Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 6: Configuring User Environments by Using Group Policies

Published byLucinda McDaniel Modified over 7 years ago

Similar presentations

Presentation on theme: "Module 6: Configuring User Environments by Using Group Policies"— Presentation transcript:

1 Module 6: Configuring User Environments by Using Group Policies
Course 6425A Module 6: Configuring User Environments by Using Group Policies Presentation: 80 minutes Lab: 60 minutes This module helps students to configure user environments using Group Policies. After completing this module, students will be able to: Configure Group Policy settings Configure scripts and folder redirection using Group Policies Configure Administrative Templates Deploy software using Group Policy Required materials To teach this module, you need the Microsoft® Office PowerPoint® file 6425A_06.ppt. Important It is recommended that you use PowerPoint 2002 or a later version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides might not be displayed correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Complete the practices. This section contains information that will help you to teach this module. For some topics in this module, references to additional information appear in notes at the end of the topics. Read the additional information so that you can prepare to teach the module. During class, ensure that students are aware of the additional information. Module 6: Configuring User Environments Using Group Policies

2 Module 6: Configuring User Environments by Using Group Policies
Course 6425A Module Overview Module 6: Configuring User Environments by Using Group Policies Configuring Group Policy Settings Configuring Scripts and Folder Redirection Using Group Policies Configuring Administrative Templates Deploying Software Using Group Policy

3 Lesson 1: Configuring Group Policy Settings
Course 6425A Lesson 1: Configuring Group Policy Settings Module 6: Configuring User Environments by Using Group Policies Options for Configuring Group Policy Settings Demonstration: Configuring Group Policy Settings Using the Group Policy Editor

4 Options for Configuring Group Policy Settings
Course 6425A Options for Configuring Group Policy Settings Module 6: Configuring User Environments by Using Group Policies Enable / Disable Multi-valued settings Describe the three states of Group Policy settings: Enabled, Disabled, or Not Configured. Explain the Enabled enforces the setting. Disabled specifically reverses the setting. Not Configured means that the normal default behavior will be enforced and Group Policy will have no effect on that setting. Explain that in Windows Server® 2008, some Group Policy object (GPO) settings are multi- valued. These settings are treated like single valued settings. That is, if the setting is defined in multiple GPOs, only the settings in one of the GPOs that adheres to the inheritance rules apply. Question A domain-level policy restricts access to the Control Panel. You want the users in the Admin organizational unit (OU) to have access to the Control Panel, but you do not want to block inheritance. How could you accomplish this? Answer: Create a policy that is linked to the Admin OU that has the restriction disabled to the Control Panel setting. Reference How Core Group Policy Works 3dad0f2bf mspx?mfr=true

5 Module 6: Configuring User Environments by Using Group Policies
Course 6425A Demonstration: Configuring Group Policy Settings Using the Group Policy Editor Module 6: Configuring User Environments by Using Group Policies In this demonstration, you will see how to configure Group Policy settings To complete this demonstration, you must have the 6425A-NYC-DC1 and 6425A-NYC-CL1 virtual machines running. In this demonstration, you will configure a Group Policy setting at the domain level and test the result. Then you will configure a policy to specifically reverse the domain setting and test the result. You will also configure a multi-valued setting. Demonstration steps: In the Default Domain policy, enable the setting to remove the Run menu from the Start menu. Link that policy to the Miami OU. Log on as a user in the Miami OU and ensure that the Run menu does not appear. As Administrator, create a new GPO and link it to the Miami OU. Configure the settings to Disable the policy setting that removes the Run menu from the Start menu. Log on as the same Miami user and ensure that the Run menu appears. Configure the multi-values setting in computer configuration for Windows Update, Configure Automatic Updates. Question How could you prevent a lower-level policy from reversing the setting of a higher-level policy? Answer: Enforce the link of the higher-level policy. Reference Managing Group Policy ADMX Files Step-by-Step Guide 9c96482f5353/Managing%20Group%20Policy%20ADMX%20Files%20Step%20by%20Step%20Guide.doc How to Use the Group Policy Editor to Manage Local Computer Policy in Windows XP

6 Module 6: Configuring User Environments by Using Group Policies
Course 6425A Lesson 2: Configuring Scripts and Folder Redirection Using Group Policies Module 6: Configuring User Environments by Using Group Policies What Are Group Policy Scripts? Demonstration: Configuring Scripts with Group Policies What Is Folder Redirection? Folder Redirection Configuration Options Options for Securing Redirected Folders Demonstration: Configuring Folder Redirection

7 What Are Group Policy Scripts?
Course 6425A What Are Group Policy Scripts? Module 6: Configuring User Environments by Using Group Policies You can use scripts to perform many tasks, such as clearing page files or mapping drives, and clearing temp folders for users, etc… Explain that not all configuration settings can be accomplished via Group Policy settings. You can use scripts to perform many tasks, such as clearing page files or mapping drives, and clearing temp folders for users, etc…. Describe the four types of scripts and when the scripts run. Describe the difference between synchronous and asynchronous script processing. Explain that logon scripts run asynchronously by default and startup scripts run synchronously by default, but that behavior can be changed. Mention that if scripts are set to run synchronously, then a failed script can cause a computer to hang. Explain that scripts can be located in any valid location, but the advantage of storing them in the Netlogon share is that they will be replicated to all domain controllers automatically. Question You keep logon scripts in a shared folder on the network. How could you ensure that the scripts will always be available to users from all locations? Answer: Place the scripts in the Netlogon share in the SYSVOL folder. Reference The Two Sides of Group Policy Script Extension Processing The Two Sides of Group Policy Script Extension Processing (Part2) Overview of Logon, Logoff, Startup, and Shutdown Scripts in Windows 2000 Group Policy script settings can be used to assign: For computers Startup scripts Shutdown scripts For users Logon scripts Logoff scripts

8 Demonstration: Configuring Scripts with Group Policies
Course 6425A Demonstration: Configuring Scripts with Group Policies Module 6: Configuring User Environments by Using Group Policies In this demonstration, you will see how to assign a logon script to a user To complete this demonstration, you must have the 6425A-NYC-DC1 and 6425A-NYC-CL1 virtual machines running. Demonstration steps: Use Notepad.exe to create a batch file that maps a network drive. Create a new Group Policy named scripts. In the user configuration, open the Logon script properties. Demonstrate how the Show Files button opens the Netlogon share. Copy your script to the Netlogon share. Emphasize that scripts do not have to be stored here, but the advantage is that it will be replicated automatically to all domain controllers from this location. Add the script to the user configuration. Link the policy to the OU you created in the last demo. Log on as the user you created in the last demo to test the script. Question What other method could you use to assign logon scripts to users? Answer: You also can use the user’s properties in Active Directory Users and Computers to assign scripts to users. Reference How to assign scripts in Windows 2000

9 What Is Folder Redirection?
Course 6425A What Is Folder Redirection? Module 6: Configuring User Environments by Using Group Policies Folder redirection allows folders to be located on a network server, but appear as if they are located on the local drive Explain the advantages of folder redirection: data appears to follow the user when they log onto different computers; data stored on servers is more likely to be backed up; the size of local profiles will be reduced; and there is less data to transfer in the case of client machine replacement, etc…. Mention that the Documents folder can include all of its subfolders, like Music, Pictures, and Video. Question List some disadvantages of folder redirection. Answer: Mobile users that are not on the local area network (LAN) will not have access to their data. Network connectivity issues could prevent users from accessing their data. A single server represents a single point of failure for multiple users. Reference What Is Folder Redirection Extension? d7e57522f3fc1033.mspx?mfr=true IE7 in Vista: Folder Redirection for Favorites on the Same Machine machine.aspx Managing Roaming User Data Deployment Guide 9c96482f5353/Managing%20Roaming%20User%20Data%20Deployment%20Guide.doc The folders that can be redirected are: My Documents (Documents in Windows Vista) Application Data (AppData in Windows Vista) Desktop Start Menu Extra folders that can be redirected in Windows Vista are: Contacts Downloads Favorites Searches Links

10 Folder Redirection Configuration Options
Course 6425A Folder Redirection Configuration Options Module 6: Configuring User Environments by Using Group Policies Use basic Folder Redirection when all users save their files to the same location With advanced Folder Redirection, the server hosting the folder location is based on group membership Accounting Users Accounts N-Z A-M Managers Anne Misty Private Discuss the difference between Basic redirection and Advanced redirection. Discuss the four options on the target folder location drop-down list. Explain the options on the Settings tab. Mention that the default is to grant the user exclusive rights and to move the folder’s current contents (in the case of My Documents). Discuss the options available when the policy no longer applies to the user. Mention that the default is to leave the folder in the shared location. Question Users in the same department often log on to different computers. They need access to their My Documents folder. They also need the data to be private. What folder redirection setting would you choose? Answer: Create a folder for each user under the root path. This will create a My Documents folder to which only the user has access. Reference Recommendations for Folder Redirection 33acc87a mspx?mfr=true Target folder location options: Redirect to the users home directory Create a folder for each user under the root path Redirect to the following location Redirect to the local userprofile location

11 Options for Securing Redirected Folders
Course 6425A Options for Securing Redirected Folders Module 6: Configuring User Environments by Using Group Policies Full control-subfolders and files only Administrator Security group of users that put data on share Local System Creator/Owner None List Folder/Read Data, Create Folders/Append Data - This Folder Only Full control NTFS permissions for root folder Describe the minimum permissions required for redirected folders. Mention that these are minimum permissions, and that different environments may require different permission sets. Question What steps could you take to protect the data while it is in transit between the client and the server? Answer: IPSec could be employed to protect network traffic. Reference Folder Redirection feature in Windows Security Considerations when Configuring Folder Redirection 548ae94df2c01033.mspx?mfr=true Full control-subfolders and files only Creator/Owner Security group of users that put data on share Full control Share permissions for root folder %Username% Full control, owner of folder None Full Control NTFS permissions for each users redirected folder Administrators Local system Full control-subfolders and files only Creator/Owner

12 Demonstration: Configuring Folder Redirection
Course 6425A Demonstration: Configuring Folder Redirection Module 6: Configuring User Environments by Using Group Policies In this demonstration, you will see how to configure folder redirection for the Documents folder To complete this demonstration, you must have the 6425A-NYC-DC1 and 6425A-NYC-CL1 virtual machines running. Demonstration steps: Create a shared folder on the domain controller. Assign the appropriate share and NTFS permissions. Create a Group Policy and configure basic folder redirection for the Documents folder. Choose Create to create a folder for each user under the root path as the target location. On the Settings tab, do not grant the user exclusive rights. Discuss the other options on the settings tab. Assign the policy to the Executives OU. Log on to the Vista client as a user in that OU. Ensure that the Documents folder is being redirected. Show the folder that was created in the shared folder on the server. Question Users in the same department want to have each others Internet favorites available to everyone in the department. What folder redirection options would you choose? Answer: The Redirect folder to the following location will allow all users to access everyone’s folders. Reference Configuring Folder Redirection 2a9673f69f4f1033.mspx?mfr=true

13 Lesson 3: Configuring Administrative Templates
Course 6425A Lesson 3: Configuring Administrative Templates Module 6: Configuring User Environments by Using Group Policies What Are Administrative Templates? Demonstration: Configuring Administrative Templates Modifying Administrative Templates Demonstration: Adding Administrative Templates for Office Applications Discussion: Options for Using Administrative Templates

14 What Are Administrative Templates?
Course 6425A What Are Administrative Templates? Module 6: Configuring User Environments by Using Group Policies Administrative Templates allow you to control the environment of the operating system and user experience Administrative Templates sections for computers are: Administrative Templates sections for users: Explain that Administrative Templates are the primary means of configuring the client computer’s registry settings through Group Policy. Explain that Administrative Templates are a repository of registry-based changes. By using the administrative template sections of the GPO, you can deploy modifications to the computer (the HKEY_LOCAL_MACHINE hive in the registry) and user (the HKEY_CURRENT_USER hive in the registry) portions of the Registry. Discuss how Administrative Templates allow you to control the environment of the operating system and user experience. For example, you can control Windows components and network issues for the user and computer. You can manage the user desktop environment through Administrative Templates. For example, a user’s access to control panel and desktop items can be limited or prohibited. Mention that you can create and add custom Administrative Templates the by using OR through the GPMC. Question What sections of the Administrative Templates will you find most useful in your environment? Answer: Answers will vary. Reference Using Administrative Template Files with Registry-Based Group Policy px Administrative Templates Extension Technical Resources ee5b1033.mspx?mfr=true Windows components System Network Printers Windows components Start menu and taskbar Desktop Control panel Shared folders Network System

15 Demonstration: Configuring Administrative Templates
Course 6425A Demonstration: Configuring Administrative Templates Module 6: Configuring User Environments by Using Group Policies In this demonstration, you will see how to configure Administrative Templates To complete this demonstration, you must have the 6425A-NYC-DC1 and 6425A-NYC-CL1 virtual machines running. In this demonstration, you will configure a computer administrative template and a user administrative template. Demonstration steps: Create a new Group Policy. In the computer configuration, Windows components, do not allow Windows Messenger to run. In the User Configuration, hide the Screen Saver tab. Apply and test the policy using the Vista client. Question You need to ensure that Windows Messenger is never allowed to run on a particular computer. How could you use Administrative Templates to implement this? Answer: Enable the setting to prevent access to Windows Messenger in the computer configuration Administrative Templates; this will override any user configuration settings. Reference How to Use the Group Policy Editor to Manage Local Computer Policy in Windows XP

16 Modifying Administrative Templates
Course 6425A Modifying Administrative Templates Module 6: Configuring User Environments by Using Group Policies ADMX files: Are extensible Can be edited with any text editor Open the Policy Definitions folder and open one of the ADMX files. Explain that because ADMX files are XML based, you can use any text editor to edit or create new ADMX files. In time, independent software vendors (ISVs) may issue their own ADMX files to control their software applications. Explain that once you have a valid ADMX file, you only need to place it in the Policy Definitions folder or in the Central Store, if one exists. Reference Creating a Custom Base ADMX File 4ba mspx?mfr=true Group Policy Sample ADMX Files B A&displaylang=en New ADMX files can be added to the Policy Definitions folder or the Central Store

17 Demonstration: Adding Administrative Templates for Office Applications
Course 6425A Demonstration: Adding Administrative Templates for Office Applications Module 6: Configuring User Environments by Using Group Policies In this demonstration, you will see how to add in the ADM files for Office 2007 To complete this demonstration, you must have the 6425A-NYC-DC1 and 6425A-NYC-CL1 virtual machines running. Demonstration steps Add the ADM file for Word from the C:\Windows\inf folder. Question Can you still use custom ADM files to deliver Group Policy settings in Windows Server 2008? Answer: Yes. The Group Policy Editor will recognize valid ADM files. Clients receiving settings are unaware whether the settings were created based on ADM or ADMX templates. Reference 2007 Office System Administrative Templates (ADM) e4bbaeba13e7&displaylang=en Methods of customizing the 2007 Office system a01c63b mspx?mfr=true

18 Discussion: Options for Using Administrative Templates
Course 6425A Discussion: Options for Using Administrative Templates Module 6: Configuring User Environments by Using Group Policies What Administrative Templates are deployed in your organization now? What desktop settings would you like to implement for users in your organization? Which Administrative Template settings will you need to apply? Facilitate a discussion between students based on the slide points.

19 Lesson 4: Deploying Software Using Group Policy
Course 6425A Lesson 4: Deploying Software Using Group Policy Module 6: Configuring User Environments by Using Group Policies Options for Deploying and Managing Software Using Group Policies How Software Distribution Works Options for Installing Software Demonstration: Configuring Software Distribution Options for Modifying the Software Distribution Demonstration: Modifying Software Distribution Maintaining Software Using Group Policies Discussion: Evaluating the Use of Group Policies to Deploy Software

20 Options for Deploying and Managing Software Using Group Policies
Course 6425A Options for Deploying and Managing Software Using Group Policies Module 6: Configuring User Environments by Using Group Policies Preparation 1 Deployment 1.0 2 Before teaching this lesson, check with students to see if you should continue with this lesson, since the this content is on the exam. Use the build slide to describe the software-deployment phases using Group Policy. Mention the options to publish or assign, customize, and maintain software, but do not go into detail as these areas will be discussed in a later topic. Explain that software that Group Policy delivers can be removed by Group Policy when its life cycle is ended. Question What types of applications would you deploy via Group Policy in your environment? Answer: Answers will vary. Reference How to use Group Policy to install software remotely in Windows Use Group Policy Software Installation to deploy the 2007 Office system 3b698fff3e mspx?mfr=true Using Group Policy to Deploy Maintenance 2.0 3 Removal 4

21 How Software Distribution Works
Course 6425A How Software Distribution Works Module 6: Configuring User Environments by Using Group Policies Windows Installer Windows Installer service Fully automates the software installation and configuration process Modifies or repairs an existing application installation Windows Installer package contains Information about installing or uninstalling an application An .msi file and any external source files Summary information about the application A reference to an installation point Describe the Microsoft® Windows® Installer file format. Mention that it is possible to use third-party software to create MSI files to package up custom applications. Explain that the MSI file and any associated installation files must be available in a shared directory on the network. Users only need to have Read permission on those directories. Describe the role of the Windows Installer service and elevated privileges. Discuss the benefits of the Windows Installer service. Question What are some disadvantages of deploying software through Group Policy? Answer: Large applications generate a lot of network traffic. You cannot control when the installation will occur. Laptop users are not able to connect to the distribution point when they are not connected to the LAN. This client side extension that delivers software does not function over a slow link, by default. Reference How to use Group Policy to install software remotely in Windows Benefits of Using Windows Installer Custom installations Resilient applications Clean removal

22 Options for Installing Software
Course 6425A Options for Installing Software Module 6: Configuring User Environments by Using Group Policies Assign software during Computer Configuration Assign software during User Configuration Publish software using document activation ? Publish software using Add or Remove Programs Use the build slide to explain the differences between assigning and publishing an application. Stress that applications may only be assigned to computers, not published. Stress that software that has been assigned to a computer will be available to all users who log on to that computer. Explain that an assigned program is not installed fully until the user launches it. Explain how a user can install a published program through the Programs applet of Control Panel. Explain how document file-extension activation works to install an application. Mention that you can change the deployment type anytime from assigned to published or vice versa. Question What is an advantage of publishing an application over assigning it? Answer: Unneeded software will not be installed automatically. Reference Group Policy Software Installation overview 0d002daf8b6c1033.mspx?mfr=true Software Distribution Point

23 Demonstration: Configuring Software Distribution
Course 6425A Demonstration: Configuring Software Distribution Module 6: Configuring User Environments by Using Group Policies In this demonstration, you will see how to deploy a software package through both assigning and publishing To complete this demonstration, you must have the 6425A-NYC-DC1 and 6425A-NYC-CL1 virtual machines running. Demonstration steps: Create a shared folder to act as the distribution point. Copy the MSI files to the distribution point. Create a new Group Policy. Assign one of the MSI files in the user configuration. Publish the other MSI file in the user configuration. Link the GPO to an OU. Log on as a user in that OU, and demonstrate how the assigned and published software is installed. Question What types of applications would be useful to assign to the computer rather than the user? Answer: Global applications that you want available to all users, like Portable Document Format (pdf) readers, would be good candidates for computer assignment. Reference How to use Group Policy to install software remotely in Windows Restore a backed-up Group Policy object using GPMC 97db7cdaa54e1033.mspx?mfr=true

24 Options for Modifying the Software Distribution
Course 6425A Options for Modifying the Software Distribution Module 6: Configuring User Environments by Using Group Policies Options: Software can be categorized in the Add Programs applet ü Software deployment can be customized using MST files File extensions can be associated with particular applications Explain how administrators can create named categories for sorting published applications in the Add Programs applet in control panel. This helps users find the right application when there are many published programs. You can associate file extensions with a particular application so that file-extension activation will install the proper program for that file type. For example, the .JPG extension could possibly trigger the installation of many different applications. To ensure the proper photo-imaging application is installed when a user tries to open a .JPG file, a file association is created between the .JPG extension and the MSI that delivers the application. Explain that you can use custom transform (MST) files or transform files to customize software installation. For example, you could create a transform file using the Office resource kit, which ensures only certain components of the Office suite are installed. Explain that MST files act as answer files for the MSI file. Mention that you must choose the advanced deployment option to assign an MST file. Question You have deployed a number of published applications. Many of those applications are for the use of the Finance department. What could you do to make it easier for Finance department users to locate those applications? Answer: Create a category for the Finance department and publish those applications in the Finance category. Reference Specify categories for applications to be managed 20a57f40f9f51033.mspx?mfr=true Specify automatic installation options based on file name extension 20a57f40f9f51033.mspx?mfr=true Add or remove modifications for an application package

25 Demonstration: Modifying Software Distribution
Course 6425A Demonstration: Modifying Software Distribution Module 6: Configuring User Environments by Using Group Policies In this demonstration, you will see how to: Create software categories Configure software distribution properties To complete this demonstration, you must have the 6425A-NYC-DC1 and 6425A-NYC-CL1 virtual machines running. Demonstration steps: Open the software installation property sheet. Discuss the options on the General tab. Configure a default package location. Discuss the installation user interface options. Discuss the options on the Advanced tab. Discuss how to associate file extensions on the File Extensions tab. On the Categories tab, create a new category. Show how the new category shows up in the Add programs applet. Question You want to deploy an administrative utility to members of the Domain Admins security group. These utilities should be available from any computer that an administrator logs onto, but only installed when necessary. What is the best approach to accomplish this? Answer: Create a GPO that publishes the utility, and link it to the domain. Apply security filters to the GPO such that it only applies to the Domain Admins group. Reference: Set Group Policy Software Installation defaults 20a57f40f9f51033.mspx?mfr=true Specify categories for applications to be managed 20a57f40f9f51033.mspx?mfr=true Specify automatic installation options based on file name extension

26 Maintaining Software Using Group Policies
Course 6425A Maintaining Software Using Group Policies Module 6: Configuring User Environments by Using Group Policies Mandatory upgrade Users can use only the upgraded version 2.0 Deploy next version of the application Explain that occasionally a software package will need to be patched or upgraded to a newer version. The Upgrades tab enables you to use the GPO to upgrade a package. Mention that upgrades can be mandatory or optional. You also may re-deploy a package if the original MSI file has been modified. Explain how to remove a package if it was originally delivered using Group Policy. Removal can be mandatory or optional. Question You organization is upgrading to a newer version of a software package. Some users in the organization require the old version. How would you deploy the upgrade? Answer: You would deploy an optional upgrade to allow users to keep the old version, if required. Reference Upgrade an application 20a57f40f9f51033.mspx?mfr=true Remove a managed application Set Group Policy Software Installation defaults Optional upgrade Users can decide when to upgrade 1.0 2.0 2.0 2.0 1.0 Selective upgrade You can select specific users for an upgrade

27 Discussion: Evaluating the Use of Group Policies to Deploy Software
Course 6425A Discussion: Evaluating the Use of Group Policies to Deploy Software Module 6: Configuring User Environments by Using Group Policies What are the advantages of using group policies to deploy software? What are the limitations? What additional features are provided by other software distribution packages? Lead the students through a discussion of the pros and cons of using Group Policy to deploy software. Advantages include cost, the use of the Windows installer service, resiliency, simplicity of pushing out small applications, etc…. Disadvantages include no way to control when the installation occurs, large applications may put a heavy burden on the network, and lack of MSI files. Mention other means like system management software (SMS). Answers: Advantages Centralized management of software installation Centralized management of upgrades and patches Ability to remove managed software No end-user intervention required in the installation process Windows installer uses elevated privilages so the end-use does not need administrative rights Limitations No control over when the software will be installed Large applications will consume a large amount of bandwidth during installation Does not scale well to deliver large applications Does not work over slow links by default Software may be installed multiple times on different computers just because a user logs on to a computer once Additional features of other software distribution packages Dedicated management systems, like SMS, provide more control over the installation process, like the ability to schedule installations. Reference Best practices for Group Policy Software Installation 20a57f40f9f51033.mspx?mfr=true

28 Lab: Creating and Configuring GPOs
Course 6425A Lab: Creating and Configuring GPOs Module 6: Configuring User Environments by Using Group Policies Exercise 1: Configuring Scripts and Folder Redirection Exercise 2: Configuring Administrative Templates Exercise 3: Verifying GPO Application Objectives Being Covered In Lab: Configure scripts by using group policies Configure folder redirection by using group policies Configure Administrative Templates Verify GPO application Scenario: Woodgrove Bank has decided to implement group policies to manage user desktops. The organization already has implemented an organizational unit (OU) configuration that includes top-level OUs grouped by location, with additional OUs within each location for different departments. User accounts are located in the same container as their workstation computer accounts. Server computer accounts are spread throughout various OUs. The enterprise administrator has created a GPO design that will be used to manage the user desktop environment. You have been asked to configure Group Policy objects so that specific settings are applied to user desktops and computers. This lab will consist of four exercises. Exercise 1: Configuring Scripts and Folder Redirection The student will configure GPOs based on the enterprise administrators design that will assign scripts and configure folder redirection for users. Tasks include copying the scripts to the correct location, configuring GPOs to assign the scripts, and configuring folder redirection. Exercise 2: Configuring Administrative Templates The student will configure administrative template settings in several GPOs based on the enterprise administrator’s design. Tasks include determining which administrative template to modify, choosing the correct configuration for the administrative template setting, and making the modification. Exercise 3: Verifying GPO Application The student will verify the application of GPOs to ensure that the GPOs are being applied as specified in the design. Students will log in as specific users, and also use Group Policy Modeling and Resultant Set of Policy (RSoP) to verify that GPOs are being applied correctly. Inputs: GPO design documentation that the enterprise administrator provides. Outputs: GPOs configured as the design specifies. Logon information Virtual machine NYC-DC1, NYC-CL1 User name Administrator Password Pa$$w0rd Estimated time: 60 minutes

29 Module 6: Configuring User Environments by Using Group Policies
Course 6425A Lab Review Module 6: Configuring User Environments by Using Group Policies You have configured folder redirection for an OU, but none of the user’s folders are being redirected to the network location. When you look in the root folder, you observe that a subdirectory named for each user has been created, but they are empty. What is the problem? You have an .MSI file for a small application that you want globally available to all users and computers in an OU. What steps would you take to accomplish this? Lab Review Questions and Answers You have configured folder redirection for an OU, but none of the user’s folders are being redirected to the network location. When you look in the root folder, you observe that a subdirectory named for each user has been created, but they are empty. What is the problem? Answer: The problem is most likely permission related. The user’s named subdirectories are being created by the Group Policy, but the user’s don’t have enough permission to create their redirected folders inside them. You have an .MSI file for a small application that you want globally available to all users and all computers in an OU. What steps would you take to accomplish this? Answer: Assign the .MSI file to the computer configuration, and link the policy to the OU.

30 Module Review and Takeaways
Course 6425A Module Review and Takeaways Module 6: Configuring User Environments by Using Group Policies Considerations Review questions Review Questions and Answers 1. You have assigned a logon script to an OU via Group Policy. The script is located in a shared network folder named Scripts. Some users in the OU receive the script, while others do not. What might be some causes? Answer: The network location may not be accessible by all users. Share level or NTFS permissions on the folder may be set incorrectly. 2. What steps could you take to prevent these types of problems from re-occurring? Answer: Move the scripts into the NetLogon share. This will solve permission or accessibility issues. 3. You have two logon scripts assigned to users -- script1 and script2. Script2 depends on script1 completing successfully. Your users report that script2 never runs. What is the problem, and how would you correct it? Answer: Logon scripts run asynchronous (all at once). Script2 is failing before script1 completes. You will have to change the processing to be synchronous to correct the problem. The key points in this module are: Configuring scripts to users or computers Folder redirection for more types of folders in Windows Vista Many new settings in Administrative Templates will affect only Windows Vista and Windows Server 2008 Software deployment via Group Policy remains largely unchanged

31 Module 6: Configuring User Environments by Using Group Policies
Course 6425A Beta Feedback Tool Module 6: Configuring User Environments by Using Group Policies Beta feedback tool helps: Collect student roster information, module feedback, and course evaluations. Identify and sort the changes that students request, thereby facilitating a quick team triage. Save data to a database in SQL Server that you can later query. Walkthrough of the tool

32 Module 6: Configuring User Environments by Using Group Policies
Course 6425A Beta Feedback Module 6: Configuring User Environments by Using Group Policies Overall flow of module: Which topics did you think flowed smoothly from topic to topic? Was something taught out of order? Pacing: Were you able to keep up? Are there any places where the pace felt too slow? Were you able to process what the instructor said before moving on to next topic? Did you have ample time to reflect on what you learned? Did you have time to formulate and ask questions? Learner activities: Which demos helped you learn the most? Why do you think that is? Did the lab help you synthesize the content in the module? Did it help you to understand how you can use this knowledge in your work environment? Were there any discussion questions or reflection questions that really made you think? Were there questions you thought weren’t helpful?

Download ppt "Module 6: Configuring User Environments by Using Group Policies"

Similar presentations

Course 2786B Module 8: Implementing an Active Directory® Domain Services Monitoring Plan Presentation: 60 minutes Lab: 60 minutes This module helps students.

Course 2786B Module 8: Implementing an Active Directory® Domain Services Monitoring Plan Presentation: 60 minutes Lab: 60 minutes This module helps students.
Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Module 10: Troubleshooting Active Directory, DNS, and Replication Issues.

Module 10: Troubleshooting Active Directory, DNS, and Replication Issues.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Course 6425A Module 2: Configuring Domain Name Service for Active Directory® Domain Services Presentation: 50 minutes Lab: 45 minutes This module helps.

Course 6425A Module 2: Configuring Domain Name Service for Active Directory® Domain Services Presentation: 50 minutes Lab: 45 minutes This module helps.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Deploying and Managing Software by Using Group Policy.

Deploying and Managing Software by Using Group Policy.
Module 7: Implementing Security Using Group Policies.

Module 7: Implementing Security Using Group Policies.
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.

Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Similar presentations

Ads by Google