Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group Policy in Windows Vista Andy Malone MCSE, MCT

Published byDamon Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "Group Policy in Windows Vista Andy Malone MCSE, MCT"— Presentation transcript:

1 Group Policy in Windows Vista Andy Malone MCSE, MCT Andrew.mlaone@quality-training.co.uk

2 Group Policy Administration Group Policy with Windows Vista QoS Policies What Will We Cover?

3 Level 200 Understanding of Group Policy Administering Windows Helpful Experience

4 Understanding Group Policy Reviewing New Infrastructure Features Using Policy Settings Agenda

5 GPO Infrastructure ActiveDirectory Policy Targeting Policy Troubleshooting Policy Enforcement Policy Definition GPMC and GPEdit – GPO Management and Operations

6 GPO Infrastructure – Customer Pains AD AD Policy Targeting Policy Troubleshooting Policy Enforcement Policy Definition GPMC and GPEdit – GPO Management and Operations Difficult to locate settings Lack of best practice knowledge ADM File format and storage issues ADM File format and storage issues Sysvol bloat Ping Issues, VPN scenarios Ping Issues, VPN scenarios Kiosk Scenarios Error Messages Error Messages Complicated Diagnostic log (Userenv) What and Where is GPMC? What and Where is GPMC? Change Management, Auditing and Workflow

7 Group Policy Pain Points File Format ADM file format and languages Storage Policy Definition Difficult to locate settings Lack of best practice knowledge Policy Enforcement Ping issues VPN scenarios Policy Troubleshooting Error messages Complicated diagnostic log What and Where is GPMC? Network Traffic End-to-end performance WAN performance

8 Group Policy Pain Points - Notes File Format ADM file format and languages Storage Policy Definition Difficult to locate settings Lack of best practice knowledge Policy Enforcement Ping issues VPN scenarios Policy Troubleshooting Error messages Complicated diagnostic log What and Where is GPMC? Network Traffic End-to-end performance WAN performance

9 Windows Vista Improvements In Group Policy More settings, applied more reliably, easier to use Category GPMC integration into the operating system Improved syntax and multilingual support for Admin Templates policy settings (ADMX files) A solution to “sysvol bloat” Searching, Filtering and Templates (SP1) Extending the Coverage Reliable and Efficient Application of Policy Ease of Use More secure, stable infrastructure (Group Policy Service) Responsiveness to changing network conditions for GP processing Enhanced troubleshooting experience Multiple Local GPOs Extended Group Policy to cover new Windows Vista features Improved coverage in key areas like Security and Desktop management Key Features and Enhancements

10 Demo Preparing Active Directory l Install Group Policy Management Console l Copy AdPrep Folder l Run ForestPrep

11 Understanding Group Policy Reviewing New Infrastructure Features Using Policy Settings Agenda

12 HelloHola Windows Vista Improvements Extended Coverage Reliable and Efficient Application of Policy Ease of Use SYSVOL

13 More efficient Service has been hardened Group Policy Service Winlogon

14 Network Awareness Problems today Policy application is not network sensitive – VPN Scenario – Laptop Hibernate/Standby recovery Slow Link detection failures – ICMP turned off at routers – Failures in high bandwidth high latency (Satellite connection) scenarios

15 Improved Network Awareness More Responsive to Network Changes – No longer just 90 minutes or so – If previous policy application cycle was skipped or failed then it retries whenever network connectivity (Ability to reach DC) is available Leverages NLA v2.0 (Network Location Awareness) – Subscribe for DC availability notification – Removal of dependence on ICMP (no more Ping!) – Improved bandwidth determination (through NLA) Note: Network Quarantine scenario needs additional configuration

16 Multiple Local GPOs Customer Request: Set different configurations for different users with local GPOs

17 Local GPO Customer request Local GPOs are primarily used – Non AD environments – for non-domain joined, shared-use machines like Kiosks, Task stations Customer Request: Ability to set different configurations for different users using just Local GPO – Common example is where local admins need a less locked down configuration than regular users – Cannot accomplish this today since there is not concept of ‘Security Filtering’ on LGPOs

18 Multiple Local GPOs Supports having different policy settings for different local users LGPOs for – The machine (same LGPO as today) – NEW: Local groups (Admin or Non-Admin) – NEW: Individual local users Application Order is same as above – Note: Any single user receives either the Admin or the Non-Admin LGPO (not both) Domain GPOs still have greater precedence than LGPOs (as today) New policy setting – ability to exclude all local GPO processing

19 Troubleshooting Group Policy Some challenges Cryptic Error messages – No consistent diagnosis or resolution information – Error help link broken – Not Actionable Userenv.log – Not many users aware of this option – Not IT Admin friendly Each GP extension has a different format and location of its log No consolidated centralized reporting

20 Group Policy Management Console

21 GPMC Integration GPMC is the one-stop shop for managing Group Policy (has been our recommendation for almost 3 years) Why Integrate GPMC Into The Operating System? The perception is… – “It’s just a little utility” – “Great, but it’s not part of the Operating System” – “What’s GPMC?” Will be available on client and server – no need to download/install No major feature updates; Just bug fixes and localization Some feature updates will be available in “Longhorn” Server (Vista SP1)

22 Events and Logging Cryptic Error Messages userenv.log Multiple Logs Admin Events Operational Events

23 Events and Logging – Notes Cryptic Error Messages userenv.log Multiple Logs Admin Events Operational Events

24 Demo Using Group Policy Features l Run DomainPrep l Access the Vista GPMC l Use Internet Explorer 7.0 Group Policy l Use Events and Logging

25 Administrative Template Files %windir%\policydefinitions Printing.admx inetres.admx … %windir%\policydefinitions \en-us Printing.adml inetres.adml Windows Vista Administrative Computer (English) Windows Vista Administrative Computer (French) \policies\policydefinitions Printing.admx inetres.admx.. \en-us Printing.adml inetres.adml \fr Printing.adml inetres.adml \.. %windir%\policydefinitions Printing.admx inetres.admx … %windir%\policydefinitions \fr Printing.adml inetres.adml

26 Administrative Template Files- Notes %windir%\policydefinitions Printing.admx inetres.admx … %windir%\policydefinitions \en-us Printing.adml inetres.adml Windows Vista Administrative Computer (English) Windows Vista Administrative Computer (French) \policies\policydefinitions Printing.admx inetres.admx.. \en-us Printing.adml inetres.adml \fr Printing.adml inetres.adml \.. %windir%\policydefinitions Printing.admx inetres.admx … %windir%\policydefinitions \fr Printing.adml inetres.adml

27 Windows Vista Interop Scenarios (ADMX/ADM Co-Existence) Windows Vista does not ship with any ADM files. ADMX files are superset of older ADM files Both ADMX and ADM files can co-exist. You can use “Add/Remove Templates” dialog for ADM files You can leverage this feature in existing Win2k3/Win2k environments. – Just Admin workstations need to run Vista Note: No plan currently to ship ADM to ADMX conversion tool

28 ADM Templates – Usability Improvements Windows Vista SP1/“Longhorn” Server Comments – Enable per GPO and per setting comments Search/Filter – locate settings based on – Text search of setting title, explain text and comments – Platform and applications “supported on” – Managed (true GP policy setting) – Configured (enabled or disabled) – Results of search is a filtered GPedit view Templates – Encapsulation of best practices/scenarios – Will contain recommended Policy settings and values – Microsoft will ship some initial scenario-based templates – Anyone can create and share new custom templates – Create new GPOs based on a template – GPMC will provide ‘Template management’ support

29 Prototype UI For Templates And Search And Filter Features GPMC Template Integration Filter Options Dialog

30 Demo Editing Domain-based GPOs Using ADMX Files Create ADMX Central Store

31 DFS Replication and SYSVOL ADM File SYSVOL ADMX File * Remote Differential Compression RDC)

32 Understanding Group Policy Reviewing New Infrastructure Features Using Policy Settings Agenda

33 Choosing the Right Settings – Examples of Expanded Policy Settings: BITS Client Help Disk Failure Diagnostics DVD Video Burning MMTPNetwork Quarantine Security Protection Shell Application Management UAC

34 Choosing the Right Settings - Notes – Examples of Expanded Policy Settings: BITS Client Help Disk Failure Diagnostics DVD Video Burning MMTPNetwork Quarantine Security Protection Shell Application Management UAC

35 Security Pain Points Spyware and viruses Users over-privileged Lost productivity Administrative cost Secure by default

36 Security Pain Points - Notes Spyware and viruses Users over-privileged Lost productivity Administrative cost Secure by default

37 UAC Policy Settings

38 Windows Firewall and IPSec IPSec

39 Windows Firewall and IPSec - Notes IPSec

40 Security Enhancements Version 7.0 Windows Defender Wireless and Wired Configuration Network Access Protection Public Key Policy Configuration Integrated IE 7.0 Policy Settings

41 Desktop Management Power Management Printer Management Windows Shell Management

42 Device Installation Policy Settings Device Driver Device Identification Strings Device Setup Classes

43 Device Installation Policy Settings - Notes Device Driver Device Identification Strings Device Setup Classes

44 Demo Installing Devices with Group Policy l Block the Installation of a USB Device

45 QoS Policies Source IPv4/IPv6 addresses Destination IPv4/IPv6 addresses Protocol Source or destination ports A/V Traffic

46 QoS Policies - Notes Source IPv4/IPv6 addresses Destination IPv4/IPv6 addresses Protocol Source or destination ports A/V Traffic

47 Demo Configuring QoS Policy Create a QOS Policy for Web Traffic Create a QOS Policy for VoIP Traffic

48 Better Group Policy administration Restricting device installation Managing network traffic Session Summary

49 For the latest titles, visit www.microsoft.com/learning/books/itpro/ Microsoft Press Publications

50 These books can be found and purchased at all major book stores and online retailers Non-Microsoft Publications

51 Resources Group Policy on Microsoft.com – http://www.microsoft.com/GroupPolicy http://www.microsoft.com/GroupPolicy Group Policy FAQ – http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.msp x http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.msp x What's New in Group Policy in Windows Vista and Windows Server "Longhorn" – http://www.microsoft.com/technet/windowsvista/library/a8366c42-6373-48cd- 9d11-2510580e4817.mspx http://www.microsoft.com/technet/windowsvista/library/a8366c42-6373-48cd- 9d11-2510580e4817.mspx Managing ADMX Files Step by Step Guide – http://www.microsoft.com/technet/windowsvista/library/02633470-396c-4e34- 971a-0c5b090dc4fd.mspx http://www.microsoft.com/technet/windowsvista/library/02633470-396c-4e34- 971a-0c5b090dc4fd.mspx Group Policy Feature Suggestions, New Policy Setting Ideas, etc. – http://www.WindowsServerFeedback.com http://www.WindowsServerFeedback.com

52 Find all these support options at www.microsoft.com/technet/support Microsoft offers a progressive series of support options starting with no-charge online support and developing through subscription, incident, and contract support. 1. No-Charge Online Support Knowledge Base Search a vast database of articles to pinpoint the information you need. Newsgroups Access over 20,000 active newsgroups on scores of topics. Product Support Centers Get answers to frequently asked questions, plus how-to articles and step- by-step instructions organized by product. DLL Help Database Search here to identify the software used to install a specific DLL version. Events and Errors Message Center Resolve event and error messages fast with explanations, recommendations, and links to support and resources. Support Webcasts Tune in to live technical presentations by Microsoft experts and take part in real- time Q&A. Chats Chat online with Microsoft specialists or search the transcript archives. User Group Program Access information and support for IT and other interest-specific user groups. TechNet Security Resource Center Get ahead of security risks with resources that keep you current, including security newsletters and the Microsoft notification service. 2. Subscription-Based Support TechNet Subscription Subscribe to TechNet for a personal library of articles, service packs, how-to’s, resource kits, tools, utilities, and more. Your subscription includes monthly updates delivered on CD or DVD, so you always have the latest information, straight from the source. Upgrade to a TechNet Plus subscription and add all this: 1.Full-version evaluation software, including Microsoft Office System and Windows Server System™ products, without time restrictions. 2. Free support — two complimentary incidents, plus a discount on other support calls. 3. Unlimited, next-business-day access to reliable answers from the IT community and Microsoft Support Professionals through Managed Newsgroups (English only). 3. Assisted Incident Support E-mail Support Get online incident help via e-mail from a Microsoft Support Professional. Phone Support Get incident help over the phone from a Microsoft Support Professional. Phone Support Contract Save with a discounted 5-Pack Phone Support contract. Advisory Services Add remotely delivered consultation options from Microsoft Advisory Services for proactive support that goes far beyond routine product maintenance. 4. Contract-Based Support Premier Support Get the flexibility to match support options to your organization and enjoy direct access to Microsoft technical experts at any time, day or night. Premier Support delivers customized options for businesses with complex needs, including dedicated technical professionals to oversee your support, 24x7 problem resolution, and training and workshops that keep your IT staff up to date. Essential Support Essential Support offers prepackaged options specifically designed to meet the fundamental support requirements of any business, large or small. Includes account management, problem resolution, and information services.

53 Free chats and webcasts List of newsgroups Microsoft community sites Community events and columns Where Else Can I Get Help? www.microsoft.com/technet/community

54 What else does TechNet give you? FREE TechNet Newsletter” FREE Events and Webcasts FREE quarterly “TechNet” magazine FREE comprehensive technical website FREE TechNet Radio, Security Centre, Learning Paths and Virtual Labs TechNet Plus Subscription DVD A range of tools and resources for IT professionals that let you plan, manage,deploy To subscribe to the newsletter or just to find out more, please visit www.microsoft.com/uk/technet www.microsoft.com/uk/technet

55 http://www.microsoft.com/uk/technet PS (The evaluation form is now sent out electronically with your thank you e-mail. This can take up to 5 working days. Please do feedback as we read all the comments and use them to shape future event content) Thank you for attending this TechNet Event

56 Thanks For Attending! Andrew.malone@quality-training.co.uk Thanks for Attending !

Download ppt "Group Policy in Windows Vista Andy Malone MCSE, MCT"

Similar presentations

Group Policy – What's New In Vista And Longhorn Server

Group Policy – What's New In Vista And Longhorn Server
Active Directory Fundamentals

Active Directory Fundamentals
Advanced SQL Server 2005 Reporting Services. New Data Sources in SSRS 2005 Reporting Services Data Extensions Working with SSAS and SSIS Data End-User.

Advanced SQL Server 2005 Reporting Services. New Data Sources in SSRS 2005 Reporting Services Data Extensions Working with SSAS and SSIS Data End-User.
Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.

Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.
Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy

Managing User Settings with Group Policy
©2006 Microsoft Corporation. All rights reserved. CLI220 Windows Vista Client Manageability Presented by Mark Minasi Created by David Zipkin Product Manager.

©2006 Microsoft Corporation. All rights reserved. CLI220 Windows Vista Client Manageability Presented by Mark Minasi Created by David Zipkin Product Manager.
Microsoft Software Assurance for Academic Licensing Programs.

Microsoft Software Assurance for Academic Licensing Programs.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India

Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India
Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.

Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.
Excel Services Overview. Broad sharing of spreadsheets Business intelligence capabilities Excel services architecture What Will We Cover?

Excel Services Overview. Broad sharing of spreadsheets Business intelligence capabilities Excel services architecture What Will We Cover?
TNT1-145. Welcome to this TechNet Event We would like to bring your attention to the key elements of the TechNet programme; the central information and.

TNT Welcome to this TechNet Event We would like to bring your attention to the key elements of the TechNet programme; the central information and.
SP2 Mikael Nystrom. Agenda Översikt Installation.

SP2 Mikael Nystrom. Agenda Översikt Installation.
Lesson 10 Operating System Customization

Lesson 10 Operating System Customization
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
PKI Enhancement in Windows Vista® and Windows Server 2008.

PKI Enhancement in Windows Vista® and Windows Server 2008.
Windows Vista: Deployment. What Will We Cover? Managed Deployment Advantages Windows Imaging Windows Preinstallation Environment Application Compatibility.

Windows Vista: Deployment. What Will We Cover? Managed Deployment Advantages Windows Imaging Windows Preinstallation Environment Application Compatibility.
Module 4: Add Client Computers and Devices to the Network.

Module 4: Add Client Computers and Devices to the Network.

Similar presentations

Ads by Google