1 / 31

Using Group Policy to Manage User Environments

Using Group Policy to Manage User Environments. Overview. Introduction to Managing User Environments Introduction to Administrative Templates Assigning Scripts with Group Policy Using Group Policy to Redirect Folders Using Group Policy to Secure the User Environment

maddy
Download Presentation

Using Group Policy to Manage User Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Using Group Policy to Manage User Environments

  2. Overview • Introduction to Managing User Environments • Introduction to Administrative Templates • Assigning Scripts with Group Policy • Using Group Policy to Redirect Folders • Using Group Policy to Secure the User Environment • Troubleshooting User Environment Management • Best Practices

  3. Registry HKEY_LOCAL_MACHINE HKEY_CURRENT_USER Administrative Templates Settings Script Settings Redirecting User Folders Security Settings Manage User Environments MyDocuments Introduction to Managing User Environments • Control What Users Can Do in Their Environments • Configure and Centrally Manage User Environments • Ensure that users always have their data • Populate user desktops

  4. What are Administrative Templates? • An administrative template controls the Registry settings of multiple computers (those in the OU, domain or site to which the Group Policy is applied), without requiring manual editing of the individual Registries.

  5. OU Structure

  6. Administrative Templates

  7. Deploying a screen saver lock utilizing Administrative Templates

  8. Cleaning out Temporary Internet files utilizing Administrative Templates

  9. Setting up Software Update Server (SUS) utilizing Administrative Templates

  10. User based policy for all users utilizing Administrative Templates

  11. Adding a custom Administrative Template (*.adm)

  12. Startup/Shutdown Scripts Computer Computer Configuration Startup/Shutdown User Configuration User Logon/Logoff Logon/Logoff What Are Group Policy Script Settings? Group Policy Script Settings Allow You to: • Centrally Configure Scripts to Run Automatically at Startup and Shutdown, and When Users Log On and Log Off

  13. Assigning Scripts with Group Policy • What Are Group Policy Script Settings? • The Process of Applying Script Settings with Group Policy • Assigning Group Policy Script Settings

  14. User based logon script for the Fire Dept users

  15. Using Group Policy to Redirect Folders • What Is Folder Redirection? • Selecting the Folders to Redirect • Redirecting Folders to a Server Location

  16. Redirected Personal Folders Documents Are Stored on the Server but Appear to Be Stored Locally MyDocuments MyDocuments What Is Folder Redirection? Advantages of Folder Redirection: • Data Is Always Available to Users Regardless of the Computer Logged on to • Data Is Centrally Stored for Ease of Management and Backup • Network Traffic Is Generated Only When Users Gain Access to Files • Files Are Not Saved on the Client Computer

  17. Folder Contains Redirect to a server so that My Documents A user’s personal data Users can access their data from any computer, and this data can be backed up and managed centrally Start Menu Folders and shortcuts on the Start menu Users’ Start menus are standardized Desktop All files and folders that a user places on the desktop Users have the same desktop regardless of the computer to which they log on ApplicationData User-specific data storedby applications Applications use the same user-specific data for a user regardless of the computer to which the user logs on Selecting the Folders to Redirect

  18. Desktop Properties Target Desktop Properties Settings When Redirecting User Folders: Desktop Properties Target You can specify the location of the Desktop folder Settings Target Settings You can specify the location of the Desktop folder Setting: No administrative policy specified You can specify the location of the Desktop folder The Group Policy Object will have no effect on the location of this folder. Setting: Basic – Redirect everyone’s folder to the dame loc Setting: Advanced – Specify locations for various user grou This folder will be redirected to the specified location. An example target path is: \\server\share\%username%. OK Cancel Apply This folder will be redirected to different locations based on the security group membership of the users. An example target path is \\server\share\%username% Use the%username% variable Target folder location Security Group Membership \\london\desktops\%username% Group Path Browse CONTOSO\acct \\london\acct\%username% CONTOSO\sales \\london\sales\%username% OK Cancel Apply Add Edit Remove OK Cancel Apply Redirecting Folders to a Server Location

  19. Redirecting My Documents

  20. Security Settings • Account Policies • Password Policies • Account Lockout • Local Policies • Auditing • User Rights • Security • Event Logs • Log size • Retention • Services • Global settings for all computers

  21. Account Policies are… • Password policies • Minimum and maximum password age • Enforce password history • Password must meet complexity requirements • Account lockout options • Account lockout duration • Account lockout threshold • Reset account lockout after…

  22. Account Policies

  23. Local Policies • Auditing • What is it? Give me some examples • User rights • Backup files and directories • Restore files and directories • Load and unload device drivers • Security options • Do not display last username • Message text for users logging on • Message title for users attempting to logon

  24. Local Policies

  25. Auditing policy for everyone logging in

  26. Event log settings are used to … • Set log sizes on computers globally • To retain the logs • Retention settings for all the logs

  27. Event Log settings

  28. Services • Messenger service • Netmeeting • Task scheduler • Telnet • Terminal services

  29. Services

  30. Computer based policy (Disable Services) for all computers

  31. Best Practices Create a Minimal Number of GPOs Required Always Test the Effects of Administrative Template Settings Always Redirect the My Documents Folders

More Related