10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Slides:



Advertisements
Similar presentations
Lesson 17: Configuring Security Policies
Advertisements

Module 5: Creating and Configuring Group Policy
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
8.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.
Using Group Policy Lesson 4. Skills Matrix Technology SkillObjective Domain SkillDomain # Creating and Understanding Group Policy Modeling and Group Policy.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.
Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.
70-411: Administering Windows Server 2012
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Module 6: Implementing Group Policy. Overview Implementing Group Policy Objects Implementing GPOs in a Domain Managing the Deployment of Group Policy.
11.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning.
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
Module 7 Configure User and Computer Environments By Using Group Policy.
Planning a Group Policy Management and Implementation Strategy Lesson 10.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Module 5: Implementing Group Policy
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Module 5: Creating and Configuring Group Policies.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
Company Confidential 1 A Course on Planning A Group Policy Management And Implementation Strategy Prepared for: *Stars* New Horizons Certified Professional.
Implementing Group Policy
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Implementing a Group Policy Infrastructure
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.
Unit 9 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/17/2016 Instructor: Williams Obinkyereh.
Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.
Assignment # 8.
Planning a Group Policy Management and Implementation Strategy
Windows Server 2008 Administration
Introduction to Group Policy
Planning a Group Policy Management and Implementation Strategy
Presentation transcript:

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Configure Group Policy settings for a GPO  Modify the order of Group Policy Objects  Filter the scope of a Group Policy Object  Link Group Policy Objects  Delete GPO links and Group Policy Objects  Examine the application of Group Policy using RSoP  Use the Group Policy Management Wizard Goals

10.2 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Group Policy  Used to set a consistent desktop environment  Used to configure both user and computer security settings  Other security options  Allowing automatic administrative logon to the Recovery Console  Shutting down the system immediately if the system is unable to log security audits Configuring Group Policy Settings for a GPO (Skill 1)

10.3 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  User Configuration settings node  You can use Administrative Templates to control access to the Control Panel or to specific Control Panel applets  You can control what Desktop items will appear or will be hidden, among many other policy settings  You set policies for a GPO using the Group Policy Object Editor for that GPO Configuring Group Policy Settings for a GPO (2) (Skill 1)

10.4 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-1 Setting Group Policy Object Properties (Skill 1)

10.5 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-2 The Enabled Hide Add New Programs page policy (Skill 1)

10.6 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-3 The Interactive logon: Do not display last user name Properties dialog box (Skill 1)

10.7 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-4 The Shutdown: Allow system to be shutdown without having to log on dialog box (Skill 1)

10.8 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-5 The Enabled policies in the Group Policy Object Editor (Skill 1)

10.9 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  The order in which Group Policy settings apply to a user or computer depends on the priority order of the GPOs  GPOs, by default, are processed in accordance with the Active Directory hierarchy (LSDOU)  Local policy  Site policy  Domain policy  OU policy Modifying the Order of Group Policy Objects (Skill 2)

10.10 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using the Enforced option  Allows you to give preference to the policies at each level (except local)  When you set a GPO link to Enforced, the GPO link takes precedence over the settings for any child object  You can also disable a GPO link to completely block that GPO from being applied; this disables the GPO only for the selected container object Modifying the Order of Group Policy Objects (2) (Skill 2)

10.11 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using the Block Inheritance option  Allows you to block the application of all policies applied at higher levels for a specific container  Using filtering  Allows you to specify that a particular GPO only applies to one or more specific groups of users within a container  Involves modifying the Apply Group Policy permission for the GPO Modifying the Order of Group Policy Objects (3) (Skill 2)

10.12 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using the Link Order column on the Linked Group Policy Objects list in the GPMC  Allows you to change the priority order for the GPOs for a domain or an OU  Local policies have no prioritization options because they are always overwritten when a conflict occurs Modifying the Order of Group Policy Objects (4) (Skill 2)

10.13 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Creating and linking a GPO  You must have the Link GPOs permission for the domain or organizational unit for which you are creating the GPO  You also must have permission to create GPOs in that domain  The Domain Admins, Enterprise Admins and Group Policy Creator Owner groups have permission to create GPOs in a domain by default Modifying the Order of Group Policy Objects (5) (Skill 2)

10.14 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using the Resultant Set of Policy (RSoP)  Allows you to see policy prioritization in action  RSoP is a new console in Windows Server 2003  Provides the ability to analyze and display the result of Group Policy application for any object in the directory Modifying the Order of Group Policy Objects (6) (Skill 2)

10.15 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Applying a GPO to a site  You cannot create and link a GPO to a site because the operating system would not know in which domain to create the GPO  To apply a GPO to a site  Create a GPO in any domain in the forest  Use the Link an Existing GPO command to link the GPO to the site Modifying the Order of Group Policy Objects (7) (Skill 2)

10.16 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-6 Changing the link order for a GPO (Skill 2)

10.17 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-7 The Group Policy Inheritance tab (Skill 2)

10.18 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Filtering the scope  You might need to restrain the scope of a GPO by applying permissions to specific users and/or computers  This is called filtering the GPO scope  To filter the scope of a GPO, you use security groups Filtering the Scope of a Group Policy Object (Skill 3)

10.19 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Security groups  Used to specify the users subject to the policies in a particular GPO  Used to define the rights and permissions users will have to access resources  You set different permissions for different security groups on the Security tab in the Properties dialog box for a GPO Filtering the Scope of a Group Policy Object (2) (Skill 3)

10.20 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Setting security groups permissions  Read and Apply Group Policy permissions  Are assigned for a particular GPO  By default, the Authenticated Users group is granted both permissions for all GPOs  To block a policy from applying to a specific group, set its Apply Group Policy permission to Deny  To allow the GPO to apply to a single group of users  Remove the Apply Group Policy permission from the Authenticated Users group  Allow the Apply Group Policy permission only for that group Filtering the Scope of a Group Policy Object (3) (Skill 3)

10.21 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  When you are using filtering, only two group policy permissions are applicable  Read  Apply Group Policy Filtering the Scope of a Group Policy Object (4) (Skill 3)

10.22 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-8 Setting the Apply Group Policy permission for a security group (Skill 3)

10.23 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Two ways to filter the scope of a GPO directly in the GPMC  Select the GPO in its container object  Expand the Group Policy Objects node in the GPMC and select the GPO you want to filter Filtering the Scope of a Group Policy Object (5) (Skill 3)

10.24 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  To add objects to the security filter  On the Scope tab, in the Security Filtering section, click the Add button to open the Select User, Computer, or Group dialog box  Click OK to add the object to the security filter  To apply the GPO only to the group or groups that have been added  In the Security Filtering section on the Scope tab, select Authenticated Users  Click the Remove button Filtering the Scope of a Group Policy Object (6) (Skill 3)

10.25 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure 10-9 Security Filtering (Skill 3)

10.26 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  A GPO, by default, is linked to the container in which it is created  You can link GPOs to additional sites, domains, or OUs in order to increase the scope of the GPO  To link a GPO to an additional container, you use the Link an Existing GPO command and the Select GPO dialog box for that container Linking Group Policy Objects (Skill 4)

10.27 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  To link an existing GPO to a site, domain, or organizational unit, you must have the Link GPOs permission for that container object  The Domain Admins and Enterprise Admins groups are granted this permission by default for domains and organizational units  For sites, only the Domain Admins and Enterprise Admins groups for the forest root domain are granted this permission by default Linking Group Policy Objects (2) (Skill 4)

10.28 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure Linking an existing GPO (Skill 4)

10.29 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The Select GPO dialog box (Skill 4)

10.30 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The GPO linked to the domain (Skill 4)

10.31 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  You might need to link a GPO to additional containers for only a certain period of time, or policies that were once applicable may no longer be needed  In these situations, you can remove the GPO link from a container object or even delete the GPO  If there is more than one GPO link associated with the object, you should remove the GPO link and not delete the GPO  If the GPO is associated with a single object, you can delete the GPO, which also deletes all links to the GPO in the domain Deleting GPO Links and Group Policy Objects (Skill 5)

10.32 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  To delete a link to a GPO  You must have permission to link Group Policy Objects for the OU or the domain  If you do not have this level of permission  The links are not deleted  Links to other domains and sites (called orphan links) remain and appear in the GPMC as Not Found  To delete Not Found links, you must have permission to link Group Policy Objects in the site, domain, or OU where the links are located Deleting GPO Links and Group Policy Objects (2) (Skill 5)

10.33 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  After deleting a GPO  You cannot create a GPO with the same name in the GPMC  A unique GUID is created for each GPO, and the GUID can never be repeated, but if you create GPOs with older tools, the same common name could be repeated  Replication latency and the use of scripts to execute tasks on GPOs can also cause a common name to be repeated Deleting GPO Links and Group Policy Objects (3) (Skill 5)

10.34 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  If you are considering deleting a GPO, check for cross-domain links on the Scope tab for the GPO  In the Display links in this location list box, select [Entire Forest]  All links for the GPO are displayed in the The following sites, domain, and OUs are linked to this GPO box  Select all of the links, right-click the selection, and click Delete link to delete all cross-domain links before you delete the GPO Deleting GPO Links and Group Policy Objects (4) (Skill 5)

10.35 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure Deleting a GPO link (Skill 5)

10.36 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure Confirming the GPO link deletion (Skill 5)

10.37 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure Deleting a GPO (Skill 5)

10.38 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure Confirming the GPO deletion (Skill 5)

10.39 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The Delete dialog box (Skill 5)

10.40 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  RSoP is a useful new tool that allows you to visually examine the application of Group Policy  To use RSoP (if you have not installed the GPMC)  Open MMC and create a new console  Query Active Directory for the Group Policies applying to a specific level of the hierarchy or for a specific object  RSoP returns a list of all Group Policy settings  Shows the configuration for that setting  Identifies Group Policy that configured that particular setting Examining the Application of Group Policy Using RSoP (Skill 6)

10.41 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using RSoP in troubleshooting Group Policy application  It allows you to quickly and easily determine the source of GPO conflicts on your network  RSoP identifies  The final group of policies that are applied, for which GPO set the final value for each policy  The details for the policies that were not applied, including all other GPOs that attempted to set the policy and the setting they tried to impose Examining the Application of Group Policy Using RSoP (2) (Skill 6)

10.42 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  In the GPMC, the functionality of RSoP is broken down into two distinct capabilities, which are controlled by two Wizards  Group Policy Results Wizard  Group Policy Modeling Wizard Examining the Application of Group Policy Using RSoP (3) (Skill 6)

10.43 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Group Policy Results Wizard  Queries the target computer for the RSoP data that was applied to that computer  Displays the policies that are applied to that computer or to a particular user on that computer  The client being queried must be running Windows XP Professional or Windows Server 2003 or later  In the RSoP snap-in, this functionality is called logging mode Examining the Application of Group Policy Using RSoP (4) (Skill 6)

10.44 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The Group Policy Results Wizard (Skill 6)

10.45 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Group Policy Modeling Wizard  Provides a simulation tool  Allows administrators to test to see what would happen to policy application for a particular user or computer under certain conditions  The security group memberships are changed  The location of the object in Active Directory is changed Examining the Application of Group Policy Using RSoP (5) (Skill 6)

10.46 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Group Policy Modeling Wizard  The modeling functionality is controlled by a service that is only installed on a Windows Server 2003 domain controller  There must be at least one Windows Server 2003 domain controller in the domain  In the RSoP snap-in, this functionality is called planning mode Examining the Application of Group Policy Using RSoP (6) (Skill 6)

10.47 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The Group Policy Modeling Wizard (Skill 6)

10.48 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  After you have run one of the wizards, the RSoP data is generated as an HTML report  HTML report  Displays the policy settings that are applied  Identifies the GPO that sets the policy value  The report is added to either the Group Policy Results or Group Policy Modeling node in the GPMC Examining the Application of Group Policy Using RSoP (7) (Skill 6)

10.49 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Viewing the HTML report  Right-click a report  Click Advanced View to open the RSoP console  You can view each policy setting and the source GPO  You can open the Properties dialog box for each policy on the Precedence tab  Allows you to verify the GPO that “won”  Allows you to view all GPOs that attempted to set the policy and the value they attempted to set Examining the Application of Group Policy Using RSoP (8) (Skill 6)

10.50 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The RSoP console (Skill 6)

10.51 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Gpresult.exe command-line tool  An additional tool for troubleshooting Group Policy application in Windows Server 2003  It is stored in %Systemroot%\System32  Performs nearly the same functions as RSoP Examining the Application of Group Policy Using RSoP (9) (Skill 6)

10.52 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Gpresult.exe  When you run Gpresult with no parameters, the results are for the user currently logged on the local computer  Gpresult-Logging mode displays details about the user  Operating system type  Version and configuration  Site  Roaming and local user profile locations Examining the Application of Group Policy Using RSoP (10) (Skill 6)

10.53 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Gpresult-Logging mode also displays Computer Configuration and User Configuration settings  Computer/user DN  Last time Group Policy was applied and the location from which it was applied to the user/computer  Domain name and type  GPOs  That were applied to the computer/user  That were filtered out  Security groups to which the computer/user belongs Examining the Application of Group Policy Using RSoP (11) (Skill 6)

10.54 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The Summary of Selections screen in the Group Policy Results Wizard (Skill 6)

10.55 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The Applied and Denied GPOs (Skill 6)

10.56 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The Interactive Logon and Shutdown policies (Skill 6)

10.57 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The Control Panel/Add or Remove Programs policy (Skill 6)

10.58 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure The Policy Events tab (Skill 6)

10.59 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  The Group Policy Modeling Wizard (GPMW) analyzes the effects of a hypothetical GPO structure  You can perform “what-if” scenarios  To examine the potential effects of inherited Group Policies on users or computers if you redesign your OU structure  To determine the effects if you change security group memberships or move user or computer objects to different Active Directory containers Using the Group Policy Management Wizard (Skill 7)

10.60 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Using the GPMW to evaluate Windows Management Instrumentation (WMI) filters  A WMI filter is built from query strings  Query strings filter the application of Group Policy based on customizable metrics Using the Group Policy Management Wizard (2) (Skill 7)

10.61 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings  Requirements for using the GPMW  You must have at least one Windows Server 2003 server on your network  You must also have the Perform Group Policy Modeling analyses permission for the domain or OU that contains the objects you want to query Using the Group Policy Management Wizard (3) (Skill 7)

10.62 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure level OU structure (Skill 7)

10.63 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure Domain Controller Selection (Skill 7)

10.64 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure User and Computer Selection (Skill 7)

10.65 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure Advanced Simulation Options (Skill 7)

10.66 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure User Security Groups (Skill 7)

10.67 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure Computer Security Groups (Skill 7)

10.68 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure WMI Filters for Users (Skill 7)

10.69 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure Summary of Selections (Skill 7)

10.70 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 10: Configuring Group Policy Settings Figure User and Computer Selection (Skill 7)