8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
1/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Implementing Group Policy
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
2/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Content
Creating and Configuring GPOs
Configuring Group Policy Refresh Rates and Group
Policy Settings
Managing GPOs
Verifying and Troubleshooting Group Policy
Delegating Administrative Control of Group Policy
Planning a Group Policy Strategy for Enterprise
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
3/52
ADVANTAGE PRO Chennais Premier Networking Training Center
GPO Components
Group Policy Object
Contains Group Policy Settings
Stores content in two locations
-- Group Policy Container (GPC)
-- Group Policy Template (GPT)
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
4/52
ADVANTAGE PRO Chennais Premier Networking Training Center
GPO Components
Group Policy Container (GPC)
It is an Active Directory object that contains GPO
status.
Computer can access the GPC to locate GPT and DC
can access the GPC to obtain Version information
Replication occurs to obtain the latest version of the
GPO
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
5/52
ADVANTAGE PRO Chennais Premier Networking Training Center
GPO Components
Group Policy Template
It is a folder hierarchy in the shared SYSVOL folder
on a DC.
It contains all Group Policy settings and information,
including administrative templates, security, software
installation, scripts and folder redirection.
It is identical to GUID that Active Directory users to
identify the GPO in the GPC.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
6/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Installing Group Policy Management Console
Download the Group Policy Management Tool frominternet.
Run the EXE file which you have downloaded from
the internet
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
7/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Loop back Processing
Loop back processing applies the set of GPOs for thecomputer to any user who logs on, is affected by this
settings.
Loop back processing has two modes
-- Replace Mode
-- Merge Mode
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
8/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Loop back Processing
Replace Mode
This mode replaces the users settings that are defined
in computer GPOs.
Replace GPOs with the user settings that are
normally applied to the user.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
9/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Loop back Processing
Merge Mode
This mode combines the user settings that are
defined in computer GPOs and the users GPOs.
If conflict occurs, the user settings in the computers
GPO take precedence over the users normal settings.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
10/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Order in which Group Policy Applied
When Computer Starts Computer settings applied
Startup Scripts runs
When User logs on User settings apllied
Logon scripts run
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
11/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Assign Group Policy Script Settings
Procedure for Copying a Script
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
12/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Refresh Group Policy using Gpupdate.exe
Procedure
In the Run dialog box, type cmd and then press Enter
Type
Gpupdate [/target:{computer/user}] [/force]
[/wait:vslue] [/logoff] [/boot]
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
13/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Copy Operation
A copy of a GPO transfers only the settings within aGPO
The new GPO is created unlinked
When you copy a GPO from a domain to another,
you must specify the mapping behavior.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
14/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Backup Operation
In a Backup operation, Group Policy Managementexport all data in the GPO to the selected file and
saves the GPT files
You can send backed-up GPO to folder by using arestore or import operation
You can only restore a backed-up GPO to another
domain by using an import operation.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
15/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Store a Backup
Identify each backed-up GPO by one of the followingcriteria
GPO display name
GPO GUID
Description of the backup
Date and time stamp of the backup
Domain name
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
16/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Restore Operation
In a restore operation, the contents of the GPO arereturned to exactly the same state.
You can restore exiting GPO or a deleted GPO that
was backed up.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
17/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Common problems with imlementing Group
Policy
SYMPTOM CAUSE
Cannot open a GPO Read and Write permissions for the GPO
are not signed
Cannot edit a GPO A networking problem
Cannot apply Group Policy on a GPO are not applied to security groupssecurity group
No effect of Group Policy on a site, Group Policy settings are not configured correctly
domain, or organizational unit
No effect of Group Policy in an GPOs cannot be linked to Active Directory containers
Active Directory containerNo effect of Group Policy on a client A non-local GPO can overwrite local polices
computer
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
18/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Group Policy Modeling
You can simulate a policy deployment for users andcomputers before applying the policies.
This feature in Group Policy Management is known
as Resultant Set of Policies(RSoP).
To verify Group Policy settings, you must first create
a Group Policy Query.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
19/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Delegation of GPOs
Delegate the ability to create GPOs: Add the group or user to the Group Policy Creator
Owerns group.
This only method is available prior to Group Policy
Mangement.
Explicity assign the group or user premission to
create GPOs.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
20/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Delegation of GPOs
Delegate Permissions on a individual GPO: Read
Edit settings
Edit, Delete, Modify Security
Read (from Security Filtering)
Custom
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
21/52
ADVANTAGE PRO Chennais Premier Networking Training Center
Delegation of WMI Filters
The permissions on the WMI Policy containerdetermine the permissions that a user has to create,
edit, and delete WMI filters
There are two permissions for creating WMI filters:
-- Creator Owner
-- Full Control
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
22/52
ADVANTAGE PRO Chennais Premier Networking Training Center
DEPLOYING AND
MANAGING SOFTWARE BY
USING GROUP POLICY
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
23/52
ADVANTAGE PRO Chennais Premier Networking Training Center
MANAGING SOFTWARE DEPLOYMENT
You can mange software by using the softwareinstallation extension of group policy.
Users have immediate access to the software that
they require to perform their jobs.
They have an easy and consistent experience when
working with software through its life cycle.
You can use group policy to manage the software
deployment process centrally or from one location.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
24/52
ADVANTAGE PRO Chennais Premier Networking Training Center
MANAGING SOFTWARE DEPLOYMENT
You can apply group policy settings to users orcomputers in a site, domain or a organizational unit.
You can manage the various phases of software
deployment without deploying software on each
computer.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
25/52
ADVANTAGE PRO Chennais Premier Networking Training Center
MANAGING SOFTWARE DEPLOYMENT
The software life cycle consists of four phases.1.Preparation.
2.Deployment.
3.Maintenance.
4.Removal.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
26/52
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
27/52
ADVANTAGE PRO Chennais Premier Networking Training Center
MANAGING SOFTWARE DEPLOYMENT
That distribution point will be the shared folder in theserver.
You can create a package file by using a third party
utility.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
28/52
ADVANTAGE PRO Chennais Premier Networking Training Center
MANAGING SOFTWARE DEPLOYMENT
DEPLOYMENT:
You create GPO that installs the software on the
computer and links the GPO to an appropriate active
directory container.
The software is installed when the computer starts.
Or when the user start the application.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
29/52
ADVANTAGE PRO Chennais Premier Networking Training Center
MANAGING SOFTWARE DEPLOYMENT
MAINTENANCE:
You upgrade software with a new version.
Then the software is automatically upgraded when
the computer starts or when the user starts the
application.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
30/52
ADVANTAGE PRO Chennais Premier Networking Training Center
MANAGING SOFTWARE DEPLOYMENT
REMOVAL:
To eliminate software that is no longer required.
You remove the software package setting from the
GPO.
The software is then automatically removed.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
31/52
ADVANTAGE PRO Chennais Premier Networking Training Center
WINDOWS INSTALLER:
To enable the group policy to deploy and manage
software.
To deploy and manage software windows 2003 uses
the windows installer.
This component automates the installation and
removal of application.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
32/52
ADVANTAGE PRO Chennais Premier Networking Training Center
The windows installer contains two components.Windows installer service.
Windows installer package.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
33/52
ADVANTAGE PRO Chennais Premier Networking Training Center
WINDOWS INSTALLER SERVICE:
Fully automates the software installation and
configuration process.
Modifies or repairs an existing application
installation.
It installs an application either directly from the
CD-Rom or by using group policy.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
34/52
ADVANTAGE PRO Chennais Premier Networking Training Center
WINDOWS INSTALLER PACKAGE:
Information about installing or uninstalling an
application.
A windows installer file with an .msi extension
Summary information about the software and the
package.
A reference to an installation point where the product
files reside.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
35/52
ADVANTAGE PRO Chennais Premier Networking Training Center
DEPLOYING SOFTWARE:
Deploying software ensures that required application
are available from any computer that a user logs on.
Before going to deploy a software you must specify
how application are installed and maintained in your
organization.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
36/52
ADVANTAGE PRO Chennais Premier Networking Training Center
SOFTWARE DEPLOYMENT PROCESS :
Create a software distribution point.
Use GPO to deploy a software.
Change the software deployment properties.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
37/52
ADVANTAGE PRO Chennais Premier Networking Training Center
There are two types of software deployment.Assigning
Publishing
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
38/52
ADVANTAGE PRO Chennais Premier Networking Training Center
ASSIGNING:
In assigning there are two methods one is user
configuration another one is computer configuration.
PUBLISHING:
In publishing there are two methods one is using add or
remove program another one is using document
activation.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
39/52
ADVANTAGE PRO Chennais Premier Networking Training Center
CONFIGURING SOFTWARE
DEPLOYMENT
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
40/52
ADVANTAGE PRO Chennais Premier Networking Training Center
SOFTWARE CATEGORIES :
To organize assigned and published software into
logical groups.
So users can easily locate applications in Add or
remove programs.
We can create software categories to arrange
different applications.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
41/52
ADVANTAGE PRO Chennais Premier Networking Training Center
You can organize software into categories,such asgraphics, Microsoft office, and accounting
categories.
You can use the same list of software categories inall policies in the forest.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
42/52
ADVANTAGE PRO Chennais Premier Networking Training Center
SOFTWARE UPGRADES :
You can use group policy to deploy and manage
software upgrades that meet departmental
requirements in your organization.
Upgrades typically involve major changes to
software and have a new version numbers.
A new version of the software is released that
contains new and improved features.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
43/52
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
44/52
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
45/52
ADVANTAGE PRO Chennais Premier Networking Training Center
SOFTWARE REDEPLOYMENT:
You can redeploy a deployed package to force a
reinstallation of the software.
If there are interoperability issues or viruses that a
reinstall of the software will fix.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
46/52
ADVANTAGE PRO Chennais Premier Networking Training Center
TO REDEPLOY A SOFTWARE
PACKAGE
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
47/52
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
48/52
ADVANTAGE PRO Chennais Premier Networking Training Center
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
49/52
ADVANTAGE PRO Chennais Premier Networking Training Center
REMOVING DEPLOYED SOFTWARE:
There are two removal methods
Forced removal.
Optional removal.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
50/52
ADVANTAGE PRO Chennais Premier Networking Training Center
FORCED REMOVAL:
You can force the removal of the software.
It will automatically deletes the software from a
computer.
Removal takes place before the desktop appears.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
51/52
ADVANTAGE PRO Chennais Premier Networking Training Center
OPTIONAL REMOVAL:
You remove the software from the software
installation.
Software is not actually removed from computers.
The software no longer appears in Add or Remove
programs, but users can still use it.
If users can manually delete the software, they
cannot reinstall it.
8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory
52/52
ADVANTAGE PRO Chennais Premier Networking Training Center