Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.

Slides:

Advertisements

Similar presentations

Group Policy - Part 2 of 3 Rick Claus IT Pro Advisor Microsoft Canada

Advertisements

Auditing Microsoft Active Directory

Module 5: Creating and Configuring Group Policy

Managing User Settings with Group Policy

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment.

Lesson 16: Creating Group Policy Objects

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

Group Policy – Tips, Tricks and Best Practices

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

(ITI310) By Eng. BASSEM ALSAID SESSIONS

Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK

Active Directory: OU Administration December 17th, pm Daniels 407.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

GROUP POLICY An overview of Microsoft Windows Group Policy.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Introduction to Group Policy

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.

Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.

70-411: Administering Windows Server 2012

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

Managing User Desktops with Group Policy

Module 6: Implementing Group Policy. Overview Implementing Group Policy Objects Implementing GPOs in a Domain Managing the Deployment of Group Policy.

Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.

Module 6: Configuring User Environments Using Group Policy.

Module 7: Managing the User Environment by Using Group Policy.

Module 7 Configure User and Computer Environments By Using Group Policy.

Planning a Group Policy Management and Implementation Strategy Lesson 10.

Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.

ADM320 Managing Group Policy BJ Whalen Program Manager Windows Server Microsoft Corporation.

Section 5: Troubleshooting and Backing Up GPOs Using Group Policy Troubleshooting Tools Integration of RSoP Functionality Using Logging Options Backing.

GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.

4. Managing the Desktop Thomas Lee Chief Technologist – QA plc.

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

Module 5: Implementing Group Policy

Module 11: Troubleshooting Group Policy Issues. Module Overview Introduction to Group Policy Troubleshooting Troubleshooting Group Policy Application.

Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.

Active Directory Group Policy. Group Policy Overview  Successor to NT policies Much more flexible  Only applies to 2000 workstations Use old style policies.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.

Module 5: Creating and Configuring Group Policies.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.

Company Confidential 1 A Course on Planning A Group Policy Management And Implementation Strategy Prepared for: *Stars* New Horizons Certified Professional.

Implementing Group Policy

11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.

Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.

Implementing a Group Policy Infrastructure

11 INTRODUCTION TO GROUP POLICY Chapter 7. Chapter 7: INTRODUCTION TO GROUP POLICY2 WHAT CAN YOU DO WITH GROUP POLICY?  Control the user environment.

Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.

Chapter 7: Managing and Troubleshooting Group Policy.

Module 11: Troubleshooting Group Policy Issues. Module Overview Introduction to Group Policy Troubleshooting Troubleshooting Group Policy Application.

Windows Server 2003 群組原則設定與管理林寶森

GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.

Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016

Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.

Managing User Desktops with Group Policy

Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016

Planning a Group Policy Management and Implementation Strategy

Windows Server 2008 Administration

Introduction to Group Policy

Security Templates Lecture 7.

Presentation transcript:

Microsoft Server 2008 R2 Group Policies & AD

Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy  Only policy settings that are enabled are read.  Not configured are ignored.  Policies are inherited and cumulative  LSDOU  Policies are refreshed ever 90 minutes with a 30 minute randomization  DC’s are refreshed every 5 minutes

GPO Concepts  Policies are applied from the bottom up. Rules that apply.  Listen to the last policy you heard from  Execute policies from the bottom up as they appear in the GUI

GPO Planning OU Design Create separate OUs for computers and users Segment machines/users into roles by OU; Examples –Servers: Exchange Servers, Terminal Servers, Web Servers, File and Print, etc –Workstations: Desktops; Laptops, task stations etc. –Prestage computers/servers –Users: IT Staff, Engineers, Shop Floor, Laptop Users, etc.

GPO Planning OU Design Pre-staging PC/Servers Create computer objects before joining to domain. Allows for immediate GPO application to the system.

GPO Planning  GPO naming conventions – make it consistent and easy to interpret  Simply use a clear name to describe intent of the GPO  How significant is the number of GPOs applied?  999 is the maximum number of GPOs applied

Planning: Deployment Test, Stage, And Production  It’s a “good thing” if you: Test -> Stage -> Test -> Deploy -> Validate  Backup/Copy/Import (including migration tables)  Documentation: HTML or XML Reports  Save Report…

Planning Disaster Recovery  GPMC Backup / Restore handles GPO as a logical entity  Automate GPO backup using GPMC scripts - BackupAllGPOs or BackupGPO  Regularly test GPO restore in your environment – RestoreAllGPOs or RestoreGPO  Think about building/rebuilding your staging environment

Planning Disaster Recovery Be aware of what is NOT included in a backup of a GPO and plan accordingly –IPSec Settings, which live in CN=IP Security, CN=System,DC=xxxx (AD backup handles this); The GPO includes just the link to this data –WMI Filter (only the filter link is backed up); The filter itself is stored in AD so your AD backup covers this –GPO links from sites, domains or OUs, since they are not an attribute of the GPO (again, AD backup covers this) –Don’t rely on DCGPOFix (last resort tool!) DCGPOFix returns default GPOs to the clean install state (not an upgrade) and they are unlinked; Use your own backup instead

Planning Group Policy Dependencies  DNS: Many “Group Policy problems” turn out to be related to DNS misconfiguration  Don’t touch the Policies directory in Sysvol (including playing with ACLs) – manage through supported tools only; If you plan to delete Sysvol – well, don’t!

GPO and 2008 R2 & Windows 7  Group Policy Preferences (GPP)  Extensions or “new settings”  Adds more than 3000 policy settings!  Modify the local administrator password on every desktop  Different than normal GPO settings as they are duplicate under user and computer settings  Multiple Local Group Policies  Improvements to existing policies  Folder redirection  Cleaner

GPO and 2008 R2 & Windows 7 Multiple Local Group Policy Objects (MLGPO) Different Local Group Policies for different folks

GPO and 2008 R2 & Windows 7

Folder Redirection  Cleaner view and handles most profile folders.

Troubleshooting Know where you GPOs live Local GPOs  %windir%\system32\grouppolicy MLGPOs  %windir%\system32\grouppolicyusers Domain GPOs  DC  %windir%\sysvol\sysvol Know your reporting options –Group Policy Modeling –Group Policy Results –Event Log (exposed through GPMC) Know your tools –With Operating System: GPUpdate.exe –GPResults.exe –WS 2003 Resource Kit: GPOTool, GPMonitor –Download Center: GPInventory Know your log files –UserEnv (Core Engine), WinLogon (Security), FDeploy (Folder Redirection), Appmgmt.log (software installation), Gpmgmt (GPMC), GPedit (GPEdit), GPText (CSE-specific)

Troubleshooting Using the Local GPO (LGPO) –A good option if you don’t have access to change GPOs in a domain (not all settings will be available – software installation and folder redirection, for example) –Updating the LGPO on a domain-joined PC has no impact when using cached credentials Read the Explain Text for Admin Templates and Help for Security Settings Use the “force”…. gpupdate.exe /force switch Forces the policy update. If you move a user/computer to a new OU, the change will not take place immediately. Reboot/Logon/Force Consider using a Virtualization - especially helpful for tattooing security settings; Undo when done!

Reference