Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK

Slides:

Advertisements

Similar presentations

Group Policy - Part 2 of 3 Rick Claus IT Pro Advisor Microsoft Canada

Advertisements

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Understanding Group Policy on Windows Server 2003.

Module 5: Creating and Configuring Group Policy

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Chapter 8 Configuring Group Policies

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

Lesson 16: Creating Group Policy Objects

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

Group Policy – Tips, Tricks and Best Practices

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

GROUP POLICY An overview of Microsoft Windows Group Policy.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.

Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.

70-411: Administering Windows Server 2012

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.

11.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning.

Planning a Group Policy Management and Implementation Strategy Lesson 10.

Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.

ADM320 Managing Group Policy BJ Whalen Program Manager Windows Server Microsoft Corporation.

GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.

4. Managing the Desktop Thomas Lee Chief Technologist – QA plc.

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

Module 5: Implementing Group Policy

Page 1 System and Group Policies Lecture 7 Hassan Shuja 11/02/2004.

Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.

Active Directory Group Policy. Group Policy Overview  Successor to NT policies Much more flexible  Only applies to 2000 workstations Use old style policies.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.

Module 5: Creating and Configuring Group Policies.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

1 Group Policies (Week 11, Monday 3/19/2007) © Abdou Illia, Spring 2007.

Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.

Company Confidential 1 A Course on Planning A Group Policy Management And Implementation Strategy Prepared for: *Stars* New Horizons Certified Professional.

Implementing Group Policy

Module 7: Implementing Security Using Group Policy.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.

Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.

Implementing a Group Policy Infrastructure

11 INTRODUCTION TO GROUP POLICY Chapter 7. Chapter 7: INTRODUCTION TO GROUP POLICY2 WHAT CAN YOU DO WITH GROUP POLICY?  Control the user environment.

Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.

Chapter 7: Managing and Troubleshooting Group Policy.

11 DESIGNING AN ADMINISTRATIVE SECURITY STRUCTURE Chapter 7.

Module 8 Implementing Security Using Group Policy.

10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

Windows Server 2003 群組原則設定與管理林寶森

GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.

Unit 9 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/17/2016 Instructor: Williams Obinkyereh.

Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016

1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.

Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.

Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016

Planning a Group Policy Management and Implementation Strategy

Windows Server 2008 Administration

Unit 9 NT1330 Client-Server Networking II Date: 8/9/2016

Group Policy Inheritance

Introduction to Group Policy

Presentation transcript:

Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK

Introducing Group Policy Common tasks with Group Policy Planning & Best Practices Agenda

Introducing Group Policy Basic Understanding Works with Windows 2000 and later Enable one-to-many management of users and computers Simplify administrative tasks Implement security settings Implement standard computing environments

Introducing Group Policy Group Policy Terms Group Policy Management Console Group Policy settings Group Policy Object Editor Active Directory containers SiteDomainOUs Child OUs

Registry-based Policy Introducing Group Policy Group Policy Capabilities

Registry-based Policy Security Settings Introducing Group Policy Group Policy Capabilities

Registry-based Policy Security Settings Software Restrictions Introducing Group Policy Group Policy Capabilities

Registry-based Policy Security Settings Software Restrictions Software Distribution Introducing Group Policy Group Policy Capabilities

Registry-based Policy Security Settings Software Restrictions Software Distribution Computer and User Scripts Introducing Group Policy Group Policy Capabilities

Registry-based Policy Security Settings Software Restrictions Software Distribution Computer and User Scripts Roaming Profiles and Redirected Folders Introducing Group Policy Group Policy Capabilities

Registry-based Policy Security Settings Software Restrictions Software Distribution Computer and User Scripts Roaming Profiles and Redirected Folders Offline Folders Introducing Group Policy Group Policy Capabilities

Registry-based Policy Security Settings Software Restrictions Software Distribution Computer and User Scripts Roaming Profiles and Redirected Folders Offline Folders Internet Explorer Maintenance Introducing Group Policy Group Policy Capabilities

Introducing Group Policy Default Policies Local Security Policy Default Domain Policy Default Domain Controllers Policy

Introducing Group Policy Where is Group Policy Stored

Local Security Policy Introducing Group Policy Order of Precedence

Local Security Policy Site Policy Introducing Group Policy Order of Precedence

Local Security Policy Site Policy Domain Policy Introducing Group Policy Order of Precedence

Local Security Policy Site Policy Domain Policy Parent OU Policy Introducing Group Policy Order of Precedence

Local Security Policy Site Policy Domain Policy Parent OU Policy Child OU Policy Introducing Group Policy Order of Precedence

Introducing Group Policy Group Policy Management Console Unified, easy to use GUI Backup/Restore of GPOs Import/Export and Copy/Paste of GPOs Simplified security HTML reporting Scripting of Group Policy tasks

Introducing Group Policy Group Policy Objects & Links GPMC manages GPO Links Scope Of Management (SOM) GPOs contain policy settings Links define what objects the GPO will target Scope Of Management (SOM) Site, Domain, OU, OU,…. Filtering can be based on links to SOM Better illustrates the relationship between GPOs and Links

Introducing Group Policy Demo

Common tasks with Group Policy Planning & Best Practices Agenda

Common tasks Using Administrative Templates Enables configuration of policy settings Do not actually contain policy settings Used by Group Policy Object Editor Policy settings are contained registry.pol Windows Server 2003 contains: System.admInetres.admConf.admWmplayer.admWuau.adm

Common tasks Using Administrative Templates KB – “Recommendations for Managing Group Policy Administrative Template Files” Superset principle from WS2003 RTM onwards Historical.adm files available online Never edit the OS-shipped.adm files Know the benefits of a “true policy” (as compared to preferences) Security (local administrators) Cleanup (if GPO is out of scope)

Common Tasks Account Policies Password Account lockout Kerberos settings Domain level vs OU level setting

Common Tasks Software Restriction Policies Windows Server 2003 and Windows XP Base philosophies Unrestricted All programs run except those I select Disallowed Use with care Policy rules HashCertificatePath Internet Explorer Zone

Common Tasks Restricted Groups Membership of Active Directory security groups No-one can be in Enterprise Administrators Only these users are helpdesk staff Membership of Local Groups Helpdesk are members of local administrators

Common Tasks Some of the rest…. Additional security Registry Access Control Lists (ACLs) File System Access Control Lists (ACLs) Service Startup Mode Internet Explorer Maintenance Audit Policies Especially on servers

Common Tasks with Group Policy Demo

Introducing Group Policy Common tasks with Group Policy Planning & Best Practices Agenda

Planning & Best Practices OU Design Why create OU’s Segment by role Domain controllers ComputersUsers Redirect default OU for new accounts redirusr.exe and redircmp.exe Use delegation of administration Create/Update/Link GPOs

Planning & Best Practices Group Policy Objects Normalise GPOs – “GP Common Scenarios” Naming conventions Clear purpose and intent 3-segment string: Scope/Purpose/Managed By e.g. WW-Outlook-OTG What about the number of GPOs? MYTH: Fewer GPOs=Better performance FACT: Number of settings is more important

Planning & Best Practices General Guidance Avoid Cross-Domain GPO links Performance overhead Alternative - GPMC scripts Use the following sparingly Enforce (no override) Block Inheritance Loopback Keep it simple

Planning & Best Practices Using WMI Filters XP and Windows Server 2003 Only Performance hit Limit to known lifetime if possible Scriptomatic

Summary Group Policy serves many purposes If you’re not already using GPMC, why not? It’s not as hard as it looks …but without planning, it’s easy to make it look hard technologies/management/grouppolicy technologies/management/grouppolicy

Recommended Reading “Group Policy, Profiles and Intellimirror for Windows 2003, Windows XP and Windows 2000” By Jeremy Moskowitz

© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK