Microsoft ® Official Course Module 6 Managing User Desktops with Group Policy.

Microsoft® Official Course

Module 6

Managing User Desktops with Group Policy

Module Overview

Implementing Administrative Templates

Configuring Folder Redirection and Scripts

Configuring Group Policy Preferences•Managing Software with Group Policy

Lesson 1: Implementing Administrative Templates

What Are Administrative Templates?

What Are ADM and ADMX Files?

The Central Store

Discussion: Practical Uses of Administrative Templates•Demonstration: Configuring Settings with Administrative Templates

What Are Administrative Templates?

Administrative Templates sections for computers are:

• Control Panel• Network• Printers• System• Windows components

Administrative Templates sections for users are:

• Control panel • Desktop• Network• Start menu and taskbar• System• Windows components

Administrative Templates provide you with the ability to control both the environment of the operating system and user experience

Each of these main sections contain many subfolders to further organize settings

What Are ADM and ADMX Files?

ADM files:

• Are copied into every GPO in SYSVOL• Are difficult to customize

ADMX files:

• Include language-neutral ADML files that provide the localized language

• Are not stored in the GPO• Are extensible through XML

The Central Store

The Central Store:• Is a central repository for ADMX and ADML files• Is stored in SYSVOL• Must be created manually• Is detected automatically by Windows Vista or Windows

Server 2008

Windows Vista or Windows Server 2008

workstation

ADMX files

Domain controller with SYSVOL

Domain controller with SYSVOL

Discussion: Practical Uses of Administrative Templates

How do you currently provide desktop security?

How much administrative access do users have to their systems?

Which Group Policy settings will you find useful in your organization?

Demonstration: Configuring Settings with Administrative Templates

In this demonstration, you will see how to:• Filter Administrative Template policy settings• Apply comments to policy settings• Add comments to a GPO• Create a new GPO by copying an existing GPO• Create a new GPO by importing settings that were exported from another GPO

Lesson 2: Configuring Folder Redirection and Scripts

What Is Folder Redirection?

Settings for Configuring Folder Redirection

Security Settings for Redirected Folders

Demonstration: Configuring Folder Redirection

Group Policy Settings for Applying Scripts•Demonstration: Configuring Scripts with GPOs

What Is Folder Redirection?

Folder redirection is a feature that allows folders to be located on a network server, but appear as if they are located on the local drive

Folders that can be redirected in Windows Vista, Windows 7, and

Windows 8 are:• Desktop• Start Menu• Documents• Pictures• AppData\Roaming• Contacts• Downloads

• Favorites • Saved Games• Searches• Links• Music• Videos

Settings for Configuring Folder Redirection

AccountingUsers

AccountsN-Z

AccountsA-M

AccountingManagers

Anne

Amy

Folder redirection configuration options:• Use Basic folder redirection when all users

save their files to the same location• Use Advanced folder redirection when

the server hosting the folder location is based on group membership

• Use the Follow the Documents folder to force certain folders to become subfolders of Documents

Target folder location options:• Redirect to the users’ home directory

(Documents folder only) • Create a folder for each user under the

root path • Redirect to the following location • Redirect to the local user profile location

Security Settings for Redirected FoldersNTFS permissions for root folder

Share permissions for root folder

NTFS permissions for each users’ redirected folder

Creator/Owner Full control – subfolders and files only

Administrator None

Security group of users that save data on the share

List Folder/Read Data, Create Folders/Append Data-This Folder Only

Local System Full control

Creator/Owner Full control – subfolders and files only

Security group of users that save data on the share

Full control

Creator/Owner Full control – subfolders and files only

%Username% Full control, owner of folder

Administrators None

Local System Full control

Demonstration: Configuring Folder Redirection

In this demonstration, you will see how to:• Create a shared folder for folder redirection• Create a GPO to redirect the Documents folder• Test folder redirection

Group Policy Settings for Applying Scripts

You can use scripts to perform many tasks, such as clearing page files or mapping drives, and clearing temp folders for users

You can assign Group Policy script settings to assign:

• For computers:

Startup scripts

Shutdown scripts

• For users:

Logon scripts

Logoff scripts

Demonstration: Configuring Scripts with GPOs

In this demonstration, you will see how to:• Create a login script to map a network drive• Create and link a GPO to use the script and store the script in the Netlogon share• Log on to client computer and test results

Lesson 3: Configuring Group Policy Preferences

What Are Group Policy Preferences?

Comparing Group Policy Preferences and GPO Settings

Features of Group Policy Preferences•Demonstration: Configuring Group Policy Preferences

What Are Group Policy Preferences?

Group Policy preferences expand the range of configurable settings within a GPO

Group Policy preferences:

• Enable IT professionals to configure, deploy, and manage settings that were not manageable by using Group Policy

• Can be created, deleted, replaced, or updated

• Are natively supported on Windows Server 2008 and Vista SP2 or newer

Comparing Group Policy Preferences and GPO Settings

Group Policy Settings Group Policy Preferences

Strictly enforce policy settings by writing the settings to areas of the registry that standard users cannot modify

Are written to the normal locations in the registry that the application or operating system feature uses to store the setting

Typically disable the user interface for settings that Group Policy is managing

Do not cause the application or operating system feature to disable the user interface for the settings they configure

Refresh policy settings at a regular interval

Refresh preferences by using the same interval as Group Policy settings by default

Features of Group Policy Preferences

Is used to configure additional options that

control the behavior of a Group Policy preference item

Targeting Features

Determines to which users and computers a preference

item applies

Common Tab

Demonstration: Configuring Group Policy Preferences

In this demonstration, you will see how to:• Configure a desktop shortcut with Group Policy preferences• Target the preference• Configure a new folder with Group Policy preferences • Target the preference• Test the preferences

Lesson 4: Managing Software with Group Policy

How Group Policy Software Distribution Helps to Address the Software Lifecycle

How Windows Installer Enhances Software Distribution

Assigning and Publishing Software•Managing Software Upgrades by Using Group Policy

How Group Policy Software Distribution Helps to Address the Software Lifecycle

Preparation

11

Deployment

1.0

22

Maintenance

2.0

33

Removal

44

How Windows Installer Enhances Software Distribution

Windows Installer:

Windows Installer service:

• Fully automates the software installation and configuration process

• Modifies or repairs an existing application installation

Windows Installer package contains:

• Information about installing or uninstalling an application

• An .msi file and any external source files

• Summary information about the application

• A reference to an installation point

Benefits of using Windows Installer:

• Custom installations

• Resilient applications

• Clean removal

Assigning and Publishing Software

Software Distribution ShareSoftware Distribution Share

Publish software using document activation

Publish software using document activation

Publish software using Add or

Remove Programs

Publish software using Add or

Remove Programs

Assign softwareduring computer

configuration

Assign softwareduring computer

configuration

Assign software during user

configuration

Assign software during user

configuration

Managing Software Upgrades by Using Group Policy

Mandatory upgrade

Users can use only the upgraded version

Optional upgrade

Users can decide when to upgrade

Selective upgrade

You can select specific users for an upgrade

2.0

1.02.0

2.0

1.0

Deploy next version of the application

Deploy next version of the application

2.0

Lab: Managing User Desktops with Group Policy

Exercise 1: Implementing Settings by Using Group Policy Preferences•Exercise 2: Configuring Folder Redirection

Logon Information

Virtual machines: 20411B-LON-DC120411B-LON-CL1

User name: Adatum\AdministratorPassword: Pa$$w0rd

Estimated Time: 45 minutes

Lab Scenario

A. Datum Corporation is a global engineering and manufacturing company with its head office in London, U.K. An IT office and a data center are located in London to support the London head office and other locations. A. Datum has recently deployed a Windows Server 2012 server and client infrastructure.

A. Datum has just opened up a new branch office. Users in this office require an automated method for mapping drives to shared server resources and you decide to use Group Policy preferences. Furthermore, you have been asked to create a shortcut to the Notepad application for all users that belong to the IT security group. To help minimize profile sizes, you have been asked to configure folder redirection to redirect several profile folders to each user’s home drive.

Lab Review

Which options can you use to separate user's redirected folders to different servers?

Can you name two methods you could use to assign a GPO to selected objects within an OU?•You have created Group Policy preferences to configure new power options. How can you ensure that they will be applied only to laptop computers?

Module Review and Takeaways

Review Questions

Best Practice•Common Issues and Troubleshooting Tips