Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.

Published byLeona Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning."— Presentation transcript:

1 Using Group Policy to Manage User Environments

2 Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning Scripts with Group Policy Using Group Policy to Redirect Folders Using Group Policy to Secure the User Environment Troubleshooting User Environment Management Best Practices

3 Introduction to Managing User Environments Control What Users Can Do in Their Environments Configure and Centrally Manage User Environments Ensure that users always have their data Populate user desktops Manage User Environments Administrative Templates Settings Script Settings Redirecting User Folders Security Settings My Documents HKEY_LOCAL_MACHINE HKEY_CURRENT_USER Registry

4 What are Administrative Templates? An administrative template controls the Registry settings of multiple computers (those in the OU, domain or site to which the Group Policy is applied), without requiring manual editing of the individual Registries.

5 OU Structure

6 Administrative Templates

7 Deploying a screen saver lock utilizing Administrative Templates

8 Cleaning out Temporary Internet files utilizing Administrative Templates

9 Setting up Software Update Server (SUS) utilizing Administrative Templates

10 User based policy for all users utilizing Administrative Templates

11 Adding a custom Administrative Template (*.adm)

12 What Are Group Policy Script Settings? Group Policy Script Settings Allow You to: Centrally Configure Scripts to Run Automatically at Startup and Shutdown, and When Users Log On and Log Off Scripts Computer Configuration Startup/ShutdownStartup/Shutdown User Configuration Logon/LogoffLogon/LogoffStartup/ShutdownStartup/Shutdown Computer User Logon/LogoffLogon/Logoff

13  Assigning Scripts with Group Policy What Are Group Policy Script Settings? The Process of Applying Script Settings with Group Policy Assigning Group Policy Script Settings

14 User based logon script for the Fire Dept users

15  Using Group Policy to Redirect Folders What Is Folder Redirection? Selecting the Folders to Redirect Redirecting Folders to a Server Location

16 What Is Folder Redirection? Advantages of Folder Redirection: Data Is Always Available to Users Regardless of the Computer Logged on to Data Is Centrally Stored for Ease of Management and Backup Network Traffic Is Generated Only When Users Gain Access to Files Files Are Not Saved on the Client Computer Redirected Personal Folders Documents Are Stored on the Server but Appear to Be Stored Locally My Documents

17 Selecting the Folders to RedirectFolderFolderContainsContains Redirect to a server so that My Documents A user’s personal data Start Menu Folders and shortcuts on the Start menu Desktop All files and folders that a user places on the desktop Application Data User-specific data stored by applications Users can access their data from any computer, and this data can be backed up and managed centrally Users’ Start menus are standardized Users have the same desktop regardless of the computer to which they log on Applications use the same user-specific data for a user regardless of the computer to which the user logs on

18 Redirecting Folders to a Server Location When Redirecting User Folders: Desktop Properties Target Settings You can specify the location of the Desktop folder No administrative policy specifiedSetting: OKCancel Apply The Group Policy Object will have no effect on the location of this folder. Desktop Properties Target Settings You can specify the location of the Desktop folder Basic – Redirect everyone’s folder to the dame locSetting: OKCancelApply This folder will be redirected to the specified location. An example target path is: \\server\share\%username%. Target folder location \\london\desktops\%username% Browse Desktop Properties Target Settings You can specify the location of the Desktop folder Advanced – Specify locations for various user grouSetting: OKCancelApply This folder will be redirected to different locations based on the security group membership of the users. An example target path is \\server\share\%username% Security Group Membership Group CONTOSO\acct\\london\acct\%username% CONTOSO\sales\\london\sales\%username% Path AddAdd Edit Remove Use the % username% variable

19 Redirecting My Documents

20 Security Settings Account Policies Password Policies Account Lockout Local Policies Auditing User Rights Security Event Logs Log size Retention Services Global settings for all computers

21 Account Policies are… Password policies Minimum and maximum password age Enforce password history Password must meet complexity requirements Account lockout options Account lockout duration Account lockout threshold Reset account lockout after…

22 Account Policies

23 Local Policies Auditing What is it? Give me some examples User rights Backup files and directories Restore files and directories Load and unload device drivers Security options Do not display last username Message text for users logging on Message title for users attempting to logon

24 Local Policies

25 Auditing policy for everyone logging in

26 Event log settings are used to … Set log sizes on computers globally To retain the logs Retention settings for all the logs

27 Event Log settings

28 Services Messenger service Netmeeting Task scheduler Telnet Terminal services

29 Services

30 Computer based policy (Disable Services) for all computers

31 Best Practices Create a Minimal Number of GPOs Required Always Test the Effects of Administrative Template Settings Always Redirect the My Documents Folders

Download ppt "Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning."

Similar presentations

Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Module 2: Managing User and Computer Accounts

Module 2: Managing User and Computer Accounts
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Similar presentations

Ads by Google