+ All Categories
Home > Documents > Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada...

Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada...

Date post: 26-Mar-2015
Category:

Documents
Upload: ian-keating
View: 213 times
Download: 1 times
Download Report this document
Share this document with a friend
Popular Tags:
policy largest group
unsupported policy slide
group policy acls
understanding group
demo scripting group
files scripting group
gpos demonstration slide
comrclaus slide
32
Understanding Group Policy Part 3 of 3 Rick Claus Rick Claus IT Pro Advisor IT Pro Advisor Microsoft Canada Microsoft Canada [email protected] [email protected] http://blogs.technet.com/rclaus http://blogs.technet.com/rclaus
Transcript
Page 1: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Understanding Group Policy Part 3 of 3

Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor

Microsoft CanadaMicrosoft Canada

[email protected]@microsoft.comhttp://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus

Page 2: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

What Will We Cover?• Group Policy Management

• Advanced Group Policy Security

• Scripting Group Policy

• Group Policy Modeling

Page 3: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 4: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Administrative Template Extension

• Simple way to configure policy

• Largest Group Policy extension

• .ADM files enable user interface

Page 5: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Using ADM Template Extensions

Domain Controller Active

Directory Database

SYSVOL

Modify Group PolicyModify Group Policy11 Stored on domain controllerStored on domain controller22 Policy applied to clientPolicy applied to client33

Page 6: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Demo

Reviewing .ADM Files

demonstration

Page 7: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Custom ADM Templates

Use to Do not use to

• Increase security• Disable interface options• Disable confusing items• Control data

• Configure all settings• Create unsupported policy

Page 8: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Registry Policies

HKEY_LOCAL_MACHINE\SOFTWARE\policies

HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies

HKEY_CURRENT_USER\SOFTWARE\policies

HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\policies

Page 9: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Demo

Customizing .ADM Templates

demonstration

Page 10: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 11: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Scripting Group Policy

GPMC

COM Interfaces

Sample Scripts

Backing up GPOs

Creating a new GPO

Creating environment using XML

Importing a GPO

Listing disabled GPOs

Listing GPO information

Page 12: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Demo

Scripting Group Policy

Using GPMC Scripts Changing the Script Host Engine Using Scripts to Back up GPOs

demonstration

Page 13: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 14: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Exclude Accounts from Group Policy

Domain Controller

Administrator

Page 15: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Demo

Configuring Group Policy ACLs

Protect Administrator from Group Policy

demonstration

Page 16: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Delegating Control of GPOs

Domain Controller

Administrator

Delegate

Delegate

Page 17: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Demo

Delegating Administration

Delegating “create GPOs” to ITGroup Delegating Sales User GPO

demonstration

Page 18: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Security Configuration and Analysis

Does the hard work

Enables quick review

Ensures policies are enforced

Allows local security configuration

Page 19: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Security Configuration Wizard

Security Configuration

Wizard

download.microsoft.com/download/f/7/1/f71adf6e-dbab-48a2-9a29-9e481110fd55/SCWQuickStartDoc.doc

Administrator

Page 20: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Demo

Applying Security Templates

demonstration

Page 21: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 22: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Windows 2000 Windows XP

Windows XP

WMI Filtering

Domain Controller

WMI Filter

XP Professional only

Page 23: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Demo

Using WMI Filters

Creating WMI Filters Applying WMI Filters Modeling WMI Filters

demonstration

Page 24: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 25: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

GPO Backup

Copying GPOs between Domains

us.contoso.com uk.contoso.com

GPO Copy

us.contoso.comus.fabrikam.com

GPO Import

Page 26: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Demo

Migrating GPOs across Domains

demonstration

Page 27: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 28: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Group Policy Modeling Overview

• Group Policy Modeling Wizard

• Group Policy Results Wizard

• HTML Reports

www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/b8af2303-dac9-4fd5-9717-c3a7f553c627.mspx

Page 29: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Loopback Processing

• Changes GPO processing order

• Process only computer settings

• Merge user and computer settings

Page 30: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Demo

Modeling GPO Loopback

demonstration

Page 31: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Session Summary• Manage and control your environment more easily

• Enhance security in your environment

• Group Policy Modeling predicts behavior of GPOs before implementing them

Page 32: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

For More Information

Visit TechNet at

www.microsoft.ca/technet

Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor

Microsoft CanadaMicrosoft Canada

[email protected]@microsoft.comhttp://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus


Recommended
William Colemanwcoleman@microsoft.com Richard Godfreyrgodfrey@microsoft.com Eric Nelsonericnel@microsoft.com Successful SaaS – What will it take?

William [email protected] Richard [email protected] Eric [email protected] Successful SaaS – What will it take?

Documents

Group Policy - Part 2 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Group Policy - Part 2 of 3 Rick Claus IT Pro Advisor Microsoft Canada [email protected].

Documents

Exchange 2010: Ask the expert Alastair Dick – Technology Strategist (alastaid@microsoft.com)alastaid@microsoft.com Brett Johnson – UC TSP brettjo@microsoft.com.

Exchange 2010: Ask the expert Alastair Dick – Technology Strategist ([email protected])[email protected] Brett Johnson – UC TSP [email protected].

Documents

ShapeandAnimationbyExample - microsoft.com

ShapeandAnimationbyExample - microsoft.com

Documents

Introduction & Welcome Marcus Perryman mailto:marcus.perryman@microsoft.com Mike Taulty mailto:mike.taulty@microsoft.com .

Introduction & Welcome Marcus Perryman mailto:[email protected] Mike Taulty mailto:[email protected] .

Documents

La Historia de Santa Claus - The Story of Santa Claus

La Historia de Santa Claus - The Story of Santa Claus

Documents

SANTA CLAUS !...

SANTA CLAUS !...

Education

Eric Mittelette – Microsoft France ericmitt@microsoft.com Eric Vernié – Microsoft France ericv@microsoft.com.

Eric Mittelette – Microsoft France [email protected] Eric Vernié – Microsoft France [email protected].

Documents

SANTA CLAUS WALKING OF MOTO REINDEER SANTA CLAUS HOLDING A GREAT CANDY CANES SANTA CLAUS GIVING GIFT SANTA CLAUS SMOKING (SMOKING???) REINDEER WAKING.

SANTA CLAUS WALKING OF MOTO REINDEER SANTA CLAUS HOLDING A GREAT CANDY CANES SANTA CLAUS GIVING GIFT SANTA CLAUS SMOKING (SMOKING???) REINDEER WAKING.

Documents

Understanding Group Policy Part 1 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com.

Understanding Group Policy Part 1 of 3 Rick Claus IT Pro Advisor Microsoft Canada [email protected].

Documents

What's New in Azure IaaS… A Server Huggers Perspective Rick Claus rclaus@microsoft.com @RicksterCDN.

What's New in Azure IaaS… A Server Huggers Perspective Rick Claus [email protected] @RicksterCDN.

Documents

· PDF filem pasternak@hugeinc.com cammy@microsoft.com msmuga@microsoft.com naomiz@microsoft.com Archive Sweep Move to v Categories v Software design &

· PDF filem [email protected] [email protected] [email protected] [email protected] Archive Sweep Move to v Categories v Software design &

Documents

Santa Claus

Santa Claus

Documents

Sascha P. Corti Microsoft Switzerland Developer & Platform Evangelism sascha.corti@microsoft.com sascha.corti@microsoft.com .

Sascha P. Corti Microsoft Switzerland Developer & Platform Evangelism [email protected] [email protected] .

Documents

Integrate Santa Claus ICT Business Plan Santa Claus helpers.

Integrate Santa Claus ICT Business Plan Santa Claus helpers.

Documents

Finnish Santa Claus By Eveliina. Santa Claus Santa Claus lives with Mrs. Claus and reindeer in Korvatunturi in Rovaniemi. He comes to give presents to.

Finnish Santa Claus By Eveliina. Santa Claus Santa Claus lives with Mrs. Claus and reindeer in Korvatunturi in Rovaniemi. He comes to give presents to.

Documents

Claus Offe

Claus Offe

Documents

Claus Tøndering claus@tondering.dk

Claus Tøndering [email protected]

Documents