In this demonstration, you will see how to delegate the right to create, edit, link, and use the reporting tools for group policies.. Lab: Creating and Configuring GPOs • Exercise 1: [r]
(1)(2)Module Overview
• Overview of Group Policies
• Configuring the Scope of Group Policy Objects
• Evaluating the Application of Group Policy Objects
• Managing Group Policy Objects
(3)Lesson 1: Overview of Group Policies • What Are Group Policies?
• Group Policy Settings
• How Group Policies Are Applied
• Exceptions to Normal Group Policy Processing
• Group Policy Components
• What Are ADM and ADMX files?
• What Is the Central Store?
(4)What Are Group Policies?
Use Group Policies to:
• Apply standard configurations
• Deploy software
• Enforce security settings
• Enforce a consistent desktop environment
Group Policies enable IT administrators to automate one-to-many management of users and computers
Group Policies enable IT administrators to automate one-to-many management of users and computers
Local group policies are always in effect for local and domain users and local computer settings
(5)Group Policy Settings
• Software
• Windows
• Security
(6)How Group Policies are Applied
Computer starts
• Computer settings applied
• Startup scripts run
Refresh Interval
Refresh Interval
User logs on
• User settings applied
• Logon scripts run
Refresh Interval
Refresh Interval
Every 90 minutes
Every 90 minutes
Every 90 minutes
(7)Exceptions to Group Policy Processing
Additional exceptions:
• Windows XP and Vista use cached credential for faster logons
• Many GPO settings take two logons to take effect
Cached credentials
• 500 KPS by default
• Certain client side extensions are not processed
• Prior to Vista, ICMP is used to detect a slow link
• Vista uses Network Location Awareness Slow links
• Remote access connections
(8)Group Policy Components
Group Policy Object Group Policy Object
• Stored in Active Directory • Provides version information
Group Policy Container Group Policy Container
• Stored in shared SYSVOL folder • Provides Group Policy settings • Supports both ADM and
ADMX templates
Group Policy Template Group Policy Template
(9)What Are ADM and ADMX Files?
ADM files are:
• Copied into every GPO in SYSVOL
• Difficult to customize ADMX files are:
• Language neutral
• Not stored in the GPO
(10)What Is the Central Store?
The Central Store:
• Is a central repository for ADMX and ADML files
• Is stored in SYSVOL
• Must be created manually
• Is detected automatically by Windows Vista or Server 2008
Windows Vista or Windows Server 2008
workstation
Windows Vista or Windows Server 2008
workstation ADMX files ADMX files Domain controller with SYSVOL Domain controller
with SYSVOL Domain controller with SYSVOL
(11)Demonstration: Configuring Group Policy Objects
In this demonstration, you will see how to:
• Create a GPO
(12)Lesson 2: Configuring the Scope of Group Policy Objects
• Group Policy Processing Order
• What Are Multiple Local Group Policies?
• Options for Modifying Group Policy Processing
• Demonstration: Configuring Group Policy Object Links
• Demonstration: Configuring Group Policy Inheritance
• Demonstration: Filtering Group Policy Objects Using Security Groups
• Demonstration: Filtering Group Policy Objects Using WMI Filters
• How Does Loopback Processing Work?
(13)(14)What Are Multiple Local Group Policies?
• One layer of computer configurations that applies to all users
• Layers apply only to individual users, not to groups
• There are three layers of user configurations:
• Administrator
• Non-Administrator
(15)Options for Modifying Group Policy Processing
Five methods to modify GPO default processing:
• Block inheritance
• Enforcement
• Filtering using security groups or WMI filters
• Disabling GPOs
(16)Demonstration: Configuring Group Policy Object Links
• In this demonstration, you will see how to:
(17)Demonstration: Configuring Group Policy Inheritance
• In this demonstration, you will see how to:
(18)Demonstration: Filtering Group Policy Objects By Using Security Groups
(19)Demonstration: Filtering Group Policy Objects Using WMI Filters
(20)(21)Discussion: Configuring the Scope of Group Policy Processing
Woodgrove Bank Domain Tree Woodgrove Bank Domain Tree Woodgrove Bank Head Office Branches Servers Toronto Winnipeg SQL Server Exchange Server Toronto site
Winnipeg Head Office
Head Office site
High-speed link
(22)Lesson 3: Evaluating the Application of Group Policy Objects
• What Is Group Policy Reporting?
• What Is Group Policy Modeling?
(23)What Is Group Policy Reporting?
• Group Policy results are provided by the GPMC
• GPResult is a command line utility
Group policy reporting is a method of planning and troubleshooting group policy
(24)What Is Group Policy Modeling?
The Group Policy Modeling Wizard simulates:
• Site membership
• Security group membership
• WMI filters
• Slow links
• Loopback processing
• The effects of moving user or computer objects to a different Active Directory container
(25)Demonstration: How to Evaluate the Application of Group Policies
(26)Lesson 4: Managing Group Policy Objects • GPO Management Tasks
• What Is a Starter GPO?
• Demonstration: How to Copy a GPO
• Demonstration: Backing up and Restoring GPOs
• Demonstration: Importing a GPO
(27)GPO Management Tasks
GPO management tasks:
• Back up GPOs
• Restore GPOs
• Copy GPOs
(28)What Is a Starter GPO?
• Stores administrative template settings on which the new GPOs will be based
• Can be exported to cab files
• Can be imported into other areas of the enterprise
Exported to cab file Exported to cab file
starterGPO
starterGPO Cab fileCab file
Imported to GPMC Imported to GPMC
Load cabinet file
(29)Demonstration: How to Copy a GPO
(30)Demonstration: Backing up and Restoring GPOs
(31)Demonstration: Importing a GPO
• In this demonstration, you will see how to:
Import a GPO
(32)Migrating Group Policy Objects
The ADMX Migrator utility:
• Can be used to convert custom ADM files to ADMX
(33)Lesson 5: Delegating Administrative Control of Group Policies
• Options for Delegating Control of GPOs
(34)Options for Delegating Control of GPOs
Methods to delegate control of GPOs
Create GPOs in the domain Edit or delete GPOs Link GPOs to containers Use reporting tools
Membership in Group Policy Creator Owners group or explicit
permission to create GPOs
Assign Edit rights to individual policies Delegate the right to link GPOs to
containers
Delegate the right to use group policy
(35)Demonstration: How to Delegate Administrative Control of GPOs
(36)Lab: Creating and Configuring GPOs • Exercise 1: Creating Group Policy Objects
• Exercise 2: Managing the Scope of GPO Application
• Exercise 3: Verifying GPO Application
• Exercise 4: Managing GPOs
• Exercise 5: Delegating Administrative Control of GPOs
Estimated time: 75 minutes Logon information
Virtual machine NYC-DC1, NYC-CL1 User name Administrator
(37)Lab Review
• What other method could be used to grant a user the right to create GPOs in the domain?
(38)Module Review and Takeaways • Considerations
(39)Beta Feedback Tool
• Beta feedback tool helps:
Collect student roster information, module feedback, and
course evaluations
Identify and sort the changes that students request, thereby
facilitating a quick team triage
Save data to a database in SQL Server that you can later
query
(40)Beta Feedback
• Overall flow of module:
Which topics did you think flowed smoothly, from topic to
topic?
Was something taught out of order?
• Pacing:
Were you able to keep up? Are there any places where the
pace felt too slow?
Were you able to process what the instructor said before
moving on to next topic?
Did you have ample time to reflect on what you learned? Did
you have time to formulate and ask questions?
• Learner activities:
Which demos helped you learn the most? Why you think
that is?
Did the lab help you synthesize the content in the module?
Did it help you to understand how you can use this knowledge in your work environment?
Were there any discussion questions or reflection questions