Download presentation
Presentation is loading. Please wait.
Published byDebra Cook Modified over 9 years ago
1
Module 4 Planning for Group Policy
2
Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group Policy Objects Planning the Management of Client Computers
3
Lesson 1: Planning Group Policy Application Demonstration: Reviewing and Modifying Group Policy Settings Considerations for Group Policy Application Group Policy Application Exceptions New Group Policy Features in Windows Server 2008
4
Demonstration: Reviewing and Modifying Group Policy Settings In this demonstration, you see how to: Review and modify Group Policy settings
5
Considerations for Group Policy Application Considerations Computer settings are processed when the computer starts User settings are processed when a user logs on Speed up processing by disabling unnecessary parts of a GPO GPOs are cached and updated at timed intervals
6
Group Policy Application Exceptions The Group Policy application exceptions are: Slow link processing Cached credentials Remote Access connections Moved computer or user objects
7
New Group Policy Features in Windows Server 2008 The Group Policy features are: New policies Power management settings Blocking device installation Firewall and IPSec settings Internet Explorer settings Location-based printing Delegation of printer driver installation ADMX templates Network Location Awareness
8
Lesson 2: Planning Group Policy Processing Considerations for Active Directory Structure Considerations for Using Filtering Considerations for Modifying Inheritance Considerations for Using Loopback Processing Demonstration: Modifying Group Policy Processing
9
Considerations for Active Directory Structure Site Domain OU GPO2 GPO3 GPO4 GPO5 GPO1 Local policy
10
Considerations for Using Filtering Filtering is applied to a GPO and not links Security Filtering: WMI Filtering Controls the application of GPOs based on security groups Can simplify OU planning Controls the application of GPOs based on computer characteristics Can be used to control software distribution
11
Considerations for Modifying Inheritance Considerations Blocking inheritance is not selective, all GPOs are blocked Use enforcement to enforce organization-wide standards You cannot enforce a filtered GPO
12
Considerations for Using Loopback Processing Considerations Loopback processing is for special use computers Use merge mode to apply additional restrictions Use replace mode to apply the same settings to all users To provide less restrictive settings, use replace mode Use loopback processing to secure Terminal Servers
13
Demonstration: Modifying Group Policy Processing In this demonstration, you will see how to: Modify Group Policy processing
14
Lesson 3: Planning the Management of Group Policy Objects Considerations for Administering Group Policy Objects What Are Starter GPOs? Considerations for Reusing or Copying GPOs Considerations for Backing Up and Restoring GPOs Considerations for Delegating Management of GPOs Discussion: Managing Group Policy
15
Considerations for Administering Group Policy Objects Considerations GPMC can be installed on Windows Vista SP1 A GPO is stored in Active Directory and SYSVOL New GPOs must be replicated to all domain controllers ADMX templates reduce GPO size Create a central store for ADMX templates ADMX templates are easier to extend than ADM templates ADMX templates can be used only by Windows Server 2008 and Windows Vista Migrate customized ADM templates to ADMX templates by using the ADMX migrator Use Group Policy tools for troubleshooting and planning
16
What Are Starter GPOs? Starter GPOs are GPO templates that contain administrative templates settings You can use starter GPOs: To standardize GPO creation To move GPOs easily between domains To distribute customized settings to partners
17
Considerations for Reusing or Copying GPOs A single GPO linked to multiple locations allows for centralized management You should carefully control the permission on a GPO that is linked to multiple locations It is difficult to synchronize settings between multiple GPOs For common settings, use a single GPO linked to multiple locations For unique settings, use an individual GPO for an OU
18
Considerations for Backing Up and Restoring GPOs System state backups of a domain controller are difficult to recover GPOs from Backup of GPO with GPMC before making changes GPO backups can be scheduled with scripts Only Read permissions are required to back up a GPO Restoring from backup includes filtering information Importing settings from backup does not include filtering information GPO backups can contain multiple versions
19
Considerations for Delegating Management of GPOs You can use GPMC to delegate permissions for managing GPOs Members of Domain Admins and Group Policy Creator Owners group can create GPOs Members of Domain Admins, Enterprise Admins, and domain local Administrators can link GPOs in a domain Members of Domain Admins and Enterprise Admins can edit GPOs
20
Discussion: Managing Group Policy Who is responsible for managing Group Policy in your organization? Does your organization back up GPOs? Does your organization have a need to standardize GPOs by using starter policies?
21
Lesson 4: Planning the Management of Client Computers Why Manage Client Computers? Methods for Managing Client Computers Considerations for Using Group Policy Preferences Demonstration: Using Group Policy Preferences Considerations for Deploying Software by Using Group Policy Considerations for Using Scripts Considerations for Using Folder Redirection
22
Why Manage Client Computers? Managing client computers saves time and money for the organization by: Distributing applications Enforcing security settings Enforcing application settings Standardizing the user environment
23
Methods for Managing Client Computers The methods for managing client computers are: Group Policy settings Group Policy preferences Scripts Windows Server Update Services System Center Configuration Manager
24
Considerations for Using Group Policy Preferences You can use both Group Policy settings and Group Policy preferences Preference settings are not enforced and can be modified by the user Application of Group Policy preferences is supported for Windows XP with SP2, Windows Vista, Windows Server 2003 with SP1, and Windows Server 2008 Use the Data Sources node to easily add or modify ODBC data sources for applications Use the Drive Maps node as an alternative to mapping drive letters by using a logon script Use the Start Menu and Shortcuts node to standardize the ways of starting applications Use the Internet Settings node to standardize the configuration of Internet Explorer Use targeting to determine which users and computers a preference item will apply to
25
Demonstration: Using Group Policy Preferences In this demonstration, you see how to: Use Group Policy preferences
26
Considerations for Deploying Software by Using Group Policy Assign an application to create a Start Menu shortcut Assign an application to a computer to install before use Assign an application to a user or publish it to limit disk utilization Enable document activation to automatically install the application required to open a document Use categories to organize published applications Use transform files to customize installation Use mandatory upgrades to keep application versions consistent Use forced removal to remove applications from computers
27
Considerations for Using Scripts Scripts can be written in any scripting language supported by the client computer Considerations: Logon scripts are commonly used for mapping drive letters Use Group Policy to implement logon scripts Startup and shutdown scripts can be used for computer- specific tasks Group Policy scripts should be stored on SYSVOL
28
Considerations for Using Folder Redirection My Documents is not the only folder that can be redirected Folder redirection simplifies backup of user data Folder redirection reduces the size of user profiles Redirect My Documents to a home folder for private storage Redirect My Documents to a departmental share for shared storage Allow folder permissions to be configured automatically Use offline files with folder redirection
29
Lab: Planning for Group Policy Exercise 1: Creating a Group Policy Plan Exercise 2: Implementing Group Policy Estimated time: 60 minutes Logon information Virtual machine 6430B-SEA-DC1 User name Adatum\Administrator Password Pa$$w0rd
30
Lab Scenario Adatum has never implemented Group Policy other than for basic password configuration in the domain using the default GPOs. After attending a recent seminar, the IT manager wants to use Group Policy more effectively for the organization. You have been tasked with creating a plan for implementing Group Policy.
31
Module Review and Takeaways Review Questions
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.