Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada...

transcript

Understanding Group Policy Part 3 of 3

Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor

Microsoft CanadaMicrosoft Canada

rick.claus@microsoft.comrick.claus@microsoft.comhttp://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus

What Will We Cover?• Group Policy Management

• Advanced Group Policy Security

• Scripting Group Policy

• Group Policy Modeling

Agenda

• Managing .ADM Files

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Administrative Template Extension

• Simple way to configure policy

• Largest Group Policy extension

• .ADM files enable user interface

Using ADM Template Extensions

Domain Controller Active

Directory Database

SYSVOL

Modify Group PolicyModify Group Policy11 Stored on domain controllerStored on domain controller22 Policy applied to clientPolicy applied to client33

Reviewing .ADM Files

demonstration

Custom ADM Templates

Use to Do not use to

• Increase security• Disable interface options• Disable confusing items• Control data

• Configure all settings• Create unsupported policy

Registry Policies

HKEY_LOCAL_MACHINE\SOFTWARE\policies

HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies

HKEY_CURRENT_USER\SOFTWARE\policies

HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\policies

Customizing .ADM Templates

demonstration

Agenda

Scripting Group Policy

COM Interfaces

Sample Scripts

Backing up GPOs

Creating a new GPO

Creating environment using XML

Importing a GPO

Listing disabled GPOs

Listing GPO information

Scripting Group Policy

Using GPMC Scripts Changing the Script Host Engine Using Scripts to Back up GPOs

demonstration

Agenda

Exclude Accounts from Group Policy

Domain Controller

Administrator

Configuring Group Policy ACLs

Protect Administrator from Group Policy

demonstration

Delegating Control of GPOs

Domain Controller

Administrator

Delegate

Delegating Administration

Delegating “create GPOs” to ITGroup Delegating Sales User GPO

demonstration

Security Configuration and Analysis

Does the hard work

Enables quick review

Ensures policies are enforced

Allows local security configuration

Security Configuration Wizard

Security Configuration

Wizard

download.microsoft.com/download/f/7/1/f71adf6e-dbab-48a2-9a29-9e481110fd55/SCWQuickStartDoc.doc

Administrator

Applying Security Templates

demonstration

Agenda

Windows 2000 Windows XP

Windows XP

WMI Filtering

Domain Controller

WMI Filter

XP Professional only

Using WMI Filters

Creating WMI Filters Applying WMI Filters Modeling WMI Filters

demonstration

Agenda

GPO Backup

Copying GPOs between Domains

us.contoso.com uk.contoso.com

GPO Copy

us.contoso.comus.fabrikam.com

GPO Import

Migrating GPOs across Domains

demonstration

Agenda

Group Policy Modeling Overview

• Group Policy Modeling Wizard

• Group Policy Results Wizard

• HTML Reports

www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/b8af2303-dac9-4fd5-9717-c3a7f553c627.mspx

Loopback Processing

• Changes GPO processing order

• Process only computer settings

• Merge user and computer settings

Modeling GPO Loopback

demonstration

Session Summary• Manage and control your environment more easily

• Enhance security in your environment

• Group Policy Modeling predicts behavior of GPOs before implementing them

For More Information

Visit TechNet at

www.microsoft.ca/technet

Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor

Microsoft CanadaMicrosoft Canada

rick.claus@microsoft.comrick.claus@microsoft.comhttp://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus

Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada...

Documents