users and administrators to redirect the path of any special folder. • Offline Files and Synchronization Manager are used to allow users of portable computers to work on network files when their computers are disconnected from the local area network (LAN). • Roaming profiles are used to allow users to access their data quickly and easily, regardless of which computer they log on to. • Windows Server 2003 provides a range of tools to assist you in verifying your configuration and in diagnosing and solving problems with Group Policy.

More Related