Using Group Policy Lesson 4. Skills Matrix Technology SkillObjective Domain SkillDomain # Creating...

Using Group PolicyUsing Group PolicyLesson 4

Skills MatrixSkills Matrix

Technology Skill Objective Domain Skill Domain #Creating and Understanding Group Policy Modeling and Group Policy Results Reports

Troubleshoot security configuration issuesTroubleshoot policy settings

2.2

3.1

Using the Group Policy Results Wizard

Troubleshoot security configuration issues• Run the RSoP toolTroubleshoot policy settings

2.2

3.1


Technology Skill Objective Domain Skill Domain #Understanding Group Policy Results Reports

Run the RSoP toolTroubleshoot policy settings

2.23.1

Understanding Group Policy

Troubleshoot policy settings

3.1

Understanding Group Policy Objects

Local vs. group 3.1


Technology Skill Objective Domain Skill Domain #What’s New in Group Policy for Windows Vista

New settings in Windows Vista

3.1

Configuring Group Policy Troubleshoot policy settings

3.1

Using the Group Policy Modeling Wizard


3.1

Understanding Group Policy Modeling Reports


3.1

Group Policy is the collective set of policy settings for users, computers, and other entities within Active Directory as applied through Group Policy objects.

Group Policy objects (GPOs) are collections of settings that are applied through Active Directory.

Understanding Group Policy

Understanding Group PolicyUnderstanding Group Policy

Administrators LGPO – Settings in this LGPO are applied when an administrator logs on.

Non-Administrators LGPO – Settings in this LGPO are applied when a non-administrator logs on.

User-specific LGPOs – Each Windows Vista installation can have as many of these as there are local users.

Understanding Group Policy Objects


Local Group Policy objects are applied in the following order:

Administrators LGPO

Non-Administrators LGPO

User-specific LGPOs

Understanding Group Policy Objects (cont.)


Active Directory Group Policy objects are applied in the following order:

GPOs linked to sites

GPOs linked to domains

GPOs linked to organizational units (OUs)



GPO application order and scope can also be affected by the following:

Filtering by using security groups

Windows Management Instrumentation filters (WMI filters)

Blocking Group Policy inheritance



GPO application order and scope can also be affected by the following:

Enforcing a GPO link

Disabling a GPO link



In previous versions of Windows, there was only one LGPO per Windows installation. This made it difficult to administer non-domain attached computers, such as kiosk computers.

Windows Vista introduces more than 700 new Group Policy settings and has expanded other settings.

What’s New in Group Policy for Windows Vista


You can use the Group Policy Object Editor to edit the policy settings in a GPO.

In the Start Search text box, type gpmc.msc, and then press Ctrl + Shift + Enter. A User Account Control dialog box appears.

Provide administrator credentials, and then click OK. The Group Policy Management console appears.

Editing a GPO

Configuring Group PolicyConfiguring Group Policy

In the console tree, expand Forest: Forest Name > Domains > Domain Name > Group Policy Objects.

Right-click the Group Policy object that you want to edit, and then click Edit. The Group Policy Object Editor appears with the selected GPO loaded.

Editing a GPO (cont.)


Open the Group Policy Management console.

In the console tree of the Group Policy Management console, expand Forest: ForestName > Domains > DomainName.

Right-click Group Policy Objects, and then click New. The New GPO dialog box appears.

Creating a GPO


In the Name text box, type a name for the GPO and then click OK. The new GPO will appear in the console tree under the Group Policy Objects node.

Creating a GPO (cont.)


GPOs can link to sites, domains, and OUs.


In the console tree of the Group Policy Management console, right-click the site, domain, or OU to which you want to link a GPO, and then click Link and Existing GPO. The Select GPO dialog box appears.

Linking a GPO


In the Group Policy Objects list box, select the GPO that you want to link, and then click OK.

Linking a GPO (cont.)


GPOs are applied according to the link order. Open the Group Policy Management console.

In the console tree of the Group Policy Management console, select the site, domain, or OU for which you want to change the GPO link order.

In the details pane, select the link that you want to move in the list, and use the arrow buttons on the left to move the link up or down.

Changing GPO Link Order


You can turn off local Group Policy through a setting in an Active Directory GPO.


In the Group Policy Object Editor, expand Computer Configuration > Administrative Templates > System > Group Policy.

Turning Off Local Group Policy


• In the details pane, right-click Turn off Local Group Policy objects processing, and then click Properties.

• Select Enabled, and then click OK.

Turning Off Local Group Policy (cont.)


Editing Local Group Policy Objects


Selecting the Non-Administrators LGPO in the Browse for a Group Policy Object dialog box

Gpupdate is a command-line tool used to update Group Policy settings on Active Directory objects before the normal update process takes place.

gpupdate [/target:{computer|user}] [/force] [/wait:value] [/logoff] [/boot]

Using Gpupdate


Group Policy Modeling – Simulates and reports on what Group Policy will be for selected configurations of users, computers, containers, security groups, and Windows Management Instrumentation (WMI) filters.

Using the Group Policy Modeling Wizard

Creating and Understanding Group Creating and Understanding Group Policy Modeling and Results ReportsPolicy Modeling and Results Reports

Using the Group Policy Modeling Wizard (cont.)


Selecting a domain controller in the Group Policy Modeling Wizard



Selecting a container in the Choose User Container dialog box



Summary of Selections page of the Group Policy Modeling Wizard

Group Policy Modeling reports – Contain all of the information you need to understand how a particular Group Policy scheme will work.

Understanding Group Policy Modeling Reports


Understanding Group Policy Modeling Reports (cont.)


Summary tab summarizes the information gathered during the modeling process.

Understanding Group Policy Modeling Reports (cont.)


Settings tab contains the most pertinent information.

In the Group Policy Management console, expand Forest: ForestName > Group Policy Modeling.

Right-click the Group Policy Modeling query for which you want to view RSoP data, and then click Advanced View.

Close the Resultant Set of Policy console when you have finished.

Viewing Group Policy Modeling Data in the RSoP Snap-in


Using the Group Policy Results Wizard


Summary of Selections page for the Group Policy Results Wizard.

Understanding Group Policy Results Reports


Group Policy Results reports contain all of the information you need to understand the Group Policy settings that are applied to a particular user on a particular computer.

SummarySummary

Group Policy can be used to configure settings for groups of users and computers and other Active Directory objects.

Group Policy objects are collections of Group Policy settings and are the mechanism by which administrators configure Group Policy.

Group Policy in Windows Vista includes more than 700 new settings, as well as an expansion of some existing settings.

You Learned

SummarySummary

You configure Group Policy by using the Group Policy Object Editor to edit GPOs and by using the Group Policy Management console to arrange the GPOs within Active Directory.

You learned how to create, edit, and link GPOs.

You learned how to change GPO link order.

You learned how to turn off local Group Policy.

You Learned (cont.)

SummarySummary

You learned how to edit LGPOs.

You learned how to use gpupdate to reapply all Group Policy settings.

Group Policy Modeling and Group Policy Results reports enable you to model Group Policy through simulation and determine actual Group Policy. These are essential tools in both testing Group Policy settings before rolling them out and in troubleshooting Group Policy issues.

You Learned (cont.)

SummarySummary

The Group Policy Modeling Wizard enables you to model Group Policy before rolling it out to either a production or a test environment.

You learned how to use the Group Policy Modeling Wizard.

You learned how to view Group Policy Modeling data in the RSoP Snap-in.

You learned how to use the Group Policy Results Wizard.

You Learned (cont.)

Date post:	28-Dec-2015
Category:	Documents
Upload:	sharyl-jordan
View:	226 times
Download:	1 times

Using Group Policy Lesson 4. Skills Matrix Technology SkillObjective Domain SkillDomain # Creating...

Documents