understanding group policy on windows server 2003 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Understanding Group Policy on Windows Server 2003 PowerPoint Presentation
Download Presentation
Understanding Group Policy on Windows Server 2003

Loading in 2 Seconds...

play fullscreen
1 / 41

Understanding Group Policy on Windows Server 2003 - PowerPoint PPT Presentation


  • 118 Views
  • Uploaded on

Understanding Group Policy on Windows Server 2003. John Howard, IT Pro Evangelist, Microsoft UK http://blogs.technet.com/jhoward. Agenda. Introducing Group Policy Common tasks with Group Policy Planning & Best Practices. Introducing Group Policy Basic Understanding.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Understanding Group Policy on Windows Server 2003' - margaux


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
understanding group policy on windows server 2003

Understanding Group Policy on Windows Server 2003

John Howard, IT Pro Evangelist, Microsoft UK

http://blogs.technet.com/jhoward

agenda
Agenda
  • Introducing Group Policy
  • Common tasks with Group Policy
  • Planning & Best Practices
introducing group policy basic understanding
Introducing Group PolicyBasic Understanding
  • Works with Windows 2000 and later
  • Enable one-to-many management of users and computers
  • Simplify administrative tasks
  • Implement security settings
  • Implement standard computing environments
introducing group policy group policy terms
Introducing Group PolicyGroup Policy Terms
  • Group Policy Management Console
  • Group Policy settings
  • Group Policy Object Editor
  • Active Directory containers
    • Site
    • Domain
    • OUs
      • Child OUs
introducing group policy group policy capabilities3

Software Distribution

Software Restrictions

Security Settings

Registry-based Policy

Introducing Group PolicyGroup Policy Capabilities
introducing group policy group policy capabilities4

Software Distribution

Software Restrictions

Security Settings

Computer and User Scripts

Registry-based Policy

Introducing Group PolicyGroup Policy Capabilities
introducing group policy group policy capabilities5

Software Distribution

Software Restrictions

Roaming Profiles and Redirected Folders

Security Settings

Computer and User Scripts

Registry-based Policy

Introducing Group PolicyGroup Policy Capabilities
introducing group policy group policy capabilities6

Software Distribution

Offline Folders

Software Restrictions

Roaming Profiles and Redirected Folders

Security Settings

Computer and User Scripts

Registry-based Policy

Introducing Group PolicyGroup Policy Capabilities
introducing group policy group policy capabilities7

Internet Explorer Maintenance

Software Distribution

Offline Folders

Software Restrictions

Roaming Profiles and Redirected Folders

Security Settings

Computer and User Scripts

Registry-based Policy

Introducing Group PolicyGroup Policy Capabilities
introducing group policy default policies
Introducing Group PolicyDefault Policies
  • Local Security Policy
  • Default Domain Policy
  • Default Domain Controllers Policy
introducing group policy order of precedence1
Introducing Group PolicyOrder of Precedence

Site Policy

Local Security Policy

introducing group policy order of precedence2
Introducing Group PolicyOrder of Precedence

Domain Policy

Site Policy

Local Security Policy

introducing group policy order of precedence3
Introducing Group PolicyOrder of Precedence

Parent OU Policy

Domain Policy

Site Policy

Local Security Policy

introducing group policy order of precedence4
Introducing Group PolicyOrder of Precedence

Child OU Policy

Parent OU Policy

Domain Policy

Site Policy

Local Security Policy

introducing group policy group policy management console
Introducing Group PolicyGroup Policy Management Console
  • Unified, easy to use GUI
  • Backup/Restore of GPOs
  • Import/Export and Copy/Paste of GPOs
  • Simplified security
  • HTML reporting
  • Scripting of Group Policy tasks
introducing group policy group policy objects links
Introducing Group PolicyGroup Policy Objects & Links
  • GPMC manages
    • GPO Links
    • Scope Of Management (SOM)
  • GPOs contain policy settings
  • Links define what objects the GPO will target
    • Scope Of Management (SOM)
      • Site, Domain, OU, OU,….
    • Filtering can be based on links to SOM
    • Better illustrates the relationship between GPOs and Links
agenda1
Agenda
  • Introducing Group Policy
  • Common tasks with Group Policy
  • Planning & Best Practices
common tasks using administrative templates
Common tasksUsing Administrative Templates
  • Enables configuration of policy settings
    • Do not actually contain policy settings
    • Used by Group Policy Object Editor
    • Policy settings are contained registry.pol
  • Windows Server 2003 contains:
    • System.adm
    • Inetres.adm
    • Conf.adm
    • Wmplayer.adm
    • Wuau.adm
common tasks using administrative templates1
Common tasksUsing Administrative Templates
  • KB 816662 – “Recommendations for Managing Group Policy Administrative Template Files”
  • Superset principle from WS2003 RTM onwards
  • Historical .adm files available online
  • Never edit the OS-shipped .adm files
  • Know the benefits of a “true policy” (as compared to preferences)
    • Security (local administrators)
    • Cleanup (if GPO is out of scope)
common tasks account policies
Common TasksAccount Policies
  • Password
  • Account lockout
  • Kerberos settings
  • Domain level vs OU level setting
common tasks software restriction policies
Common TasksSoftware Restriction Policies
  • Windows Server 2003 and Windows XP
  • Base philosophies
    • Unrestricted
      • All programs run except those I select
    • Disallowed
      • Use with care
  • Policy rules
    • Hash
    • Certificate
    • Path
    • Internet Explorer Zone
common tasks restricted groups
Common TasksRestricted Groups
  • Membership of Active Directory security groups
    • No-one can be in Enterprise Administrators
    • Only these users are helpdesk staff
  • Membership of Local Groups
    • Helpdesk are members of local administrators
common tasks some of the rest
Common TasksSome of the rest….
  • Additional security
    • Registry Access Control Lists (ACLs)
    • File System Access Control Lists (ACLs)
    • Service Startup Mode
  • Internet Explorer Maintenance
  • Audit Policies
    • Especially on servers
agenda2
Agenda
  • Introducing Group Policy
  • Common tasks with Group Policy
  • Planning & Best Practices
planning best practices ou design
Planning & Best PracticesOU Design
  • Why create OU’s
  • Segment by role
    • Domain controllers
    • Computers
    • Users
  • Redirect default OU for new accounts
    • redirusr.exe and redircmp.exe
  • Use delegation of administration
    • Create/Update/Link GPOs
planning best practices group policy objects
Planning & Best PracticesGroup Policy Objects
  • Normalise GPOs – “GP Common Scenarios”
  • Naming conventions
    • Clear purpose and intent
    • 3-segment string: Scope/Purpose/Managed By
    • e.g. WW-Outlook-OTG
  • What about the number of GPOs?
    • MYTH: Fewer GPOs=Better performance
    • FACT: Number of settings is more important
planning best practices general guidance
Planning & Best PracticesGeneral Guidance
  • Avoid Cross-Domain GPO links
    • Performance overhead
    • Alternative - GPMC scripts
  • Use the following sparingly
    • Enforce (no override)
    • Block Inheritance
    • Loopback
  • Keep it simple
planning best practices using wmi filters
Planning & Best PracticesUsing WMI Filters
  • XP and Windows Server 2003 Only
  • Performance hit
  • Limit to known lifetime if possible
  • Scriptomatic
summary
Summary
  • Group Policy serves many purposes
  • If you’re not already using GPMC, why not?
  • It’s not as hard as it looks
    • …but without planning, it’s easy to make it look hard
  • http://www.microsoft.com/windowsserver2003/ technologies/management/grouppolicy
recommended reading
Recommended Reading

“Group Policy, Profiles and Intellimirror for Windows 2003, Windows XP and Windows 2000”

By Jeremy Moskowitz

www.gpanswers.com

slide39

© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

slide40

© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

understanding group policy on windows server 20031

Understanding Group Policy on Windows Server 2003

John Howard, IT Pro Evangelist, Microsoft UK

http://blogs.technet.com/jhoward