Presentation is loading. Please wait.

Presentation is loading. Please wait.

GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.

Published byJack Newman Modified over 9 years ago

Similar presentations

Presentation on theme: "GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement."— Presentation transcript:

1 GPO - WINDOWS SERVER 2012

2 AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement

3 3 3 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. GROUP POLICY OVERVIEW Group Policy Definition Preferences Define Scope of Policy (Site, Domain, Etc.) Inheritance/Enforce/Block Administration/GPMC Naming Conventions Security Filtering/WMI Filters RSOP /Modeling Login Scripts/Startup Scripts Fine-grained Password Policies Security Templates (More detail later) Machine vs. User Policies Group Policy Loop-back Change Control

4 4 4 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. USER AND COMPUTER CONFIGURATION SETTINGS Group Policy settings for users:  Desktop settings  Software settings  Windows settings  Security settings Group Policy settings for computers:  Desktop behavior  Software settings  Windows settings  Security settings

5 5 5 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. GPO COMPONENTS Contains Group Policy settings Stores content in two locations Group Policy Object Stored in shared SYSVOL folder Provides Group Policy settings Stored in shared SYSVOL folder Provides Group Policy settings Group Policy Template Stored in Active Directory Provides version information Stored in Active Directory Provides version information Group Policy Container

6 6 6 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. WHEN IS A GPO APPLIED? Computer starts Computer settings applied Startup scripts run Computer settings applied Startup scripts run Refresh Interval User logs on User settings applied Logon scripts run User settings applied Logon scripts run Refresh Interval

7 7 7 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. GPMC (GROUP POLICY MANAGEMENT CONSOLE)

8 8 8 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. WHAT IS A GPO LINK? Organizational Unit GPO Site GPO Domain GPO Site Domain OU Applied in order: Local  Site  Domain  OU

9 9 9 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. GP ENFORCEMENT

10 10 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. POLICY FILTERING

11 11 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. SITE POLICIES Second only to local polices Conditional Polices depending on Network location (VPN, DMZ, etc) Time Zones Printer location related policies

12 12 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. DOMAIN POLICIES Password and Account Policies Security and Auditing Policies Control Restricted Domain Groups Do not use the Default Domain Policy

13 13 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. DEFAULT DOMAIN POLICIES Password Settings Account Lockout Settings Allow system to be shutdown without having to log on Change Administrator account name to: Change Guest account name to: Clear pagefile on shutdown Digitally sign server side communication Digitally sign client communication

14 14 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. FINE GRAINED PASSWORD POLICIES New in AD DS 2008 Allows companies to define different password policies for groups within their organization, without creating separate domains

15 15 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. USER POLICIES Desktop lockdown discussion » Removal of My Documents folder from computer/Redirection » Removal of context menus » Remove Add/Remove programs » Password protect screen saver » Standard desktop? – same screen saver, desktop background, fonts, etc for certain users? » Allow/disallow shared folders » Login/Logout Scripts- SW installation » Loopback processing mode (Kiosks)

16 16 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. MACHINE POLICIES Roaming profiles – on or off, should they propagate to server Startup scripts and shutdown scripts – async or sync Run this at user logon – no matter which user Disk quotas Dynamic DNS Group policy refresh interval Security policy EFS policy (desktops) Remote assistance on/off (desktops) system restore on/off/settings (desktops) NTP – time settings

17 17 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. GUIDELINES FOR PLANNING GPOS Apply GPO settings at the highest level Reduce the number of GPOs Create specialized GPOs Use the Enforced option only when required Use Block Inheritance sparingly Use security filtering only when necessary

18 18 CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. Questions?

Download ppt "GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
Chapter 8 Configuring Group Policies

Chapter 8 Configuring Group Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Group Policy in Microsoft Windows Active Directory.

Group Policy in Microsoft Windows Active Directory.
Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK

Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
GROUP POLICY An overview of Microsoft Windows Group Policy.

GROUP POLICY An overview of Microsoft Windows Group Policy.

Similar presentations

Ads by Google