Configuring the User and Computer Environment Using Group Policy Lesson 8.

Slides:



Advertisements
Similar presentations
Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
Advertisements

Lesson 17: Configuring Security Policies
Configuring Windows Internet Explorer 7 Security Lesson 5.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Lesson 19 – ADMINISTERING WINDOWS 2000 SERVER : THE BASICS.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Performing Software Installation with Group Policy
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Configuring Active Directory Certificate Services Lesson 13.
Windows Tutorial 9 Maintaining Hardware and Software
Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Introduction to Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
Using Windows Firewall and Windows Defender
Using Group Policy Lesson 4. Skills Matrix Technology SkillObjective Domain SkillDomain # Creating and Understanding Group Policy Modeling and Group Policy.
With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface.
1/28/2010 Network Plus Windows Networking Network Identification Identifies name and type of network. Installed adapters –Performed during Windows installation.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Overview Introduction to Managing User Environments Introduction to Administrative Templates Using Administrative Templates in Group Policy Assigning Scripts.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
Section 9: Configuring Roaming Profiles and Folder Redirection Managing User Profiles Configuring Folder Redirection Using Folder Redirection and Roaming.
1 Part-1 Chap 5 Configuring Accounts Definitions.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
Security Planning and Administrative Delegation Lesson 6.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Working with Active Directory Sites Lesson 3. Skills Matrix Technology SkillObjective DomainObjective # Introducing Active Directory Sites Configure sites2.3.
Working with Disks Lesson 4. Skills Matrix Technology SkillObjective DomainObjective # Configuring Data Protection Configure data protection6.4 Using.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
Guide to MCSE , Second Edition, Enhanced 1 Managing NTFS Permissions NTFS Only file system supported by Windows XP that offers file- level security.
Managing Applications, Services, Folders, and Libraries Lesson 4.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.
Managing File Resource Using File Server Resource Manager Chapter 9 Advance Computer Network Lecture Sorn Pisey
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Windows Server 2003 群組原則設定與管理 林寶森
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.
11 CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY Chapter 8.
Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016
CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY
Managing Data by Using NTFS
Bethesda Cybersecurity Club
Introduction to Group Policy
Planning a Group Policy Management and Implementation Strategy
Presentation transcript:

Configuring the User and Computer Environment Using Group Policy Lesson 8

Skills Matrix Technology SkillObjective DomainObjective # Configuring Account Policies Configure account policies 4.6 Planning and Configuring an Audit Policy Configure Audit Policy by using GPOs 4.7

Lesson 8 Defining a Domain-Wide Account Policy Open the GPMC. Click Forest:. Click Domains, click, and then click Group Policy Objects. Right-click the Default Domain Policy, and click Edit.

Lesson 8 Defining a Domain-Wide Account Policy (cont.) In the left window pane, expand the Computer Configuration node, and then expand the Windows Settings folder. Expand the Security Settings node. In the Security Settings node, expand Account Policies, and select Password Policy.

Lesson 8 Defining a Domain-Wide Account Policy (cont.) To modify a setting, double-click the setting in the right window pane to open the Properties dialog box for the setting. Then, make the desired value changes. Click OK to close the setting's Properties dialog box. Close the Group Policy Management Editor window for this policy.

Lesson 8 Configuring a Domain-Wide Account Lockout Policy Open the GPMC. Click Forest:. Click Domains, click, and then click Group Policy Objects. Right-click the Default Domain Policy, and click Edit. A Group Policy Management Editor window for this policy is displayed.

Lesson 8 Configuring a Domain-Wide Account Lockout Policy (cont.) In the left window pane, expand the Computer Configuration node, and then expand the Windows Settings folder. Expand the Security Settings node. In the Security Settings node, expand Account Policies, and select Account Lockout Policy.

Lesson 8 Configuring a Domain-Wide Account Lockout Policy (cont.) In the right window pane, double-click the Account lockout duration policy setting to view the Properties dialog box. Select the Define This Policy Setting checkbox. If you want to change the account lockout duration, you may do so here.

Lesson 8 Configuring a Domain-Wide Account Lockout Policy (cont.) Click OK to accept the specified lockout duration. Click OK to automatically enable these other settings, or click Cancel to go back to the Account Lockout Duration Properties dialog box. Click OK to accept the additional setting defaults.

Lesson 8 Configuring a Domain-Wide Account Lockout Policy (cont.) Make any additional changes, as necessary, to the other individual Account Lockout Policy settings. Close the Group Policy Management Editor window for this policy.

Lesson 8 Configuring the Kerberos Policy Open the GPMC. Click Forest:. Click Domains, click, and then click Group Policy Objects. Right-click the Default Domain Policy, and click Edit. A Group Policy Management Editor window for this policy is displayed.

Lesson 8 Configuring the Kerberos Policy (cont.) In the left window pane, expand the Computer Configuration node, and then expand the Windows Settings folder. Expand the Security Settings node. In the Security Settings node, expand Account Policies, and select Kerberos Policy.

Lesson 8 Configuring the Kerberos Policy (cont.) To modify a setting, double-click the setting in the right window pane to open the Properties dialog box for the setting. Make the desired value changes. Click OK to close the setting's Properties dialog box. Close the Group Policy Management Editor window for this policy.

Lesson 8 Configuring an Audit Policy Open the GPMC. Click Forest:. Click Domains, click, and then click Group Policy Objects. Right-click the Default Domain Policy, and click Edit.

Lesson 8 Configuring an Audit Policy (cont.) In the left window pane, expand the Computer Configuration node, and then expand the Windows Settings folder. Expand the Security Settings node. In the Security Settings node, expand Local Policies, and select Audit Policy.

Lesson 8 Configuring an Audit Policy (cont.) In the right window pane, double-click the Audit Policy setting you want to modify. The Properties dialog box for the chosen setting is displayed. Select the Define This Policy Setting checkbox.

Lesson 8 Configuring an Audit Policy (cont.) Select the appropriate checkboxes to audit Success, Failure, or both under the Audit These Attempts heading. Click OK to close the setting's Properties dialog box. Close the Group Policy Management Editor window for this policy.

Lesson 8 Configuring Files and Folders for Auditing In Windows Explorer, right-click the file or folder you want to audit. Select Properties. On the Security tab in the Properties dialog box for the selected file or folder, click Advanced.

Lesson 8 Configuring Files and Folders for Auditing (cont.) In the Advanced Security Settings dialog box for the file or folder, select the Auditing tab, and then click Add. Select the users and groups to be audited for file or folder access, and then click OK.

Lesson 8 Configuring Files and Folders for Auditing (cont.) Select Successful, Failed, or both checkboxes for the events you wish to audit. In the Apply Onto list, specify which objects are to be audited. Click OK to return to the Advanced Security Settings dialog box for the object.

Lesson 8 Configuring Files and Folders for Auditing (cont.) Choose whether you wish auditing entries from parent objects to be inherited to this object by selecting or deselecting the Allow Inheritable Auditing Entries From Parent To Propagate To This Object And All Child Objects checkbox. Click OK to complete this process. Close the Group Policy Management Editor window for this policy.

Lesson 8 Customizing Event Log Policies From the Administrative Tools menu, open Event Viewer. Right-click the log for which you want to view or modify the settings, and select Properties. Modify the desired settings, and click OK.

Lesson 8 Configuring Folder Redirection Create a GPO or modify an existing GPO with the necessary Folder Redirection Policy setting. Using the Group Policy Management Editor for the desired GPO, locate the Folder Redirection policy extension in the User Configuration/Windows Settings/node. Right-click the Documents folder in the left window pane, and select Properties.

Lesson 8 Configuring Folder Redirection (cont.) Use the Setting drop- down box of the Target tab to select one of the options in the My Documents Properties dialog box.

Lesson 8 Configuring Folder Redirection (cont.) If you choose Basic–Redirect Everyone's Folder To The Same Location, you must specify the Target folder location in the Settings dialog box. If you choose Advanced–Specify Locations For Various User Groups, you must specify the target folder location for each group that you add in the Settings dialog box.

Lesson 8 Configuring Folder Redirection (cont.) The Settings tab of the Documents Properties dialog box provides several additional selections. Select from the options in the Policy Removal box of the Settings tab. Click OK.

Lesson 8 Optimizing Group Policy Processing Open the Group Policy Management Console (GPMC). Click Forest:. Click Domains, click, and then click Group Policy Objects. Select the Default Domain Policy, and click Edit.

Lesson 8 Optimizing Group Policy Processing (cont.) Right-click the Default Domain Policy node at the top of the left window pane. Click GPO Status, and place a checkmark next to User Configuration Settings Disabled, Computer Configuration Settings Disabled, or All Settings Disabled.

Lesson 8 You Learned Most security-related settings are found within the Windows Settings node of the Computer Configuration node of a GPO. Policy settings that you wish to apply to all computers or users within a domain should be made within the Default Domain Policy GPO. Generally, domain-wide account policies, such as Password Policies, Account Lockout, and Kerberos settings, are modified here.

Lesson 8 You Learned (cont.) Windows Server 2008 provides the ability to configure Fine-Grained Password Policies, which allow multiple password and account lockout policies within a single domain. Local Policy settings govern the actions users can perform on a specific computer and determine whether the actions are recorded in an event log. Create Audit Policies here.

Lesson 8 You Learned (cont.) Auditing can be configured to audit successes, failures, or both. Plan auditing carefully before implementation. Events that are not important to your documentation and information needs can cause unnecessary overhead when audited. Auditing can be a very important security tool when used prudently.

Lesson 8 You Learned (cont.) Because audited events are recorded in the appropriate event log, it is necessary to understand the Event Log Policy setting area. This area allows control over maximum log sizes, log retention, and access rights to each log.

Lesson 8 You Learned (cont.) Restrictions on group memberships can be accomplished using the Group Restriction Policy setting. Implementing this policy removes group members who are not part of the configured group membership list or adds group members according to a preconfigured list.

Lesson 8 You Learned (cont.) Folder Redirection can be configured for folders located on a local computer within the Documents And Settings folder. The Offline Files settings allow redirected folders to be available when a network connection is not present. These two setting areas complement each other.

Lesson 8 You Learned (cont.) Disk quotas can be used to control storage space on a network drive. Implementing disk quotas allows administrators to have tighter control over drive usage, which can affect tape backup and restore functionality.

Lesson 8 You Learned (cont.) Computer configuration group policies are refreshed every 90 minutes by default. Domain controller group policies are refreshed every 2 minutes. These settings can be altered based on the frequency in which policy changes occur. Disabling unused portions of a GPO decreases the time it takes to complete policy processing.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.