Tài liệu Windows Administration Productivity Solutions for IT Professionals ppt

Windows Administration. Productivity Solutions for IT Professionals

Copyright Page
Dedication
About the Author
Acknowledgments
Contents at a Glance
Table of Contents
Introduction
- Document Conventions
  - Reader Aids
  - Command-Line Examples
- System Requirements
- Web-Based Content
- Find Additional Content Online
- Companion Media
- Using the Scripts
- Resource Kit Support Policy
Solution Collection 1: Role-Based Management
- Scenarios, Pain, and Solution
  - The 80/20 rule
  - Scripts and tools on the companion media
  - Microsoft and third-party tools
  - The Windows Administration Resource Kit online community
  - Enough, already!
- 1-1: Enumerate a User’s (or Computer’s) Group Memberships
  - Solution overview
  - Introduction
  - Active Directory Users and Computers
  - DS commands
  - Creating a batch script
  - Enumerating group membership with VBScript
  - Why VBScript?
  - Next steps
  - For more information
  - Solution summary
- 1-2: Create a GUI Tool to Enumerate Group Memberships
  - Solution overview
  - Introduction
  - HTML Applications
  - Create an HTA
  - For more information
  - Solution summary
- 1-3: Extend Active Directory Users and Computers to Enumerate Group Memberships
  - Solution overview
  - Introduction
  - Arguments and HTAs
  - Integrating a custom HTA with an MMC snap-in using tasks
  - Integrating a custom HTA with an MMC snap-in using display specifiers
  - Tasks or display specifiers
  - Solution summary
- 1-4: Understand Role-Based Management
  - Solution overview
  - Introduction
  - Role groups
  - Capability management groups
  - Role groups are nested into capability management groups
  - Other nesting
  - Data, business logic, and presentation
  - Third-party tools
  - Solution summary
- 1-5: Implement Role-Based Access Control
  - Solution overview
  - Introduction
  - Role groups
  - Capability management groups
  - Representing business requirements
  - Implementing capabilities
  - Automating and provisioning
  - Solution summary
- 1-6: Reporting and Auditing RBAC and Role-Based Management
  - Solution overview
  - Introduction
  - My Memberships
  - Access Report
  - Auditing internal compliance of your role-based access control
  - Solution summary
- 1-7: Getting to Role-Based Management
  - Solution overview
  - Introduction
  - A review of role-based management
  - Discussing and selling role-based management
  - The road to role-based management
  - Token size
  - Solution summary
Solution Collection 2: Managing Files, Folders, and Shares
- 2-1: Work Effectively with the ACL Editor User Interfaces
  - Solution overview
  - Introduction
  - The ACL editor
  - Evaluating effective permissions
  - Solution summary
- 2-2: Manage Folder Structure
  - Solution overview
  - Introduction
  - Create a folder structure that is wide rather than deep
  - Use DFS namespaces to present shared folders in a logical hierarchy
  - Solution summary
- 2-3: Manage Access to Root Data Folders
  - Solution overview
  - Introduction
  - Create one or more consistent root data folders on each file server
  - Use Group Policy to manage and enforce ACLs on root data folders
  - Solution summary
- 2-4: Delegate the Management of Shared Folders
  - Solution overview
  - Introduction
  - Dedicate servers that perform a file server role
  - Manage the delegation of administration of shared folders
  - Solution summary
- 2-5: Determine Which Folders Should Be Shared
  - Solution overview
  - Introduction
  - Determine which folders should be shared
  - Solution summary
- 2-6: Implement Folder Access Permissions Based on Required Capabilities
  - Solution overview
  - Introduction
  - Implement a Read capability
  - Implement a Browse To capability
  - Implement an Edit capability
  - Implement a Contribute capability
  - Implement a Drop capability
  - Implementing a Support capability
  - Create scripts to apply permissions consistently
  - Manage folder access capabilities using role-based access control
  - Solution summary
- 2-7: Understand Shared Folder Permissions (SMB Permissions)
  - Solution overview
  - Introduction
  - Scripting SMB permissions on local and remote systems
  - Solution summary
- 2-8: Script the Creation of an SMB Share
  - Solution overview
  - Introduction
  - Using Share_Create.vbs
  - Customizing Share_Create.vbs
  - Understanding Share_Create.vbs
  - Solution summary
- 2-9: Provision the Creation of a Shared Folder
  - Solution overview
  - Introduction
  - Using Folder_Provision.hta
  - Basic customization of Folder_Provision.hta
  - Understanding the code behind Folder_Provision.hta and advanced customization
  - Solution summary
- 2-10: Avoid the ACL Inheritance Propagation Danger of File and Folder Movement
  - Solution overview
  - Introduction
  - See the bug-like feature in action
  - What in the world is going on?
  - Solving the problem
  - Change the culture, change the configuration
  - Solution summary
- 2-11: Preventing Users from Changing Permissions on Their Own Files
  - Solution overview
  - Introduction
  - What about object lockout?
  - Solution summary
- 2-12: Prevent Users from Seeing What They Cannot Access
  - Solution overview
  - Introduction
  - One perspective: Don’t worry about it
  - A second perspective: Manage your folders
  - A third perspective and a solution: Access-based Enumeration
  - Solution summary
- 2-13: Determine Who Has a File Open
  - Solution overview
  - Introduction
  - Using FileServer_OpenFile.vbs
  - Understanding FileServer_OpenFile.vbs
  - Solution summary
- 2-14: Send Messages to Users
  - Solution overview
  - Introduction
  - Using Message_Notification.vbs
  - Understanding Message_Notification.vbs
  - Using PSExec to execute a script on a remote machine
  - Listing the open sessions on a server
  - Using and customizing FileServer_NotifyConnectedUsers.vbs
  - Solution summary
- 2-15: Distribute Files Across Servers
  - Solution overview
  - Introduction
  - Using Robocopy to distribute files
  - Using DFS Replication to distribute files
  - Solution summary
- 2-16: Use Quotas to Manage Storage
  - Solution overview
  - Introduction
  - What’s new in quota management
  - Quota templates
  - Apply a quota to a folder
  - Solution summary
- 2-17: Reduce Help Desk Calls to Recover Deleted or Overwritten Files
  - Solution overview
  - Introduction
  - Enabling shadow copies
  - Understanding and configuring shadow copies
  - Accessing previous versions
  - Solution summary
- 2-18: Create an Effective, Delegated DFS Namespace
  - Solution overview
  - Introduction
  - Creating DFS namespaces
  - Delegating DFS namespaces
  - Linking DFS namespaces
  - Presenting DFS namespaces to users
  - Solution summary
Solution Collection 3: Managing User Data and Settings
- 3-1: Define Requirements for a User Data and Settings Framework
  - Solution overview
  - Introduction
  - Understand the business requirements definition exercise
  - Define the high-level business requirements
  - Determine key design decision that is derived from high-level business requirements
  - Define requirements derived from key design decisions
  - Solution summary
- 3-2: Design UDS Components That Align Requirements and Scenarios with Features and Technologies (Part I)
  - Solution overview
  - Introduction
  - Understand UDS options
  - Align user data and settings options with requirements and scenarios
  - Validate the outcome for desktop, roaming, relocated, and traveling users
  - Solution summary
- 3-3: Create, Secure, Manage, and Provision Server-Side User Data Stores
  - Solution overview
  - Introduction
  - Create the user data store root folder
  - Align physical namespace with management requirements such as quotas
  - Provision the creation of data stores
  - Configure file screens
  - Solution summary
- 3-4: Create the SMB and DFS Namespaces for User Data Stores
  - Solution overview
  - Introduction
  - Create the SMB namespace for user data and settings stores
  - Design the logical view of user data and settings stores with DFS Namespaces
  - Build a DFS namespace to support thousands of users
  - Understand the impact of data movement and namespace changes
  - Consider the impact of %username% changes
  - Build an abstract DFS namespace for user data and settings (no site-based namespace, preferably no human names)
  - Automate and provision the creation of user data stores and DFS namespaces
  - Solution summary
- 3-5: Design and Implement Folder Redirection
  - Solution overview
  - Introduction
  - Understand the role of folder redirection
  - Configure folder redirection policies
  - Configure folder redirection targets
  - Configure folder redirection settings
  - Support redirection for users on both Windows XP and Windows Vista
  - Redirect without Group Policy: Favorites, Music, Pictures, and Videos
  - Achieve a unified redirected folder environment for Windows XP and Windows Vista
  - Solution summary
- 3-6: Configure Offline Files
  - Solution overview
  - Introduction
  - Understand the cache
  - Understand caching
  - Understand synchronization
  - Understand offline mode
  - Leverage offline files for the UDS framework
  - Put offline files to use
  - Solution summary
- 3-7: Design and Implement Roaming Profiles
  - Solution overview
  - Introduction
  - Analyze the structure of the Windows Vista user profile
  - Review the components that create the user profile
  - Configure the folders that will not roam
  - Configure roaming profiles
  - Recognize the “V2” of Windows Vista roaming profiles
  - Unify the experience of Windows XP and Windows Vista users
  - Work through the FOLKLORE of roaming profiles
  - Identify the benefit of roaming profiles
  - Manage the Application Data (AppData\Roaming) folder
  - Solution summary
- 3-8: Manage User Data That Should Not Be Stored on Servers
  - Solution overview
  - Introduction
  - Identify the types of data you want to manage as local only
  - Design a local-only data folder structure
  - Implement local-only file folders
  - Ensure that applications will find relocated media folders
  - Redirect Windows XP media folders that you are treating as local only
  - Provide a way for users to find relocated folders
  - Communicate to users and train them regarding local-only data
  - Solution summary
- 3-9: Manage User Data That Should Be Accessed Locally
  - Solution overview
  - Introduction
  - Determine the name for a local files folder
  - Option 1: Use a roaming profile folder
  - Option 2: Leverage offline files (Windows Vista only)
  - Option 3: Create a local folder that is backed up to a network store
  - Solution summary
- 3-10: Back Up Local Data Stores for Availability, Mobility, and Resiliency
  - Solution overview
  - Introduction
  - Define the goals of a synchronization solution
  - Utilize Robocopy as a backup engine
  - Leverage Folder_Synch.vbs as a wrapper for Robocopy
  - Deploy Folder_Synch.vbs and Robocopoy
  - Determine how and when to run Folder_Synch.vbs for each local store
  - Launch Folder_Synch.vbs manually
  - Enable users to right-click a folder and back it up using a shell command
  - Compare manual options for Folder_Synch.vbs
  - Run Folder_Synch.vbs automatically
  - Run Folder_Synch.vbs as a scheduled task
  - Run Folder_Synch.vbs as a logon, logoff, startup, or shutdown script
  - Log and monitor synchronization
  - Solution summary
- 3-11: Design UDS Components That Align Requirements and Scenarios with Features and Technologies (Part II)
  - Solution overview
  - Introduction
  - Recognize the crux of the challenge
  - Identify the desired classes of data stores
  - Analyze and classify your user data stores and data
  - Solution summary
Solution Collection 4: Implementing Document Management and Collaboration with SharePoint
- 4-1: Create and Configure a Document Library
  - Solution overview
  - Introduction
  - Create a site
  - Create a document library
  - Configure document library settings
  - Configure the document library title
  - Enable or disable folders within the document library
  - Change the default template for the library
  - Configure security for a document library
  - Solution summary
- 4-2: Manage Document Metadata Using Library and Site Columns
  - Solution overview
  - Introduction
  - Create a column
  - Work with custom columns from Microsoft Office clients
  - Work with document properties from the SharePoint Web interface
  - Modify or delete library columns
  - Reorder columns
  - Manage site columns
  - Create site columns
  - Use a site column in a list or library
  - Modify and delete site columns
  - Solution summary
- 4-3: Implement Managed Content Types
  - Solution overview
  - Introduction
  - Create a content type
  - Add one or more content types to a list or library
  - Understand child site and list content types
  - Protect a content type by making it read-only
  - Do not change default SharePoint content types
  - Solution summary
- 4-4: Configure Multiple Templates for a Document Library
  - Solution overview
  - Introduction
  - Create a central library for templates
  - Configure a content type for a template
  - Configure a library to support the content types
  - Solution summary
- 4-5: Add, Save, and Upload Documents to a Document Library
  - Solution overview
  - Introduction
  - Create a new document with the New command
  - Upload documents with the Upload commands
  - Add documents to document libraries with Windows Explorer
  - Save to a document library from a SharePoint-compatible application
  - E-mail–enable a document library
  - Solution summary
- 4-6: Create Shortcuts to Document Libraries for End Users
  - Solution overview
  - Introduction
  - Create Network Places (Windows XP)
  - Create Network Locations (Vista)
  - Solution summary
- 4-7: Quarantine and Manage Uploads to a Document Library with Multiple Content Types
  - Solution overview
  - Introduction
  - Solution summary
- 4-8: Work with Documents in a Document Library
  - Solution overview
  - Introduction
  - View a document in a document library
  - Edit a document in a document library
  - Open a document with Office 2007 clients installed
  - Solution summary
- 4-9: Monitor Changes to Libraries or Documents with Alerts and RSS
  - Solution overview
  - Introduction
  - Subscribe to e-mail alerts for a library or document
  - Monitor library activity using RSS
  - Solution summary
- 4-10: Control Document Editing with Check Out
  - Solution overview
  - Introduction
  - Require document checkout
  - Check out a document
  - Understand the user experience while a document is checked out
  - Manage document check in
  - Solution summary
- 4-11: Implement and Maintain Document Version History
  - Solution overview
  - Introduction
  - Configure version history
  - Manage the creation of major and minor versions
  - Manage document versions
  - Compare document versions
  - Solution summary
- 4-12: Implement Content Approval
  - Solution overview
  - Introduction
  - Configure content approval
  - Understand the interaction of content approval, versioning, and checkout
  - Solution summary
- 4-13: Implement a Three-State Workflow
  - Solution overview
  - Introduction
  - Configure the choice field for the state
  - Configure the three-state workflow
  - Launch and manage workflows
  - Solution summary
- 4-14: Organize and Manage Documents with Folders and Views
  - Solution overview
  - Introduction
  - Use folders to scope document management
  - Use views to scope the presentation and management of documents
  - Solution summary
- 4-15: Configure WSS Indexing of PDF Files
  - Solution overview
  - Introduction
  - Disable search within a library
  - Enable indexing of PDFs
  - Assign an icon to unrecognized file types
  - Solution summary
- 4-16: Work with SharePoint Files Offline
  - Solution overview
  - Introduction
  - Download a copy of a file
  - Provide offline access to files using the local cache
  - Use Outlook 2007 to take libraries and lists offline
  - Other options for offline use of SharePoint document libraries
  - Solution summary
Solution Collection 5: Active Directory Delegation and Administrative Lock Down
- 5-1: Explore the Components and Tools of Active Directory Delegation
  - Solution overview
  - Introduction
  - Use Active Directory object ACLs and ACL editor interfaces
  - Manage access control entries on Active Directory objects
  - Adhere to the golden rules of delegation
  - Apply permissions with a friend: The Delegation Of Control Wizard
  - Manage the presentation of your delegation
  - Solution summary
- 5-2: Customize the Delegation Of Control Wizard
  - Solution overview
  - Introduction
  - Locate and understand Delegwiz.inf
  - Customize Delegwiz.inf
  - Use Microsoft’s super-duper Delegwiz.inf
  - Solution summary
- 5-3: Customize the Permissions Listed in the ACL Editor Interfaces
  - Solution overview
  - Introduction
  - Recognize that some permissions are hidden
  - Modify Dssec.dat
  - Ensure the visibility of permissions that you are delegating
  - Solution summary
- 5-4: Evaluate, Report, and Revoke Active Directory Permissions
  - Solution overview
  - Introduction
  - Use Dsacls to report Active Directory permissions
  - Use ACLDiag to report Active Directory permissions
  - Use ADFind to report Active Directory permissions
  - Use DSRevoke to report Active Directory permissions
  - Evaluate permissions assigned to a specific user or group
  - Revoke Active Directory permissions with DSRevoke
  - Revoke Active Directory permissions with Dsacls
  - Reset permissions to Schema defaults
  - Solution summary
- 5-5: Assign and Revoke Permissions with Dsacls
  - Solution overview
  - Introduction
  - Identify the basic syntax of Dsacls
  - Delegate permissions to manage computer objects
  - Grant permissions to manage other common object classes
  - Use Dsacls to delegate other common tasks
  - Solution summary
- 5-6: Define Your Administrative Model
  - Solution overview
  - Introduction
  - Define the tasks that are performed
  - Define the distinct scopes of each task
  - Bundle tasks within a scope
  - Identify the rules that currently perform task bundles
  - Solution summary
- 5-7: Role-Based Management of Active Directory Delegation
  - Solution overview
  - Introduction
  - Identify the pain points of an unmanaged delegation model
  - Create capability management groups to manage delegation
  - Assign permissions to capability management groups
  - Delegate control by adding roles to capability management groups
  - Create granular capability management groups
  - Report permissions in a role-based delegation
  - Solution summary
- 5-8: Scripting the Delegation of Active Directory
  - Solution overview
  - Introduction
  - Recognize the need for scripted delegation
  - Script delegation with Dsacls
  - Solution summary
- 5-9: Delegating Administration and Support of Computers
  - Solution overview
  - Introduction
  - Define scopes of computers
  - Create capability management groups to represent administrative scopes
  - Implement the delegation of local administration
  - Manage the scope of delegation
  - Get the Domain Admins group out of the local Administrators groups
  - Solution summary
- 5-10: Empty as Many of the Built-in Groups as Possible
  - Solution overview
  - Introduction
  - Delegate control to custom groups
  - Identify protected groups
  - Don’t bother trying to un-delegate the built-in groups
  - Solution summary
Solution Collection 6: Improving the Management and Administration of Computers
- 6-1: Implement Best Practices for Managing Computers in Active Directory
  - Solution overview
  - Introduction
  - Establish naming standards for computers
  - Identify requirements for joining a computer to the domain
  - Design Active Directory to delegate the management of computer objects
  - Delegate permissions to create computers in the domain
  - Create a computer object in Active Directory
  - Delegate permissions to join computers using existing computer objects
  - Join a computer to the domain
  - Ensure correct logon after joining the domain
  - Solution summary
- 6-2: Control the Addition of Unmanaged Computers to the Domain
  - Solution overview
  - Introduction
  - Configure the default computer container
  - Solution summary
- 6-3: Provision Computers
  - Solution overview
  - Introduction
  - Use Computer_JoinDomain.hta
  - Provision computer accounts with Computer_JoinDomain.hta
  - Create an account and join the domain with Computer_JoinDomain.hta
  - Understand Computer_JoinDomain.hta
  - Distribute Computer_JoinDomain.hta
  - Solution summary
- 6-4: Manage Computer Roles and Capabilities
  - Solution overview
  - Introduction
  - Automate the management of desktop and laptop groups
  - Deploy software with computer groups
  - Identify and manage other computer roles and capabilities
  - Solution summary
- 6-5: Reset and Reassign Computers
  - Solution overview
  - Introduction
  - Rejoin a domain without destroying a computer’s group memberships
  - Replace a computer correctly by resetting and renaming the computer object
  - Replace a computer by copying group memberships and attributes
  - Solution summary
- 6-6: Establish the Relationship Between Users and Their Computers with Built- in Properties
  - Solution overview
  - Introduction
  - Use the managedBy attribute to track asset assignment of a computer to a single user or group
  - Use the manager attribute to track asset assignment of computersto a user
  - Solution summary
- 6-7: Track Computer-to-User Assignments by Extending the Schema
  - Solution overview
  - Introduction
  - Understand the impact of extending the schema
  - Plan the ComputerAssignedTo attribute and ComputerInfo object class
  - Obtain an OID
  - Register the Active Directory schema snap-in
  - Make sure you have permission to change the schema
  - Connect to the schema master
  - Create the ComputerAssignedTo attribute
  - Create the ComputerInfo object class
  - Associate the ComputerInfo object class with the Computer object class
  - Give the ComputerAssignedTo attribute a friendly display name
  - Allow the changes to replicate
  - Delegate permission to modify the attribute
  - Integrate the Computer_AssignTo.hta tool with Active Directory Users and Computers
  - Add other attributes to computer objects
  - Solution summary
- 6-8: Establish Self-Reporting of Computer Information
  - Solution overview
  - Introduction
  - Determine the information you wish you had
  - Decide where you want the information to appear
  - Report computer information with Computer_InfoToDescription.vbs
  - Understand Computer_InfoToDescription.vbs
  - Expose the report attributes in the Active Directory Users and Computers snap-in
  - Delegate permissions for computer information reporting
  - Automate computer information reporting with startup and logon scripts or scheduled tasks
  - Take it to the next level
  - Solution summary
- 6-9: Integrate Computer Support Tools into Active Directory Users and Computers
  - Solution overview
  - Introduction
  - Add a “Connect with Remote Desktop” command
  - Add an “Open Command Prompt” command
  - Execute any command remotely on any system
  - Use Remote_Command.hta to create specific command tasks for remote administration
  - Solution summary
Solution Collection 7: Extending User Attributes and Management Tools
- 7-1: Best Practices for User Names
  - Solution overview
  - Introduction
  - Establish best practice standards for user object name attributes
  - Implement manageable user logon names
  - Prepare to add the second “ John Doe” to your Active Directory
  - Solution summary
- 7-2: Using Saved Queries to Administer Active Directory Objects
  - Solution overview
  - Introduction
  - Create a custom console that shows all domain users
  - Control the scope of a saved query
  - Build saved queries that target specific objects
  - Understand LDAP query syntax
  - Identify some useful LDAP queries
  - Transfer saved queries between consoles and administrators
  - Leverage saved queries for most types of administration
  - Solution summary
- 7-3: Create MMC Consoles for Down-Level Administrators
  - Solution overview
  - Introduction
  - Create a console with saved queries
  - Create a taskpad with tasks for each delegated ability
  - Add productive tools and scripts to the taskpads
  - Add procedures and documentation to the console
  - Create an administrative home page within the console
  - Add each taskpad to the MMC favorites
  - Create navigation tasks
  - Save the console in User mode
  - Lock down the console view
  - Distribute the console
  - Solution summary
- 7-4: Extending the Attributes of User Objects
  - Solution overview
  - Introduction
  - Leverage unused and unexposed attributes of user objects
  - Extend the schema with custom attributes and object classes
  - Create an attribute that exposes the computer to which a user is logged on
  - Create an attribute that supports users’ software requests
  - Solution summary
- 7-5: Creating Administrative Tools to Manage Unused and Custom Attributes
  - Solution overview
  - Introduction
  - Display and edit the value of an unexposed attribute
  - Use the Object_Attribute.vbs script to display or edit any single-valued attribute
  - Use Object_Attribute.hta to view or edit single-valued or multivalued attributes
  - Solution summary
- 7-6: Moving Users and Other Objects
  - Solution overview
  - Introduction
  - Understand the permissions required to move an object in Active Directory
  - Recognize the denial-of-service exposure
  - Carefully restrict the delegation to move (delete) objects
  - Delegate highly sensitive tasks such as object deletion to tertiary administrative credentials
  - Proxy the task of moving objects
  - Solution summary
- 7-7: Provisioning the Creation of Users
  - Solution overview
  - Introduction
  - Examine a user-provisioning script
  - Create graphical provisioning tools
  - Solution summary
Solution Collection 8: Reimagining the Administration of Groups and Membership
- 8-1: Best Practices for Creating Group Objects
  - Solution overview
  - Introduction
  - Create groups that document their purpose
  - Protect groups from accidental deletion
  - Consider the group type: security vs. distribution
  - Consider group scope: global, domain local, and universal
  - Solution summary
- 8-2: Delegate Management of Group Membership
  - Solution overview
  - Introduction
  - Examine the member and memberOf attributes
  - Delegate permission to write the member attribute
  - Solution summary
- 8-3: Create Subscription Groups
  - Solution overview
  - Introduction
  - Examine scenarios suited to the use of subscription groups
  - Delegate the Add/Remove Self As Member validated write
  - Provide tools with which to subscribe or unsubscribe
  - Solution summary
- 8-4: Create an HTA for Subscription Groups
  - Solution overview
  - Introduction
  - Use Group_Subscription.hta
  - Understand Group_Subscription.hta
  - Take away lessons in the value of group standards
  - Solution summary
- 8-5: Create Shadow Groups
  - Solution overview
  - Introduction
  - Shadow groups and fine-grained password and account lockout policies
  - Understand the elements of a shadow group framework
  - Define the group membership query
  - Define the base scopes of the query
  - Develop a script to manage the group’s member attribute based on the query, while minimizing the impact on replication
  - Execute the script on a regular interval
  - Trigger the script based on changes to an OU
  - Solution summary
- 8-6: Provide Friendly Tools for Group Management
  - Solution overview
  - Introduction
  - Enumerate memberOf and member
  - Report direct, indirect, and primary group memberships
  - List a user’s membership by group type
  - Display all members of a group
  - Add or remove group members with Group_ChangeMember.hta
  - Give users control over the groups they manage
  - Identify notes and next steps for group management tools
  - Solution summary
- 8-7: Proxy Administrative Tasks to Enforce Rules and Logging
  - Solution overview
  - Introduction
  - Understand proxying
  - Explore the components of the Proxy Framework
  - Imagine what proxying can do for you
  - Delegate group management to users with increased confidence and security
Solution Collection 9: Improving the Deployment and Management of Applications and Configuration
- 9-1: Providing Software Distribution Points
  - Solution overview
  - Introduction
  - Rationalize your software folder namespace
  - Manage access to software distribution folders
  - Share the Software folder, and abstract its location with a DFS namespace
  - Replicate software distribution folders to remote sites and branch offices
  - Create a place for your own tools and scripts
  - Solution summary
- 9-2: New Approaches to Software Packaging
  - Solution overview
  - Introduction
  - Determine how to automate the installation of an application
  - Identify the success codes produced by application installation
  - Use Software_Setup.vbs to install almost any application
  - Separate the configuration from the application installation
  - Install the current version of an application
  - Solution summary
- 9-3: Software Management with Group Policy
  - Solution overview
  - Introduction
  - Prepare an application for deployment with GPSI
  - Configure a GPO to deploy an application
  - Scope the deployment of an application using application groups
  - Filter the software deployment GPO with the application group
  - Link the GPO as high as necessary to support its scope
  - When to use GPSI
  - GPSI and Microsoft Office 2007
  - Take it to the next level
  - Solution summary
- 9-4: Deploy Files and Configuration Using Group Policy Preferences
  - Solution overview
  - Introduction
  - Deploy files with Group Policy Files preferences
  - Push registry changes using Registry preferences
  - Solution summary
- 9-5: A Build-It-Yourself Software Management Infrastructure
  - Solution overview
  - Introduction
  - Identify the challenges of deploying applications such as Microsoft Office 2007
  - Prepare a software distribution folder for Microsoft Office 2007
  - Create a setup customization file
  - Launch an unattended installation of Office 2007
  - Identify the requirements for a build-it-yourself software management framework
  - Customize Software_Deploy.vbs to enable application deployment
  - Manage change using group membership
  - Deploy an application using a scheduled task
  - Give users control over the timing of installation
  - Solution summary
- 9-6: Automate Actions with
  - Solution overview
  - Introduction
  - Use SendKeys to automate an action sequence
  - Understand and customize Config_QuickLaunch_Toggle.vbs
  - Set the default folder view to Details for all folders
  - Automate with AutoIt
  - Solution summary
Solution Collection 10: Implementing Change, Configuration, and Policies
- 10-1: Create a Change Control Workflow
  - Solution overview
  - Introduction
  - Identify the need for change
  - Translate the change to Group Policy settings
  - Test the change in a lab environment
  - Communicate the change to users
  - Test the change in the production environment
  - Migrate users and computers in the production environment to the scope of the change
  - Implement more GPOs with fewer settings
  - Establish a GPO naming convention
  - Ensure a new GPO is not being applied while you are configuring its settings
  - Back up a GPO prior to and after changing it
  - Document the settings and the GPO
  - Carefully implement the scope of a GPO
  - Establish a change management workflow with service levels
  - Understand the behavior of client-side Group Policy application
  - Solution summary
- 10-2: Extend Role-Based Management to the Management of Change and Configuration
  - Solution overview
  - Introduction
  - Scope GPOs to security groups
  - Manage exemptions from an entire GPO
  - Manage exemptions from some settings of a GPO
  - Link group-filtered GPOs high in the structure
  - Maximize group management techniques to control GPO scoping
  - Solution summary
- 10-3: Implement Your Organization’s Password and Account Lockout Policies
  - Solution overview
  - Introduction
  - Determine the password policies that are appropriate for your organization
  - Customize the default GPOs to align with your enterprise policies
  - Implement your password, lockout, and Kerberos policies
  - Implement fine-grained password policies to protect sensitive and privileged accounts
  - Understand PSO precedence
  - Solution summary
- 10-4: Implement Your Authentication and Active Directory Auditing Policies
  - Solution overview
  - Introduction
  - Implement your auditing policies by modifying the Default Domain Controllers Policy GPO
  - Consider auditing failure events
  - Align auditing policies, corporate policies, and reality
  - Audit changes to Active Directory objects
  - View audit events in the Security log
  - Leverage Directory Service Changes auditing
  - Solution summary
- 10-5: Enforce Corporate Policies with Group Policy
  - Solution overview
  - Introduction
  - Translate corporate policies to security and nonsecurity settings
  - Create GPOs to configure settings derived from corporate policies
  - Scope GPOs to the domain
  - Enforce corporate security and configuration policies
  - Proactively manage exemptions
  - Provide a managed migration path to policy implementation
  - Determine whether you need more than one GPO for corporate policy implementation
  - Solution summary
- 10-6: Create a Delegated Group Policy Management Hierarchy
  - Solution overview
  - Introduction
  - Delegate permissions to link existing GPOs to an OU
  - Delegate the ability to manage an existing GPO
  - Delegate permission to create GPOs
  - Understand the business and technical concerns of Group Policy delegation
  - Solution summary
- 10-7: Testing, Piloting, Validating, and Migrating Policy Settings
  - Solution overview
  - Introduction
  - Create an effective scope of management for a pilot test
  - Prepare for and model the effects of the pilot test
  - Create a rollback mechanism
  - Implement the pilot test
  - Migrate objects to the scope of the new GPO
  - Solution summary
- 10-8: No-Brainer Group Policy Tips
  - Solution overview
  - Introduction
  - Deploy registry changes with templates or registry preferences
  - Use loopback policy processing in merge mode
  - Run GPUpdate on a remote system to push changes
  - Delegate permissions to perform RSoP reporting
  - Scope network-related settings using sites or shadow groups
  - Avoid WMI filters and targeting when possible: Use shadow groups instead
  - No-brainer Group Policy settings
Index