1 / 35

How to Save Money, Time, and Headaches with Group Policy in Windows 7/ Windows Server 2008 R2

Required Slide. SESSION CODE: WCL323. How to Save Money, Time, and Headaches with Group Policy in Windows 7/ Windows Server 2008 R2. Kevin Sullivan Principal Program Manager Lead Microsoft Corporation. Session Objectives and Takeaways. Group Policy – quick overview PowerShell

yank
Download Presentation

How to Save Money, Time, and Headaches with Group Policy in Windows 7/ Windows Server 2008 R2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Required Slide SESSION CODE: WCL323 How to Save Money, Time, and Headaches with Group Policy in Windows 7/ Windows Server 2008 R2 Kevin Sullivan Principal Program Manager Lead Microsoft Corporation

  2. Session Objectives and Takeaways • Group Policy – quick overview • PowerShell • Automation is awesome • Object model will save you • Group Policy Preferences • Power: manage, report • Get rid of login scripts

  3. Group Policy Windows Vista/Windows Server 2008 • Group Policy Process • Part of Winlogon • Group Policy Service • GP now runs in a shared service • Hardened Service, more reliable • Templates • ADM templates difficult to manage • Group Policy Templates • ADM Templates now in ADMX files (ADMX, ADML) ADM ADM ADM ADM ADM ADM ADMX • Local GPOs • Limited flexibility with a single local GPO Multiple Local GPOs LGPO’s LGPO’s • Settings • ~1,800 policy settings in XP • Incomplete coverage means missing key scenarios • Group Policy Settings • Lots of newpolicy settingswith Windows Vista and Windows 7 • Extended GP for new Windows Vista and Windows 7 features LGPO LGPO Local Computer Policy Local Computer Policy Admin Admin/Non-Admin Group Policy User User Specified Group Policy • Network Location Awareness (NLA) • NLA service provides the latest network information • Applications can query or register with NLA for network change indications • Network • Limited awareness of changing network conditions • Storing and Finding • Need to find settings? Where is that spreadsheet? • Group Policy Central Store • Centralized repository for ADMX • Contains all ADMX templates • Created in the Sysvol on DC in each domain ADMX ADML SysVol SysVol DC DC • Group Policy Logging • Administrative log • Applications and Services log • XML based event logs • New Tools - GPOLogView • Troubleshooting • User.env log • GP Result + Policies + GUID + ADM Policy Definations + FRS/DFS-R ADMX, ADML Files

  4. Compliance Q: How can I determine if my environment is compliant? A:Use automation to run exhaustive tests

  5. Group Policy PowerShell Accounting GPO Finance GPO Sales GPO Sales GPO Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar Hklm\uninstall\googletoolbar • Manage the set of GPOs with scripts • Configure the GPO • Save energy and time with automation Set-GPRegistryValue HKLM\Uninstall\GoogleToolbar • Configure a registry key

  6. GP PowerShell Cmdlets • Import-module GroupPolicy • get-help *-gp* Get New Set Remove Misc

  7. GP PowerShell Examples

  8. PowerShell Group Policy cmdlet overview Kevin Sullivan Principal Program Manager – Lead Microsoft DEMO

  9. More GP PowerShell Examples

  10. …and more GP PowerShell Examples

  11. Moving on…. And now for something completely different

  12. Save Time • Remove login scripts

  13. Save Power (Schemes)

  14. Group Policy Preferences • Newin R2:Vista+ support Power Plans and Scheduled Tasks • Targeting and configuration beyond policy

  15. Configuring • Familiar Experience • Powerful browsers • Granular: Red/Green

  16. Preferences Group Policy Preferences Kevin Sullivan Principal Program Manager – Lead Microsoft DEMO

  17. Targeting Item level targeting, not GPO level Robust targeting 29 types Boolean logic (And, Or, Not) Collections Intuitive UI No need to learn query languages • Granular item level targeting

  18. { What do you mean ‘item’? Printer GPO 5 Printer GPO { { { { { { Printer GPO_1 Printer GPO_2 Printer GPO_3 Printer GPO_4 Printer GPO_6 HP Lobby Printer Users: ExecAssistants IP range: 10.0.0.1-.23 Hours: 9am-5pm, Mon-Fri DEFAULT HP Lobby Printer Users: ExecAssistants HP Lobby Printer Users: ExecAssistants HP Lobby Printer Users: ExecAssistants HP Lobby Printer Users: ExecAssistants HP Lobby Printer Users: ExecAssistants HP Lobby Printer Users: ExecAssistants HP Lobby Printer Users: ExecAssistants IP range: 10.0.0.24-.72 IP range: 11.0.0.1-.37 IP range: 11.0.0.38-.77 IP range: 12.0.0.1-.37

  19. True Preference Granular Actions • Create : create new • Replace : delete and recreate if present, else create. • Update : update if present, else create. • Delete: remove

  20. Preferences Group Policy Preferences Kevin Sullivan Principal Program Manager – Lead Microsoft DEMO

  21. Light Weight • Multiple items • XML • Descriptions/Comments Easy to author, easy to understand

  22. Save Time – Replace Scripting Easy to Set up, Report, Maintain • Use cases: • drive mappings, default printers,shortcuts, local users and groups, file and folder options… • Replace logon scripts • Reduce number of images Fewer scripts = less complicated, less time to apply

  23. What have we learned • Time • Automation to script day-to-day tasks • Script to maintain healthy environment • Object model to make interesting decisions when scripting • Money • Manage power using Preferences • Admins can focus on troubleshooting instead of maintenance • Headache • Reduce logon time • Replace logon scripts with easy to manage Preferences • No need for custom ADMX

  24. Client Side Extension (CSE) Download: XP+, Server 2003, Vista Update: Windows Vista Sp1 In box: Windows 7 GPMC Windows Server 2008 Windows Vista SP1 + RSAT Windows Server 2008 R2 Windows 7 + RSAT Deploying GP Preferences Management Console Client

  25. Links & Resources

  26. Required Slide Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet • http://microsoft.com/msdn

  27. Related Content • Breakout Sessions/Chalk Talks • BC-12 MDOP: Advanced Group Policy Management 4.0

  28. Please Complete An Evaluation FormYour input is important! Multiple ways to access Online Evaluation Forms: CommNet stations located throughout conference venues Via a Windows phone device Via the CommNet “Julian” offline Windows phone evaluation and session scheduling tool From any wired or wireless connection to:https://www.MyTechReady.com 1. 2. 3. 4. For more information please refer to your Pocket Guide Speaker – Click Hereto Launch Video

  29. Where do I find out more? • Product Overview: • www.microsoft.com/online/windows-intune.mspx • TechCenter: • http://social.technet.microsoft.com/Forums/en-US/category/microsoftonlineservices/ • Windows Intune Team Blog: • http://blogs.technet.com/windowsintune

  30. What is the Springboard Series? The Springboard Series IT pro experience offers dynamic content and structured guidance across the adoption lifecycle • Inside of Microsoft we are • A turnkey IT pro engagement platform for depth and breadth • The program to mobilize MS marketing and field to focus on desktop OS IT pros • To the IT pro, our goal is • Be the definitive resource for Desktop IT pros • Open, honest; show don’t tell • Information at right time, right level across Adoption Lifecycle DISCOVER EXPLORE PILOT DEPLOY MANAGE How does it change my work? How do I maintain and optimize? Is it worth the pain? Is our environment ready? Is the organization ready? Weekly, Monthly and Quarterly Rhythm of Topical Content Springboard Technical Experts Panel Event Support and Resources Straight-talk Monthly Feature Articles and Overview Guides one-Windows TechCenter in 10 languages TalkingAboutWindows Video Blogs Virtual Roundtable Events Visit the Springboard Series on TechNet at www.microsoft.com/springboard

  31. Required Slide Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet • http://microsoft.com/msdn

  32. Required Slide Complete an evaluation on CommNet and enter to win!

  33. Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year

  34. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related