Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

Slides:



Advertisements
Similar presentations
This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Advertisements

Auditing Microsoft Active Directory
NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.
Lesson 17: Configuring Security Policies
Module 5: Creating and Configuring Group Policy
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Module 8: Implementing Administrative Templates and Audit Policy.
Group Policy in Microsoft Windows Active Directory.
Microsoft ® Official Course Module 9 Configuring Applications.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
GROUP POLICY An overview of Microsoft Windows Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
Hands-On Microsoft Windows Server 2008
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 12: Deploying and Managing Software with Group Policy.
Module 14: Configuring Print Resources and Printing Pools.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Week #7 Objectives: Secure Windows 7 Desktop
Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.
Section 8: Configuring the Desktop Environment with Group Policy Exploring Script Types and Controlling Script Execution Defining the Desktop, Start Menu,
Section 7: Implementing Security Using Group Policy Exploring the Windows Security Architecture Securing User Accounts Exploring Security Policies Hardening.
Section 10: Assigning and Publishing Software Packages Using MSI Packages to Distribute Software Using Group Policy as a Software Deployment Method Deploying.
Appendix A Starting Out with Windows PowerShell™ 2.0.
Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.
Module 14: Configuring Server Security Compliance
Module 7: Fundamentals of Administering Windows Server 2008.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Section 12: Creating and Deploying Administrative Templates Introducing Administrative Templates Legacy ADM Templates Using the New ADMX Templates Converting.
Managing User Desktops with Group Policy
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Overview Introduction to Managing User Environments Introduction to Administrative Templates Using Administrative Templates in Group Policy Assigning Scripts.
Module 6: Configuring User Environments Using Group Policy.
Module 7 Configure User and Computer Environments By Using Group Policy.
Section 13: Configuring Group Policy Preferences Introducing Group Policy Preferences Comparing Preferences and Policy Settings Configuring Preferences.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
Section 9: Configuring Roaming Profiles and Folder Redirection Managing User Profiles Configuring Folder Redirection Using Folder Redirection and Roaming.
Section 5: Troubleshooting and Backing Up GPOs Using Group Policy Troubleshooting Tools Integration of RSoP Functionality Using Logging Options Backing.
Module 5: Configuring Internet Explorer and Supporting Applications.
GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
Module 5: Creating and Configuring Group Policies.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
NetTech Solutions Security and Security Permissions Lesson Nine.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Implementing a Group Policy Infrastructure
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
Module 6: Configuring User Environments Using Group Policies.
Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.
GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.
Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016
Microsoft Installing & Configuring Windows Server Exam Questions Answers Powered By:
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.
Managing User Desktops with Group Policy
Configuring Windows Firewall with Advanced Security
Introduction to Group Policy
Presentation transcript:

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows Vista New Group Policy Features Introduced with Windows Server 2008 R2 and Windows 7 New Group Policy Features in Windows Server 2012 and Windows 8 Client Managing Windows Environments with Group Policy

© 2013 Global Knowledge Training LLC. All rights reserved. Section Objectives After completing this section, you will be able to: Define Group Policy List the ways you can use Group Policy Describe the tools, features, and policies you can use to manage group policies Describe the new Group Policy features available in the latest versions of Windows 1-2

© 2013 Global Knowledge Training LLC. All rights reserved. What Is Group Policy? Group Policy is built on the Active Directory structure Desktop settings and restrictions Security policies Folder redirection Software deployment Software restrictions Logon scripts Group Policy controls: 1-3

© 2013 Global Knowledge Training LLC. All rights reserved. Desktop Settings and Restrictions Configure standardized settings for the desktop environment Screen saver Desktop background Shortcuts to Applications Configure desktop restrictions to reduce support calls Lock the taskbar Prevent access to control panel apps Restrict or hide Start screen/menu items 1-4

© 2013 Global Knowledge Training LLC. All rights reserved. Security Policies Password Policy Account Lockout Policy Audit Policy and Advanced Audit Policies User Rights Assignment Security Options Event Log Restricted Groups System Services File System Windows Firewall with Advanced Security 1-5

© 2013 Global Knowledge Training LLC. All rights reserved. Folder Redirection Use Folder Redirection to store the user’s personal documents on a server instead of locally 1-5 AppData(Roaming)Favorites DesktopContacts Start MenuDownloads DocumentsLinks Pictures Searches MusicSaved Games Videos

© 2013 Global Knowledge Training LLC. All rights reserved. Software Deployment Myapp.msi Distribute MSI packages to the Computer or User Configure as Assigned or Published 1-6

© 2013 Global Knowledge Training LLC. All rights reserved. Software Restrictions Software Restriction Policies Compatible with Windows XP and later Are more difficult to configure for large numbers of files AppLocker Policies Compatible with Windows 7 and later Can be created by scanning a folder structure Can use wild-card values to restrict or allow access 1-7

© 2013 Global Knowledge Training LLC. All rights reserved. Logon Scripts Computer scripts Startup script Shutdown script User scripts Logon script Logoff script Scripts can be written as: Executables VBScript, JavaScript, Perl scripts Powershell scripts 1-8

© 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Scenarios 1-9 Scenario Prevent changes to the desktop environment Enforce an Audit policy for servers Maintain user documents on a central server Assign a software package to many computers Prevent users from running unauthorized code Map a drive letter to a server resource Solution Use desktop restriction policy settings Use security policies Use Folder Redirection Create a software deployment policy Use a software restriction policy Create a login script in a policy

© 2013 Global Knowledge Training LLC. All rights reserved. New Group Policy Features Introduced with Windows Server 2008 and Windows Vista 1-10 Group Policy Management Editor Enhancements Group Policy Service Changes New GPO Settings

© 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Management Editor Enhancements New Feature Description New format for ADMX (Administrative Templates) XML format Starter GPO Templates for GPO creation Comments for GPOs Ability to add custom comments to GPOs GPO filtered view Ability to sort or limit the display of policies GPMC Now the default Group Policy tool 1-11

© 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Service Changes New Group Policy service Restarts and logoff/logon not required Local Group Policy enhancements Multiple local GPOs Network location awareness No longer relies on ICMP Ability to sort or limit the display of policies 1-12

© 2013 Global Knowledge Training LLC. All rights reserved. New GPO Settings New Hundreds of new policy settings have been added: New power management options Block device driver installation Windows Firewall with Advanced Security options New Windows Internet Explorer options Location-Based printer installation Printer driver installation for non-administrators 1-13

© 2013 Global Knowledge Training LLC. All rights reserved. New Group Policy Features Introduced with Windows Server 2008 R2 and Windows Windows PowerShell Cmdlets Group Policy Preferences Starter GPOs Administrative Template Settings AppLocker

© 2013 Global Knowledge Training LLC. All rights reserved. New Group Policy Features in Windows Server 2012 and Windows 8 Client 1-16 Remote Update from the GPMC PowerShell Invoke-GPUpdate Group Policy Infrastructure Status Policy Error Links in RSOP Results Hundreds of New GPO Items

© 2013 Global Knowledge Training LLC. All rights reserved. Summary Group Policy is a mechanism for applying computer and user settings to one or many computers throughout an Active Directory environment. Use Group Policy to: Prevent changes to the desktop environment Enforce an Audit policy for servers Maintain user documents on a central server Assign a software package to many computers Prevent users from running unauthorized code Map a drive letter to a server resource 1-18

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) New Group Policy features in Windows Server 2008 and Windows Vista 1-18 FeatureDescription Group Policy Management Editor Enhancements New format for ADMX: Based on XML file format; new GPO tools can read ADM and ADMX files Starter GPO: Creates a template of GPO settings that you can reuse Comments for GPOs: Add custom comments to GPOs GPO filter view: Displays settings in a variety of ways, including sort view or filtered view GPMC: Standard tool for managing group policies Group Policy Service Changes Group Policy service: Runs as a service of its own Local Group Policy enhancements: Create multiple GPOs for the local computer Network location awareness: Group Policy now uses event detection and event notification and provides faster startup times when group policies are applied

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) New Group Policy features in Windows Server 2008 and Windows Vista (cont.) 1-19 FeatureDescription New GPO Settings New power management options: Set central standard for power management settings Block device driver installation: Settings are now more granular; can block or allow device driver installation down to a specific PnP hardware identifier; can block installation of removable media devices; can customize a balloon tip message when installation is prevented Windows Firewall with Advanced Security options: With a new interface you can easily create outbound filters; IPSec functionality has been integrated directly into the Windows Firewall interface New Internet Explorer options: Most new Windows Internet Explorer settings are now configurable through Group Policy; can centrally define homes pages, security settings, history retention, etc. Printer installation: Location-based printer installation (shared printer connections are automatically available to computer or user side of the GPO); printer driver installation for non-administrators (installation of printer device drivers now occurs in the background with elevated privileges)

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) New Group Policy features in Windows Server 2008 R2 and Windows FeatureDescription Windows PowerShell cmdlets Manage Group Policy from Windows PowerShell and run Windows PowerShell scripts during logon and startup; cmdlets allow GPO configuration from command line and for automation Group Policy Preferences Additional types of GPO preference items were added Starter GPOsNew default Starter GPOs were added to the GPMC interface Administrative Template Settings New user interface and additional policy settings were added; Administrative Templates section was augmented with new settings and an editor window that is easier to navigate AppLockerA new mechanism for restricting access to software that is only supported by Windows Server 2008 R2 and Windows 7; supports wildcards for version numbering, allowing a single policy to restrict multiple versions of a file; can restrict by user name or group

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check 1.What is Group Policy used for? (Choose all that apply.) a.To configure desktop settings b.To deploy software c.To enforce security policies d.To run logon scripts 2.What is Group Policy? It is a mechanism for applying computer and user settings to one or many computers throughout an Active Directory environment. 1-20

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 3.Match each Group Policy feature with its correct description Group Policy FeatureDescription GPMCA.A tool used to create inbound and outbound firewall policies. IPSec functionality has been integrated directly into the interface. Windows Firewall with Advanced Security B.These allow GPO configuration from the command line and for automation. AppLockerC.These set the central standard for power management settings. Windows PowerShell cmdlets D.A standard tool used to manage group policies. Power management options E.A new mechanism for restricting access to software that is only supported by Windows Server 2008 R2 and Windows 7; supports wildcards for version numbering, allowing a single policy to restrict multiple versions of a file; can restrict by user name or group. A D E B C