Download presentation
Presentation is loading. Please wait.
1
11.1 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Goals Design Group Policies to control the user environment Design Group Policies to control the computer environment Understand Group Policy application Design a Group Policy administration strategy Design a Group Policy deployment strategy
2
11.2 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Group Policy Can be used to define a user’s desktop environment by managing various components Contains two primary nodes User Configuration: Affects environment associated with user accounts Computer Configuration: Responsible for defining configuration changes to computer accounts (see Skill 2) Designing Group Policies to Control the User Environment (Skill 1)
3
11.3 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Computer Configuration node Responsible for defining configuration changes to computer accounts Changes apply to the computer account regardless of the user that is logged in Settings take precedence over user configuration settings if there is a conflict Use same process to design computer configuration policies as used for designing user configuration policies Designing Group Policies to Control the Computer Environment (Skill 2)
4
11.4 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Role of Group Policy begins when a computer starts up and user logs on (see Figure 11-1 for description of process of computer startup and user logon) Group Policies are inherited from parent containers to child containers Possible to set a separate Group Policy for a child container to override settings it inherits from its parent container Group Policies do not flow between domains Exception: A Group Policy applied to a site affects all users and/or computers in the site, regardless of domain Understanding Group Policy Application (Skill 3)
5
11.5 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Processing sequence If no conflicts within policies, all settings from all policies apply If a conflict occurs, the policy to apply last wins Sequence in which Group Policy settings are applied Local GPO Site GPO Domain GPO OU GPOs Understanding Group Policy Application (2) (Skill 3)
6
11.6 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation If more than one GPO is linked to a site, domain, or OU, policies are processed in reverse order (bottom to top) for each container Exceptions to order in which GPOs are processed If a computer belongs to a workgroup, it processes only local GPOs If the No Override option is set for a GPO, no configured policy settings in the GPO can be overridden In case of multiple GPOs set to No Override, the GPO that is highest in the Active Directory hierarchy gets highest priority; if multiple GPOs in a single container, the one at the bottom of the list wins Understanding Group Policy Application (3) (Skill 3)
7
11.7 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation If Block Policy Inheritance is set for a domain or OU, the GPOs above that point in the structure are blocked If there is a conflict between No Override and Block Inheritance, No Override always wins If Loopback settings are applied to a GPO list, the default GPO processing order is not maintained Group Policies are never applied to Windows NT, 95, 98 or Windows Me computers Understanding Group Policy Application (4) (Skill 3)
8
11.8 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Figure 11-1 The sequence in which computer configuration and user configuration settings are applied (Skill 3)
9
11.9 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Figure 11-2 The GPO list (Skill 3)
10
11.10 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Figure 11-3 The components of GPO administration (Skill 4)
11
11.11 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Factors to consider when implementing Group Policy Location of GPOs Delegation of authority Organization structure Designing a Group Policy Deployment Strategy (Skill 5)
12
11.12 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Major types of Group Policy implementation strategies Centralized vs. decentralized GPO design Functional role or team design Delegation with central control design or distributed control design Designing a Group Policy Deployment Strategy (2) (Skill 5)
13
11.13 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Centralized vs. decentralized GPO design Centralized approach suggests organization network should be maintained by a small number of large GPOs Decentralized approach uses separate GPOs for specific policy settings Designing a Group Policy Deployment Strategy (3) (Skill 5)
14
11.14 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Functional role or team design Uses functional roles of users in the organization to apply Group Policy Create an OU structure that corresponds to the team structure of the organization Create a GPO for each OU Minimizes the number of GPOs to be used as each GPO caters to the needs of a group Designing a Group Policy Deployment Strategy (4) (Skill 5)
15
11.15 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Delegation with central control design or distributed control design Central control is based on delegating the administrative control of OUs to various administrators of an organization As an example, create a GPO with specific desktop settings at the domain level Settings would apply on all child containers, thus maintaining centralized control on the entire domain Designing a Group Policy Deployment Strategy (5) (Skill 5)
16
11.16 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning Group Policy Implementation Resultant Set of Policy (RSoP) Useful tool for troubleshooting Group Policies Shows the effective Group Policy settings applied to a user, and the GPOs from which those settings are inherited New feature in Windows Server 2003 Similar to gpresult.exe, which is included in Windows 2000 Resource Kit for Windows 2000 domains Designing a Group Policy Deployment Strategy (6) (Skill 5)
Similar presentations
