Introduction to Group Policy Lesson 7. Skills Matrix Technology SkillObjective DomainObjective # Using the Group Policy Management Console Create and.

Introduction to Group Introduction to Group PolicyPolicy

Lesson 7

Skills MatrixSkills Matrix

Technology Skill Objective Domain Objective #

Using the Group Policy Management Console

Create and apply Group Policy Objects (GPOs)

4.3

Configuring Group Policy Settings

Configure GPO templates 4.4

Lesson 7Lesson 7

Understanding the Benefits of Group Policy

Users can access their files, even when network connectivity is intermittent. This is accomplished by using folder redirection and offline files.

The user environment can be set up to be consistent, regardless of which workstation or location is used as the login computer.

Lesson 7Lesson 7

Understanding the Benefits of Group Policy (cont.)

User files can be redirected to a server location that allows them to be backed up regularly, saving users from the headaches of lost data due to the failure of their workstations.

Applications that become damaged or need to be updated can be maintained automatically.

Lesson 7Lesson 7

Understanding the Benefits of Group Policy (cont.)

Administrators have control over centralized configuration of user settings, application installation, and desktop configuration.

Problems due to missing application files and other minor application errors often can be alleviated by the automation of application repairs.

Lesson 7Lesson 7

Understanding the Benefits of Group Policy (cont.)

Centralized backup of user files eliminates the need and cost of trying to recover files from a damaged drive.

The need to manually make security changes is reduced by the rapid deployment of new settings through Group Policy.

Lesson 7Lesson 7

Defining Group Policy Architecture

Local GPOs

Domain GPOs

Starter GPOs

Group Policy container (GPC)

Group Policy template (GPT)

Lesson 7Lesson 7

Viewing the Group Policy Container

In Active Directory Users and Computers, click the View menu.

Select Advanced Features, which allows you to see additional objects in Active Directory.

In the left console pane, expand the System folder.

Lesson 7Lesson 7

Viewing the Group Policy Container (cont.)

In the System folder, locate the Policies folder and expand it by clicking the plus sign (+).

Lesson 7Lesson 7

Viewing Group Policy Templates

\Machine

\Machine\Microsoft \WindowsNT\SecEdit

\Machine\Scripts

\User

\User\Applications

\User\Scripts

Lesson 7Lesson 7

Creating and Linking a GPO to an OU

To create an OU for this exercise, go to a command prompt and key dsadd ou ou=Training,<DomainDN>.

Click Start, and then click Administrative Tools.

Click Group Policy Management Console.

Lesson 7Lesson 7

Creating and Linking a GPO to an OU (cont.)

Click the plus sign (+) next to domain.com.

Right-click the Training OU.

Select Create a GPO in this domain, and link it here.

Lesson 7Lesson 7

Creating and Linking a GPO to an OU (cont.)

Key a name for your GPO, and press Enter.

Expand the Group Policy Objects node.

Right-click the GPO that you just created, and click Edit.

Lesson 7Lesson 7

Configuring Group Policy Settings

Software Settings

Windows Settings

Administrative Templates

Lesson 7Lesson 7

Understanding Group Policy Processing

1. Local policies

2. Site policies

3. Domain policies

4. OU policies

Lesson 7Lesson 7

Understanding Group Policy Processing (cont.)

When a computer is initialized during startup, it establishes a secure link between the computer and a domain controller. Then, the computer obtains a list of GPOs to be applied.

Computer configuration settings are applied synchronously during computer startup before the Logon dialog box is presented to the user.

Lesson 7Lesson 7

Understanding Group Policy Processing (cont.)

Any startup scripts set to run during computer startup are processed. These scripts also run synchronously and have a default timeout of 600 seconds (10 minutes) to complete.

When the Computer Configuration scripts and startup scripts are complete, the user is prompted to press Ctrl+Alt+Del to log on.

Lesson 7Lesson 7

Understanding Group Policy Processing (cont.)

Upon successful authentication, the user profile is loaded based on the Group Policy settings in effect.

A list of GPOs specific for the user is obtained from the domain controller. User Configuration settings also are processed in

the LSDOU sequence.

Lesson 7Lesson 7

Understanding Group Policy Processing (cont.)

After the user policies run, any logon scripts run. Unlike the startup scripts, these scripts run asynchronously by default.

The user's desktop appears after all policies and scripts have been processed.

Lesson 7Lesson 7

Configuring Exceptions to GPO Processing

Enforce

Block Policy Inheritance

Loopback Processing

Lesson 7Lesson 7

You Learned

Group Policy consists of user and computer settings that can be implemented during computer startup and user logon. These settings can be used to customize the user environment, to implement security guidelines, and to assist in simplifying user and desktop administration. Group Policies can be beneficial to users and administrators. They can be used to increase a company's return on investment and to decrease the overall total cost of ownership for the network.

Lesson 7Lesson 7

You Learned (cont.)

In Active Directory, Group Policies can be assigned to sites, domains, and OUs. By default, there is one local policy per computer. Local policy settings are overwritten by Active Directory policy settings.

Lesson 7Lesson 7

You Learned (cont.)

Group Policy content is stored in an Active Directory GPC and in a GPT. Whereas the GPC can be seen using the Advanced Features view in Active Directory Users and Computers, the GPT is a GUID-named folder located in the systemroot\sysvol\SYSVOL\domain_name\ Policies folder.

Lesson 7Lesson 7

You Learned (cont.)

The Default Domain Policy and the Default Domain Controller Policy are created by default when Active Directory is installed.

The Group Policy Management Console is the tool used to create and modify Group Policies and their settings.

Lesson 7Lesson 7

You Learned (cont.)

GPO nodes contain three subnodes including Software Settings, Windows Settings, and Administrative Templates. Administrative templates are XML files with the .admx file extension. Over 100 ADMX files are included with Windows Server 2008.

Lesson 7Lesson 7

You Learned (cont.)

The order of Group Policy processing can be remembered using the acronym LSDOU: local policies are processed first, followed by site, domain, and, finally, OU policies. This order is an important part of understanding how to implement Group Policies for an object.

Lesson 7Lesson 7

You Learned (cont.)

Group Policies applied to parent containers are inherited by all child containers and objects. Inheritance can be altered by using the Enforce, Block Policy Inheritance, or Loopback settings.