Section 3: Designing a Group Policy Infrastructure Overview of Active Directory Introducing the Design Stages for Implementing Group Policy Planning Your Group Policy Design Designing Your Group Policy Solution Deploying Your Group Policy Solution Managing Your Group Policy Solution Managing Windows Environments with Group Policy
52
Embed
Section 3: Designing a Group Policy Infrastructure Overview of Active Directory Introducing the Design Stages for Implementing Group Policy Planning Your.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Section 3: Designing a Group Policy Infrastructure
After completing this section, you will be able to:Describe the basic structure of Active DirectoryDescribe the four stages of implementing Group PolicyExplain how to plan your Group Policy in accordance
with company requirementsDescribe the guidelines that you should follow when
you create new GPOsExplain how to deploy Group Policy based on the
Active Directory structureExplain how to manage Group Policy by delegating
Active Directory is used to store objects, authenticate users, and implement policies. Active Directory concepts include:Active Directory ObjectsActive Directory ArchitectureNaming StandardsUsers and GroupsOrganizational Units
GPO linksSecurity filteringNumber of Group Policy objectsScope of Group PolicyApplicability of Group Policy settingsNon-applicability of Group Policy settingsRoles and locations of users and computersDesktop configurations User requirements for various types of users
Create GPOs in the domain to which the group belongs. Users who are members of this group can edit any GPOs that they create; however, other members of the group cannot. Deleting GPOs is not allowed. Linking to a site, domain, or OU is also not allowed.
Local Admins
Create GPOs in the domain to which the group belongs. A user that is a member of this group can edit and delete all GPOs that any other group member has created.Linking the GPO to the domain and any OUs hosted by the domain is also allowed.
Granular Administration Robust delegation model Role-based administration Change request approval
Reduced Failure Risk Offline editing of GPOs Difference reporting and audit logging Recovery of a deleted GPO Repair of live GPOs
Change Management Creation of GPO template libraries Subscription to policy change e-mail notifications Version tracking, history capture, and quick rollback of
deployed changes3-40
Note: Microsoft has not yet released an updated AGPM for
The heart of Active Directory is a database with object types such as Users, Groups, Computers, Contacts, Printers, and Shared folders. Active Directory is made up of a collection of components (Site, Global Catalog, Forest, Tree, Domain, Domain Controller, and OU) that work at different levels of a hierarchy.
The four stages of implementing Group Policy are: Planning: During this stage, you will decide which
components of Group Policy to deploy in your organization; start gathering information about your company and how it carries out its day-to-day business with an Active Directory network; design a Group Policy that manages entities such as: Computer security, Software deployment, etc.
Designing: During this stage, you will configure the physical components of the environment, lay out the Group Policy model, delegate management authority, create new GPOs, and design the interaction of GPOs with Active Directory sites.
Deploying: During this stage, you will make the policy available to the users and computers that you want to affect with the settings.
Managing: During this stage, you will put mechanisms in place to manage group policies on an ongoing basis; delegate authority to subordinate administrators to manage certain aspects of Group Policy; specify a default domain controller for GPO editing; use tools such as Starter GPOs and the GPO to track and control Group Policy objects.
Create more granular GPOs on a per-OU basis to affect smaller numbers of users and computers with their specific needs.
Define a meaningful naming convention for GPOs that clearly identifies the purpose of each GPO; the name should include the settings applied and the date of creation and change.
You can link policies to the domain, site, or at the various levels of a nested OU structure.
Decide the degree to which you should centralize or distribute administrative control of Group Policy. In a centralized administration model, the IT group provides services and setting standards for the entire company. In a distributed administration model, each business unit manages its own IT group. Based on the administrative model, determine which configuration management components should be handled at the site, domain, and OU levels.
You can manually assign permissions to a GPO from the Group Policy MMC.
3. What should you do when you plan your Group Policy in accordance with your company requirements? (Choose all that apply.)a. Ask the planning stage questions.
b. Find out about the design and implementation of your Active Directory infrastructure.
c. Base your Group Policy design on your physical and logical domain controller deployment.
d. Determine how your company carries out its day-to-day business with an Active Directory network.
4. What should you include when you name a GPO?The settings applied and the date of creation and change.
5. What can you link the policies to when you deploy your Group Policy solution?You can link the policies to the domain, site, or at the various levels of a nested OU structure.
6. Name the two models you can use to delegate the administration of Group Policy.Centralized administration model and distributed administration model