Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kevin Sullivan Principal Program Manager Lead Microsoft Corporation SESSION CODE: WCL323.

Published byJody Mills Modified over 8 years ago

Similar presentations

Presentation on theme: "Kevin Sullivan Principal Program Manager Lead Microsoft Corporation SESSION CODE: WCL323."— Presentation transcript:

1 Kevin Sullivan Principal Program Manager Lead Microsoft Corporation SESSION CODE: WCL323

2

3 Templates ADM templates difficult to manageADM templates difficult to manage Troubleshooting User.env logUser.env log GP ResultGP Result Storing and FindingStoring and Finding Need to find settings? Where is that spreadsheet? Local GPOs Limited flexibility with a single local GPOLimited flexibility with a single local GPO Settings ~1,800 policy settings in XP~1,800 policy settings in XP Incomplete coverage means missing key scenarios LGPO’s LGPO Local Computer Policy Group Policy ProcessGroup Policy Process Part of WinlogonPart of Winlogon Network Limited awareness of changing network conditions DC SysVo l ADM ADM ADM ADM ADM Group Policy ServiceGroup Policy Service GP now runs in a shared serviceGP now runs in a shared service Hardened Service, more reliableHardened Service, more reliable Group Policy SettingsGroup Policy Settings Lots of new policy settings with Windows Vista and Windows 7 Extended GP for new Windows Vista and Windows 7 features Network Location Awareness (NLA) NLA service provides the latest network information Applications can query or register with NLA for network change indications Group Policy LoggingGroup Policy Logging Administrative logAdministrative log Applications and Services logApplications and Services log XML based event logsXML based event logs New Tools - GPOLogViewNew Tools - GPOLogView Group Policy TemplatesGroup Policy Templates ADM Templates now in ADMX files (ADMX, ADML) Windows Vista/Windows Server 2008Windows Vista/Windows Server 2008ADMADMX Multiple Local GPOs LGPO’s LGPO Admin User User Specified Group Policy Admin/Non-Admin Group Policy Local Computer Policy Group Policy Central StoreGroup Policy Central Store Centralized repository for ADMXCentralized repository for ADMX Contains all ADMX templatesContains all ADMX templates Created in the Sysvol on DC in each domain DC FRS/DFS-R SysVo l ADMXADML + Policies + + GUID ADM Policy Definations ADMX, ADML Files +

4 A: Use automation to run exhaustive tests

5 Save energy and time with automation Set-GPRegistryValue HKLM\Uninstall\GoogleToolbar Configure a registry key Sales GPO Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Configure the GPO Manage the set of GPOs with scripts Sales GPO Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Finance GPO Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Accounting GPO Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar Hklm\uninstall\googletoolbarHklm\uninstall\googletoolbar

6 GP PowerShell Cmdlets Import-module GroupPolicy get-help *-gp* New-GPLink New-GPO New-GPStarterGPO Get-GPInheritance Get-GPO Get-GPOReport Get-GPPermissions Get-GPPrefRegistryValue Get-GPRegistryValue Get- GPResultantSetofPolicy Get-GPStarterG PO Set-GPInheritance Set-GPLink Set-GPPermissions Set- GPPrefRegistryValue Set-GPRegistryValue Remove-GPLink Remove-GPO Remove- GPPrefRegistryValue Remove-GPRegistryValue Backup-GPO Copy-GPO Import-GPO Rename-GPO Restore-GPO

7 GP PowerShell Examples Backup-GPO –all –path ‘C:\BackupFiles\’ Backup all GPO’s in current domain to directory Get-GPResultantSetofPolicy - ReportType -html - Path D:\ConfigDocs\Reports\ Get RSoP for local computer and logged on user in html form Copy-GPO -SourceName TestGpo1 -SourceDomain test.contoso.com -TargetName TestGpo1 -TargetDomain sales.contoso.com Copy a GPO across domains Set-GPRegistryValue -Name "TestGPO“ -key HKCU\Software\Policies\ExampleKey" -ValueName "One", "Two", "Three“ -Type String -Value "String1", "String2", "String3" Configure a registry key to policy with a set of values

8

9 More GP PowerShell Examples $domain = get-ADDomain test.contoso.com new-gplink -name testgpo -target $domain - enforced yes Links a GPO to a different domain (Get-GPInheritance -Target "ou=ou1,dc=contoso,dc=com").GpoLinks foreach-object {Get- GPO -Name ($_.DisplayName)} List GPOs that are linked to the "MyOU" organizational unit. $keypath = “ HKCU\Software\Policies\ Microsoft\Windows\Control Panel\Desktop” $A =get-GPRegistryValue –Name GPO1 –key $keypath - ValueName ScreenSaveTimeOut $B =get-GPRegistryValue –Name GPO2 –key $keypath – ValueName ScreenSaveTimeOut ($A.value).equals($B.value) Compare registry values across GPO’s

10 …and more GP PowerShell Examples Get-ADGroupMember DlgtdAdmins | where {$_.objectclass -eq "user"} | %{Set- GPPermissions -Name 'Test GPO' - PermissionLevel Apply -TargetName $_.SamAccountName -TargetType User} Grant permission to ‘Apply’ to a GPO for all users belonging to a group

11

12

13

14 Targeting and configuration beyond policy

15 Configuring

16

17 Item level targeting, not GPO level Robust targeting 29 types Boolean logic (And, Or, Not) Collections Robust targeting 29 types Boolean logic (And, Or, Not) Collections Intuitive UI No need to learn query languages Intuitive UI No need to learn query languages Granular item level targeting

18 Printer GPO_1 HP Lobby Printer Users: ExecAssistants Printer GPO HP Lobby Printer Users: ExecAssistants IP range: 10.0.0.1-.23 Hours: 9am-5pm, Mon-Fri DEFAULT HP Lobby Printer Users: ExecAssistants IP range: 10.0.0.24-.72 Printer GPO_2 HP Lobby Printer Users: ExecAssistants Printer GPO_3 HP Lobby Printer Users: ExecAssistants Printer GPO_4 HP Lobby Printer Users: ExecAssistants Printer GPO 5 HP Lobby Printer Users: ExecAssistants Printer GPO_6 HP Lobby Printer Users: ExecAssistants IP range: 11.0.0.1-.37 IP range: 11.0.0.38-.77 IP range: 12.0.0.1-.37

19

20

21 Easy to author, easy to understand

22 Policies Restrict users from changing Highest precedence Specific registry locations Preferences User may change No need to be policy-aware

23 Easy to Set up, Report, Maintain Use cases: drive mappings, default printers, shortcuts, local users and groups, file and folder options… Fewer scripts = less complicated, less time to apply

24

25

26 Group Policy Team Bloghttp://blogs.technet.com/grouppolicy RSAT Windows Vista SP1 32-bit Edition (KB941314):http://go.microsoft.com/fwlink/?LinkId=115118 RSAT Windows Vista SP1 64-bit Edition (KB941314):http://go.microsoft.com/fwlink/?LinkId=116472 Group Policy TechNet pagehttp://www.microsoft.com/technet/grouppolicy Group Policy Settings Reference Windows Vista SP1 http://www.microsoft.com/downloads/details.aspx?familyid =2043B94E-66CD-4B91-9E0F- 68363245C495&displaylang=en Group Policy Preferences : Getting Started http://technet.microsoft.com/en- us/library/cc731892.aspx Recording and Resources for This Academy Live Session http://Academy

27 www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn

28

29 For more information please refer to your Pocket Guide Speaker – Click Here to Launch Video

30 Product Overview: www.microsoft.com/online/windows-intune.mspx TechCenter: http://social.technet.microsoft.com/Forums/en- US/category/microsoftonlineservices/ Windows Intune Team Blog: http://blogs.technet.com/windowsintune

31 What is the Springboard Series? To the IT pro, our goal is Be the definitive resource for Desktop IT pros Open, honest; show don’t tell Information at right time, right level across Adoption Lifecycle Inside of Microsoft we are A turnkey IT pro engagement platform for depth and breadth The program to mobilize MS marketing and field to focus on desktop OS IT pros DEPLOYPILOTMANAGEEXPLOREDISCOVER one-Windows TechCenter in 10 languages Virtual Roundtable Events Springboard Technical Experts Panel Event Support and Resources Straight-talk Monthly Feature Articles and Overview Guides TalkingAboutWindows Video Blogs

32 www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn

33

34 Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31 st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year

35

36

Download ppt "Kevin Sullivan Principal Program Manager Lead Microsoft Corporation SESSION CODE: WCL323."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Management tools GPOE & GPMC Group Policy Preferences Group Policy Service GP shared service More stable and strengthened Service Group Policy Templates.

Management tools GPOE & GPMC Group Policy Preferences Group Policy Service GP shared service More stable and strengthened Service Group Policy Templates.
ACTIVE DIRECTORY GROUP POLICY MAEDS Spring PD Day 2012 Nicholas A. Hay Jefferson Schools

ACTIVE DIRECTORY GROUP POLICY MAEDS Spring PD Day 2012 Nicholas A. Hay Jefferson Schools
Clyde G. Johnson.  Preference?  Overview  Targeting  Settings  Things to know  GPP Scenarios.

Clyde G. Johnson.  Preference?  Overview  Targeting  Settings  Things to know  GPP Scenarios.
Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.

Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.
Don Jones Senior Partner and Technologist Concentrated Technology, LLC SESSION CODE: WCL308.

Don Jones Senior Partner and Technologist Concentrated Technology, LLC SESSION CODE: WCL308.
NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.

NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Michael Kleef Program Manager Microsoft Session Code: WSV326.

Michael Kleef Program Manager Microsoft Session Code: WSV326.
New features in Windows Vista Multiple Local GPOs Network Awareness ADMX Files Improved Logging Coming in Windows Server 2008 Filters Comments Starter.

New features in Windows Vista Multiple Local GPOs Network Awareness ADMX Files Improved Logging Coming in Windows Server 2008 Filters Comments Starter.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment.

Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment.
Marc Shepard Principal Program Manager Lead Microsoft Corporation SESSION CODE: WCL203.

Marc Shepard Principal Program Manager Lead Microsoft Corporation SESSION CODE: WCL203.
Jay Ferron- Global Knowledge Jeremy Chapman - Microsoft Corporation SESSION CODE: WCL201.

Jay Ferron- Global Knowledge Jeremy Chapman - Microsoft Corporation SESSION CODE: WCL201.
Group Policy Infrastructure in Windows: Today and Tomorrow

Group Policy Infrastructure in Windows: Today and Tomorrow
Raymond P.L. Comvalius IT Infrastructure Specialist Invendows BV – The Netherlands SESSION CODE: WCL310.

Raymond P.L. Comvalius IT Infrastructure Specialist Invendows BV – The Netherlands SESSION CODE: WCL310.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

Similar presentations

Ads by Google