Date post: | 21-Dec-2015 |
Category: |
Documents |
View: | 216 times |
Download: | 0 times |
10.1 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Configure Group Policy settings for a GPO
Modify the order of Group Policy Objects
Filter the scope of a Group Policy Object
Link Group Policy Objects
Delete GPO links and Group Policy Objects
Examine the application of Group Policy using RSoP
Use the Group Policy Management Wizard
Goals
10.2 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Group Policy
Used to set a consistent desktop environment
Used to configure both user and computer security settings
Other security options
Allowing automatic administrative logon to the Recovery Console
Shutting down the system immediately if the system is unable to log security audits
Configuring Group Policy Settings for a GPO
(Skill 1)
10.3 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
User Configuration settings node
You can use Administrative Templates to control access to the Control Panel or to specific Control Panel applets
You can control what Desktop items will appear or will be hidden, among many other policy settings
You set policies for a GPO using the Group Policy Object Editor for that GPO
Configuring Group Policy Settings for a GPO (2)
(Skill 1)
10.4 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-1 Setting Group Policy Object Properties
(Skill 1)
10.5 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-2 The Enabled Hide Add New Programs page policy
(Skill 1)
10.6 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-3 The Interactive logon: Do not display last user name Properties dialog box
(Skill 1)
10.7 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-4 The Shutdown: Allow system to be shutdown without having to log on dialog box
(Skill 1)
10.8 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-5 The Enabled policies in the Group Policy Object Editor
(Skill 1)
10.9 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
The order in which Group Policy settings apply to a user or computer depends on the priority order of the GPOs
GPOs, by default, are processed in accordance with the Active Directory hierarchy (LSDOU)
Local policy
Site policy
Domain policy
OU policy
Modifying the Order of Group Policy Objects
(Skill 2)
10.10 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Using the Enforced option
Allows you to give preference to the policies at each level (except local)
When you set a GPO link to Enforced, the GPO link takes precedence over the settings for any child object
You can also disable a GPO link to completely block that GPO from being applied; this disables the GPO only for the selected container object
Modifying the Order of Group Policy Objects (2)
(Skill 2)
10.11 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Using the Block Inheritance option
Allows you to block the application of all policies applied at higher levels for a specific container
Using filtering
Allows you to specify that a particular GPO only applies to one or more specific groups of users within a container
Involves modifying the Apply Group Policy permission for the GPO
Modifying the Order of Group Policy Objects (3)
(Skill 2)
10.12 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Using the Link Order column on the Linked Group Policy Objects list in the GPMC
Allows you to change the priority order for the GPOs for a domain or an OU
Local policies have no prioritization options because they are always overwritten when a conflict occurs
Modifying the Order of Group Policy Objects (4)
(Skill 2)
10.13 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Creating and linking a GPO
You must have the Link GPOs permission for the domain or organizational unit for which you are creating the GPO
You also must have permission to create GPOs in that domain
The Domain Admins, Enterprise Admins and Group Policy Creator Owner groups have permission to create GPOs in a domain by default
Modifying the Order of Group Policy Objects (5)
(Skill 2)
10.14 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Using the Resultant Set of Policy (RSoP)
Allows you to see policy prioritization in action
RSoP is a new console in Windows Server 2003
Provides the ability to analyze and display the result of Group Policy application for any object in the directory
Modifying the Order of Group Policy Objects (6)
(Skill 2)
10.15 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Applying a GPO to a site
You cannot create and link a GPO to a site because the operating system would not know in which domain to create the GPO
To apply a GPO to a site
Create a GPO in any domain in the forest
Use the Link an Existing GPO command to link the GPO to the site
Modifying the Order of Group Policy Objects (7)
(Skill 2)
10.16 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-6 Changing the link order for a GPO
(Skill 2)
10.17 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-7 The Group Policy Inheritance tab
(Skill 2)
10.18 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Filtering the scope
You might need to restrain the scope of a GPO by applying permissions to specific users and/or computers
This is called filtering the GPO scope
To filter the scope of a GPO, you use security groups
Filtering the Scope of a Group Policy Object
(Skill 3)
10.19 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Security groups
Used to specify the users subject to the policies in a particular GPO
Used to define the rights and permissions users will have to access resources
You set different permissions for different security groups on the Security tab in the Properties dialog box for a GPO
Filtering the Scope of a Group Policy Object (2)
(Skill 3)
10.20 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Setting security groups permissions
Read and Apply Group Policy permissions
Are assigned for a particular GPOBy default, the Authenticated Users group is granted both
permissions for all GPOsTo block a policy from applying to a specific group, set its
Apply Group Policy permission to Deny
To allow the GPO to apply to a single group of users
Remove the Apply Group Policy permission from the Authenticated Users group
Allow the Apply Group Policy permission only for that group
Filtering the Scope of a Group Policy Object (3)
(Skill 3)
10.21 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
When you are using filtering, only two group policy permissions are applicable
Read
Apply Group Policy
Filtering the Scope of a Group Policy Object (4)
(Skill 3)
10.22 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-8 Setting the Apply Group Policy permission for a security group
(Skill 3)
10.23 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Two ways to filter the scope of a GPO directly in the GPMC
Select the GPO in its container object
Expand the Group Policy Objects node in the GPMC and select the GPO you want to filter
Filtering the Scope of a Group Policy Object (5)
(Skill 3)
10.24 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
To add objects to the security filter
On the Scope tab, in the Security Filtering section, click the Add button to open the Select User, Computer, or Group dialog box
Click OK to add the object to the security filter
To apply the GPO only to the group or groups that have been added
In the Security Filtering section on the Scope tab, select Authenticated Users
Click the Remove button
Filtering the Scope of a Group Policy Object (6)
(Skill 3)
10.25 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-9 Security Filtering
(Skill 3)
10.26 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
A GPO, by default, is linked to the container in which it is created
You can link GPOs to additional sites, domains, or OUs in order to increase the scope of the GPOTo link a GPO to an additional container, you use the
Link an Existing GPO command and the Select GPO dialog box for that container
Linking Group Policy Objects
(Skill 4)
10.27 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
To link an existing GPO to a site, domain, or organizational unit, you must have the Link GPOs permission for that container object
The Domain Admins and Enterprise Admins groups are granted this permission by default for domains and organizational units
For sites, only the Domain Admins and Enterprise Admins groups for the forest root domain are granted this permission by default
Linking Group Policy Objects (2)
(Skill 4)
10.28 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-10 Linking an existing GPO
(Skill 4)
10.29 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-11 The Select GPO dialog box
(Skill 4)
10.30 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-12 The GPO linked to the domain
(Skill 4)
10.31 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
You might need to link a GPO to additional containers for only a certain period of time, or policies that were once applicable may no longer be needed
In these situations, you can remove the GPO link from a container object or even delete the GPO
If there is more than one GPO link associated with the object, you should remove the GPO link and not delete the GPO
If the GPO is associated with a single object, you can delete the GPO, which also deletes all links to the GPO in the domain
Deleting GPO Links and Group Policy Objects
(Skill 5)
10.32 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
To delete a link to a GPO
You must have permission to link Group Policy Objects for the OU or the domain
If you do not have this level of permission
The links are not deleted
Links to other domains and sites (called orphan links) remain and appear in the GPMC as Not Found
To delete Not Found links, you must have permission to link Group Policy Objects in the site, domain, or OU where the links are located
Deleting GPO Links and Group Policy Objects (2)
(Skill 5)
10.33 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
After deleting a GPO
You cannot create a GPO with the same name in the GPMC
A unique GUID is created for each GPO, and the GUID can never be repeated, but if you create GPOs with older tools, the same common name could be repeated
Replication latency and the use of scripts to execute tasks on GPOs can also cause a common name to be repeated
Deleting GPO Links and Group Policy Objects (3)
(Skill 5)
10.34 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
If you are considering deleting a GPO, check for cross-domain links on the Scope tab for the GPO
In the Display links in this location list box, select [Entire Forest]
All links for the GPO are displayed in the The following sites, domain, and OUs are linked to this GPO box
Select all of the links, right-click the selection, and click Delete link to delete all cross-domain links before you delete the GPO
Deleting GPO Links and Group Policy Objects (4)
(Skill 5)
10.35 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-13 Deleting a GPO link
(Skill 5)
10.36 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-14 Confirming the GPO link deletion
(Skill 5)
10.37 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-15 Deleting a GPO
(Skill 5)
10.38 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-16 Confirming the GPO deletion
(Skill 5)
10.39 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-17 The Delete dialog box
(Skill 5)
10.40 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
RSoP is a useful new tool that allows you to visually examine the application of Group Policy
To use RSoP (if you have not installed the GPMC)
Open MMC and create a new console
Query Active Directory for the Group Policies applying to a specific level of the hierarchy or for a specific object
RSoP returns a list of all Group Policy settings
Shows the configuration for that setting
Identifies Group Policy that configured that particular setting
Examining the Application of Group Policy Using RSoP
(Skill 6)
10.41 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Using RSoP in troubleshooting Group Policy application
It allows you to quickly and easily determine the source of GPO conflicts on your network
RSoP identifies
The final group of policies that are applied, for which GPO set the final value for each policy
The details for the policies that were not applied, including all other GPOs that attempted to set the policy and the setting they tried to impose
Examining the Application of Group Policy Using RSoP (2)
(Skill 6)
10.42 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
In the GPMC, the functionality of RSoP is broken down into two distinct capabilities, which are controlled by two Wizards
Group Policy Results Wizard
Group Policy Modeling Wizard
Examining the Application of Group Policy Using RSoP (3)
(Skill 6)
10.43 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Group Policy Results Wizard
Queries the target computer for the RSoP data that was applied to that computer
Displays the policies that are applied to that computer or to a particular user on that computer
The client being queried must be running Windows XP Professional or Windows Server 2003 or later
In the RSoP snap-in, this functionality is called logging mode
Examining the Application of Group Policy Using RSoP (4)
(Skill 6)
10.44 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-18 The Group Policy Results Wizard
(Skill 6)
10.45 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Group Policy Modeling Wizard
Provides a simulation tool
Allows administrators to test to see what would happen to policy application for a particular user or computer under certain conditions
The security group memberships are changed
The location of the object in Active Directory is changed
Examining the Application of Group Policy Using RSoP (5)
(Skill 6)
10.46 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Group Policy Modeling Wizard
The modeling functionality is controlled by a service that is only installed on a Windows Server 2003 domain controller
There must be at least one Windows Server 2003 domain controller in the domain
In the RSoP snap-in, this functionality is called planning mode
Examining the Application of Group Policy Using RSoP (6)
(Skill 6)
10.47 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-19 The Group Policy Modeling Wizard
(Skill 6)
10.48 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
After you have run one of the wizards, the RSoP data is generated as an HTML report
HTML report
Displays the policy settings that are applied
Identifies the GPO that sets the policy value
The report is added to either the Group Policy Results or Group Policy Modeling node in the GPMC
Examining the Application of Group Policy Using RSoP (7)
(Skill 6)
10.49 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Viewing the HTML report
Right-click a report
Click Advanced View to open the RSoP console
You can view each policy setting and the source GPO
You can open the Properties dialog box for each policy on the Precedence tab
Allows you to verify the GPO that “won”
Allows you to view all GPOs that attempted to set the policy and the value they attempted to set
Examining the Application of Group Policy Using RSoP (8)
(Skill 6)
10.50 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-20 The RSoP console
(Skill 6)
10.51 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Gpresult.exe command-line tool
An additional tool for troubleshooting Group Policy application in Windows Server 2003
It is stored in %Systemroot%\System32
Performs nearly the same functions as RSoP
Examining the Application of Group Policy Using RSoP (9)
(Skill 6)
10.52 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Gpresult.exe
When you run Gpresult with no parameters, the results are for the user currently logged on the local computer
Gpresult-Logging mode displays details about the user
Operating system type
Version and configuration
Site
Roaming and local user profile locations
Examining the Application of Group Policy Using RSoP (10)
(Skill 6)
10.53 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Gpresult-Logging mode also displays Computer Configuration and User Configuration settings Computer/user DN
Last time Group Policy was applied and the location from which it was applied to the user/computer
Domain name and type
GPOs
That were applied to the computer/user
That were filtered out
Security groups to which the computer/user belongs
Examining the Application of Group Policy Using RSoP (11)
(Skill 6)
10.54 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-21 The Summary of Selections screen in the Group Policy Results Wizard
(Skill 6)
10.55 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-22 The Applied and Denied GPOs
(Skill 6)
10.56 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-23 The Interactive Logon and Shutdown policies
(Skill 6)
10.57 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-24 The Control Panel/Add or Remove Programs policy
(Skill 6)
10.58 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-25 The Policy Events tab
(Skill 6)
10.59 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
The Group Policy Modeling Wizard (GPMW) analyzes the effects of a hypothetical GPO structure
You can perform “what-if” scenarios
To examine the potential effects of inherited Group Policies on users or computers if you redesign your OU structure
To determine the effects if you change security group memberships or move user or computer objects to different Active Directory containers
Using the Group Policy Management Wizard
(Skill 7)
10.60 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Using the GPMW to evaluate Windows Management Instrumentation (WMI) filters
A WMI filter is built from query strings
Query strings filter the application of Group Policy based on customizable metrics
Using the Group Policy Management Wizard (2)
(Skill 7)
10.61 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Requirements for using the GPMW
You must have at least one Windows Server 2003 server on your network
You must also have the Perform Group Policy Modeling analyses permission for the domain or OU that contains the objects you want to query
Using the Group Policy Management Wizard (3)
(Skill 7)
10.62 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-26 2-level OU structure
(Skill 7)
10.63 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-27 Domain Controller Selection
(Skill 7)
10.64 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-28 User and Computer Selection
(Skill 7)
10.65 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-29 Advanced Simulation Options
(Skill 7)
10.66 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-30 User Security Groups
(Skill 7)
10.67 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-31 Computer Security Groups
(Skill 7)
10.68 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-32 WMI Filters for Users
(Skill 7)
10.69 © 2004 Pearson Education, Inc.
Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 10: Configuring Group Policy Settings
Figure 10-33 Summary of Selections
(Skill 7)