Group Policy Presentation

8/6/2019 Group Policy Presentation

1/31

Group Policy Presentation

This document is classified as Public.


2/31

9 aot 2011 - Group Policy

Objects - This document is

classified as Public

2

Presentation Plan

Overview of Group Policies.

Configuring the Scope of Group Policies Objects.

Evaluating the Application of Group Policies

Objects.

Managing Group Policies Objects.

Delegating Administrative Control of Group

Policies

Summary:



3/31




3

Overview of Group Policy



4/31




4

Preview

What Are Group Policies?

Group Policy Settings

HowGroup Policies Are Applied

Group Policy Processing and Exceptions

Group Policy Components

What Are ADM and ADMX files?

Here are the different parts:

Overview of Group Policies


5/31




5

What Are Group Policies?


Group Policies enable IT administrators to automate one-to-many

management ofusers and computers

Local grouppolicies are always in effect for local users and local

computersettings..

UseGroup Policies to : Apply standard configurations

Deploy software

Enforce security settings

Enforce a consistent desktop environment


6/31




6

Group Policy Settings

Group Policy settings forusers

Software Settings

Windows Settings

SecuritySettings

DesktopSettings

Group Policy settings forcomputers

Software Settings

Windows Settings

SecuritySettings

Operating systems Settings



7/31




7

HowGroup Policies Are Applied

Computersettings

applied

Startup scripts run

Refresh Interval

User settings applied

Logon scripts run

Refresh IntervalComputer

starts

User

logs on

Every 90 minutes

Every 90 minutes



8/31




8

Group Policy Processing and Exeptions

Slow Links

500 Kbps bydefault

Certain client side extensions are not processed

CachedCredential

Priorto Vista, ICMP is used to detect a slow link

Vistauses Network Location Awareness

Windows XP and Vistause cached credential for

fasterlogons

Many GPO settings take two logons to take effect

Group PolicyProcessing

Local PolicyMachine/User

Site PolicyMachine/User

Domain PolicyMachine/User

OUtop OUbottom PolicyMachine/User



9/31




9

Group Policy Components

Group PolicyContainer

Group Policy Template

Stored in Active Directory

Provides version information

Status information

List of components

Stored in shared SYSVOL folder

Provides Group Policy settings

Supports both ADM and ADMX templates

Group Policy Object

ContainsGroup Policy settings

Stores content in two locations



10/31




10

What Are ADM and ADMX Files?

ADMX files are:

Language neutral

Not stored in the GPO Extensible through XML

ADM files are:

Copied into every GPO in SYSVOL

Difficult to customize



11/31




11

Configuring the Scope of

Group Policy Objects



12/31




12

Preview

Group Policy Processing Order

What Are Multiple Local Group Policies?

Options for Modifying Group Policy Processing

How Does Loopback ProcessingWork?


Configuring the Scope of Group Policy Objects


13/31




13

Group Policy Processing Order


OU

OUOU

Local Group Policy

Domain

GPO1

GPO2

GPO3

GPO4

GPO5

Site


14/31




14

What are Multiple Local Group Policies?


One layerof computerconfigurations that applies to

all users

Layers apply only to individual users, not to groups

There are three layers ofuserconfigurations:

- Administrator

- Non-Administrator

- User-specific


15/31




15

Options for Modifying Group Policy Processing


Block inheritance

Five methods to modify GPO default processing:

Enforcement

Filteringusing securitygroups orWMI filters

Disabling GPOs

Loopback processing


16/31




16

How Does Loopback ProcessingWork?



17/31




17

Evaluating the Application of Group

Policy Objects



18/31




18

Preview

What Is Group Policy Reporting?

What Is Group Policy Modeling?


Evaluating the Application of Group Policy Objects


19/31




19


What Is Group Policy Reporting?

Grouppolicyreporting is amethod ofplanningand troubleshootinggroup

policy

Group Policy results are provided by the GPMC

GPResult is a command line utility


20/31




20


What Is Group Policy Modeling?

The Group PolicyModeling Wizard calculates the simulated net effect of

GPOs

The Group Policy ModelingWizard simulates:

Site membership

Security group membership

WMI filters

Slow links

Loopback processing

The effects of moving user or computer objects to a

different Active Directory container


21/31




21

Managing Group Policy

Objects



22/31




22

Preview

What Is a Copy Operation?

What Is a Backup Operation?

What Is a Restore Operation?

What Is an Import Operation?

What Is a StarterGPO?

MigratingGroup Policy Objects


Managing Group Policy Objects


23/31




23


What Is a Copy Operation?

DACLDACL

User1GPO1

ReadFullControl

DACLDACL

User1GPO2

ReadFullControl

Acopyof a GPO transfers onlythe settings within a GPO

The new GPO is createdunlinked


24/31




24


What Is a Backup Operation?

In a backupoperation, Group PolicyManagement export all data in the GPO

to the selected file and saves the GPTfiles

Backupof a

GPO

GPO1

GPO1


25/31




25


What Is a Restore Operation?

In a restore operation, the contents of the GPO are returned to exactlythe

same state

Backed-up GPO

GPO1

GPO1


26/31


Objects - This document isclassified as Public

26


What Is an Import Operation?

GPO1 GPO2

GPO

Settings

GPO

Settings

In an importoperation, all GPO settings are copied from the source to the

target GPO


27/31



27


What Is a Starter GPO?

Stores administrative template settings on which the new GPOs

will be based

Can be exported to .cab files

Can be imported into other areas of the enterprise

Exported toCAB file Imported to GPMC

Starter GPO CAB file LoadCabinetfile


28/31



28


MigratingGroup Policy Objects

The ADMX Migrator utility :

Can be used to convert custom ADM files to ADMX

Is GUI based and can be downloaded from

the Microsoft download site utility


29/31



29

Delegating Administrative Control of

Group Policies



30/31



30

Delegating Administrative Control of Group Policies

Options for Delegating Control ofGPOs

Methods to

delegate control

of GPOs

Create

GPOs in

the domain

Membership in Group

Policy Creator Ownersgroup or explicit

permission to create

GPOs

Delegate the right to

use group policy

reporting tools

Assign Edit rights to

individual policies

Delegate the right to

link GPOs to containers

Edit or

delete

GPOs

Link GPOs

to

containers

Use

reporting

tools

X X X

XX

X

X

XXX

XX


31/31



31

Do you have any questions ?


Documents

Group Policy Presentation