Section 5: Troubleshooting and Backing Up GPOs Using Group Policy Troubleshooting Tools Integration of RSoP Functionality Using Logging Options Backing.

Slides:



Advertisements
Similar presentations
Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.
Advertisements

Lesson 17: Configuring Security Policies
Module 5: Creating and Configuring Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Lesson 16: Creating Group Policy Objects
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Maintaining and Updating Windows Server 2008
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
(ITI310) By Eng. BASSEM ALSAID SESSIONS
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.
Section 7: Implementing Security Using Group Policy Exploring the Windows Security Architecture Securing User Accounts Exploring Security Policies Hardening.
Section 10: Assigning and Publishing Software Packages Using MSI Packages to Distribute Software Using Group Policy as a Software Deployment Method Deploying.
Appendix A Starting Out with Windows PowerShell™ 2.0.
Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Section 12: Creating and Deploying Administrative Templates Introducing Administrative Templates Legacy ADM Templates Using the New ADMX Templates Converting.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Module 7 Configure User and Computer Environments By Using Group Policy.
Planning a Group Policy Management and Implementation Strategy Lesson 10.
1 Chapter Overview Preparing to Upgrade Performing a Version Upgrade from Microsoft SQL Server 7.0 Performing an Online Database Upgrade from SQL Server.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Module 5: Implementing Group Policy
Module 11: Troubleshooting Group Policy Issues. Module Overview Introduction to Group Policy Troubleshooting Troubleshooting Group Policy Application.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Module 5: Creating and Configuring Group Policies.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
Company Confidential 1 A Course on Planning A Group Policy Management And Implementation Strategy Prepared for: *Stars* New Horizons Certified Professional.
Implementing Group Policy
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Implementing a Group Policy Infrastructure
1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management.
11 INTRODUCTION TO GROUP POLICY Chapter 7. Chapter 7: INTRODUCTION TO GROUP POLICY2 WHAT CAN YOU DO WITH GROUP POLICY?  Control the user environment.
Module 6 Creating and Configuring Group Policy. Module Overview Overview of Group Policy Configuring the Scope of Group Policy Objects Evaluating the.
Chapter 7: Managing and Troubleshooting Group Policy.
Module 11: Troubleshooting Group Policy Issues. Module Overview Introduction to Group Policy Troubleshooting Troubleshooting Group Policy Application.
Windows Server 2003 群組原則設定與管理 林寶森
GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.
Maintaining and Updating Windows Server 2008 Lesson 8.
Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.
Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016
Planning a Group Policy Management and Implementation Strategy
Introduction to Group Policy
Planning a Group Policy Management and Implementation Strategy
Presentation transcript:

Section 5: Troubleshooting and Backing Up GPOs Using Group Policy Troubleshooting Tools Integration of RSoP Functionality Using Logging Options Backing Up, Restoring, Importing, and Copying GPOs Building Migration Tables Managing Windows Environments with Group Policy

© 2013 Global Knowledge Training LLC. All rights reserved. Section Objectives After completing this section, you will be able to: Describe the Group Policy troubleshooting tools Describe the GPMC tools that have RSoP functionality Describe the GPO logging tools used to obtain more detail about the GPO processing issues Explain how to back up, restore, import, and copy GPOs using the GPMC Explain how to build migration tables 5-2

© 2013 Global Knowledge Training LLC. All rights reserved. Using Group Policy Troubleshooting Tools 5-3 Client-Side Tools Group Policy Results (gpresult.exe) Group Policy Update (gpupdate.exe) GPMC Remote Update Group Policy Replication Tools GPO Verification tool (gpotool.exe) deprecated GPMC Infrastructure Status Replication Monitor (replmon.exe) deprecated Repadmin PowerShell Tools Get-GPResultantSetOfPolicy Invoke-GPUpdate Note: Deprecated tools may still function, but are no longer supported by Microsoft.

© 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Results Gpresult is a built-in tool for Windows XP and later operating systems. You can use it to display RSoP data in a command-line interface. 5-4

© 2013 Global Knowledge Training LLC. All rights reserved. Gpresult Tool Options gpresult /R provides basic GPO information listing the GPO names that have been processed. gpresult /V displays verbose output that details the actual policy settings. gpresult /H sends output to an HTML file. 5-5

© 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Update You can use the Gpupdate tool to refresh policies ahead of the 90 to 120 minute default update interval. The /force switch forces an update even if the GPO service thinks it is up to date. 5-7

© 2013 Global Knowledge Training LLC. All rights reserved. GPMC Remote Update You can use the GPMC tool to refresh policies against multiple remote machines 5-8

© 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Verification Tool The Gpotool tool can help ensure that all domain controllers have an up-to-date copy of the GPOs in the domain. 5-9 Note: This is considered a deprecated tool. Use the GPMC Infrastructure Status tab instead.

© 2013 Global Knowledge Training LLC. All rights reserved. GPMC Infrastructure Status The GPMC Infrastructure Status tab can determine if domain controllers have an up-to-date copy of the GPOs in the domain. 5-10

© 2013 Global Knowledge Training LLC. All rights reserved. Replication Monitor You can use the Replmon tool to monitor and force replication of Active Directory and Sysvol Note: This is considered a deprecated tool. Use the RepAdmin command-line tool instead.

© 2013 Global Knowledge Training LLC. All rights reserved. Using the Replmon Tool to Check GPO Version Numbers You can use the GPO version numbers to compare policy versions between two domain controllers to see if they are consistent. 5-12

© 2013 Global Knowledge Training LLC. All rights reserved. Repadmin Use Repadmin to assist in synchronizing AD DS 5-13

© 2013 Global Knowledge Training LLC. All rights reserved. Get-GPResultantSetOfPolicy PowerShell- based RSOP Run against local or remote computers Generates results in HTML or XML format 5-17

© 2013 Global Knowledge Training LLC. All rights reserved. Invoke-GPUpdate PowerShell- based GPUpdate Run against local or remote computers Schedule an update up to 31 days in the future 5-19

© 2013 Global Knowledge Training LLC. All rights reserved. Integration of RSoP Functionality 5-21 Group Policy Results Group Policy Modeling Creating an HTML File for Reporting New Error Reporting Details

© 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Results Group Policy Results display can be useful in troubleshooting policy application. It displays the actual policies that are applied. 5-22

© 2013 Global Knowledge Training LLC. All rights reserved. Group Policy Modeling The Modeling option simulates policies that would be applied. A user or computer account does not need to exist in order to calculate the RSoP. The Modeling wizard asks which OUs the user and computer accounts would be in. The RSoP calculation is based upon the policies applied at those OU levels. 5-23

© 2013 Global Knowledge Training LLC. All rights reserved. Save the Group Policy Results output to a file for later viewing. Creating an HTML File for Reporting 5-25

© 2013 Global Knowledge Training LLC. All rights reserved. New Error Reporting Details 5-26 The HTML reports now contain additional error reporting information.

© 2013 Global Knowledge Training LLC. All rights reserved. Using Logging Options 5-27 The Userenv.log File Event Logs

© 2013 Global Knowledge Training LLC. All rights reserved. The Userenv.log File You can enable more detailed logging for Group Policy activity with a registry edit. Output will be sent to the Userenv.log file. 5-27

© 2013 Global Knowledge Training LLC. All rights reserved. Event Logs You can enable detailed diagnostic logging for Group Policy information sent to the Event Viewer. This should be a temporary setting. 5-28

© 2013 Global Knowledge Training LLC. All rights reserved. Backing Up, Restoring, Importing, and Copying GPOs 5-30 Backing Up GPOs Restoring GPOs Importing GPOs Copying GPOs

© 2013 Global Knowledge Training LLC. All rights reserved. Live GPO Domain B Live GPO Domain A Backing Up GPOs Restore Copy (Creates new GPO) Import Back up Folder 5-31

© 2013 Global Knowledge Training LLC. All rights reserved. Procedure for Backing Up GPOs (1) You can back up individual policies without going through a full backup of the system state. You can also use backups to copy a policy from one domain to another. 5-32

© 2013 Global Knowledge Training LLC. All rights reserved. Procedure for Backing Up GPOs (2) The description you provide here will also show when you manage your backups. 5-33

© 2013 Global Knowledge Training LLC. All rights reserved. Live GPO Domain B Live GPO Domain A Restoring GPOs Restore Copy (Creates new GPO) Import Back up Folder 5-34

© 2013 Global Knowledge Training LLC. All rights reserved. Live GPO Domain B Live GPO Domain A Importing GPOs Restore Copy (Creates new GPO) Back up Import Folder 5-35

© 2013 Global Knowledge Training LLC. All rights reserved. Live GPO Domain B Live GPO Domain A Copying GPOs Copy (Creates new GPO) Back up Restore Import Folder 5-37

© 2013 Global Knowledge Training LLC. All rights reserved. Building Migration Tables Migration tables help resolve: SID conflicts UNC path conflicts Migration Table Editor tool can help with this process. 5-38

© 2013 Global Knowledge Training LLC. All rights reserved. Building a Migration Table The Migration Table Editor helps to translate SIDs and paths when migrating policies from one domain to another. 5-39

© 2013 Global Knowledge Training LLC. All rights reserved. Summary A few of the command-line tools that you can use to troubleshoot Group Policy deployment and the health of the existing GPOs are: Group Policy Results: This tool provides RSoP details. Group Policy Update: This tool refreshes Group Policy settings without rebooting. GPO Verification tool: This tool ensures that the contents of all the linked Sysvol folders in the domain contain valid and up-to-date GPOs. It also checks for version mismatches between the GPT stored in the Sysvol folder and the GPC in Active Directory. Replication Monitor: This tool gathers a wide variety of replication details. It also monitors the replication status of current GPOs per domain. 5-42

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) The RSoP helps to trace how the policy links are applied for a specified user and a specified computer. It also identifies effective settings and “winning” policy objects. Some of the RSoP tools that you can use to troubleshoot GPO processing are: Group Policy Results: This tool presents “real” information that reflects how the policy is applied. Group Policy Modeling: This tool permits you to perform a simulation before actually applying the policy. HTML file for reporting: Both the GPMC and the Gpresult command-line tools can produce reports in the form of HTML file output. Using these reports, you can view and analyze the policies that are configured and determine where the policies came from. 5-42

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) The GPO logging tools that you can use to obtain more detail about the GPO processing issues are: The Userenv.log: This log contains a detailed verbose log of the logon process. Event logs: These logs record all GPO events with a minimum amount of detail. 5-42

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) You can back up, restore, import, and copy GPOs. The purpose of these functions are: Back Up: This function copies the contents of a live GPO into any specified folder location on the computer or network where you have write permissions. Restore: This function restores a GPO when you have deleted it and want it back, or when you have modified it (either its contents or its ACL) and want to return it to some prior condition. Import: This function transfers the settings in a backed-up GPO to an existing and active GPO. (The import process does not create a new GPO.) Copy: This function creates a new GPO at the destination location. It starts with an active GPO. 5-42

© 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) Use the Mtedit tool to build migration tables. You can either run the tool or invoke it from within the GPMC (right-click the Domains node and select Open Migration Table Editor). 5-42

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check 1.Name and describe the two GPO logging tools. The Userenv.log: Contains a detailed verbose log of the logon process. Event logs: Record all GPO events with a minimum amount of detail. 5-43

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 2.Describe the following tools:  Group Policy Results This tool provides RSoP details.  Replication Monitor This tool gathers a wide variety of replication details. It also monitors the replication status of current GPOs per domain. 5-43

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 3.Which tool is used to build migration tables? a.Userenv b.GPO Migration c.Mtedit d.Event log 5-43

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 4.Match each GPO process with its correct description GPO ProcessDescription RestoreA.Creates a new GPO at the destination location. It starts with an active GPO. Back upB.Restores a GPO when you have deleted it and want it back, or when you have modified it (either its contents or its ACL) and want to return it to some prior condition. CopyC.Transfers the settings in a backed-up GPO to an existing and active GPO. ImportD.Copies the contents of a live GPO into any specified folder location on the computer or network where you have write permissions. D B A C

© 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 5.Which RSoP tool does the following text describe? This tool presents “real” information that reflects how the policy is applied. a.Group Policy Results b.HTLM file for reporting c.Group Policy Modeling d.Group Policy Verification 5-44

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.