11 planning a group policy management and implementation strategy chapter 10
TRANSCRIPT
![Page 1: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/1.jpg)
11
PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY
Chapter 10
![Page 2: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/2.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 2
FILTERING GROUP POLICY’S SCOPE
By default, settings flow from site to domain to OU.
Three ways to control Group Policy settings inheritance Block Policy Inheritance:
Security filtering
WMI filters
![Page 3: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/3.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 3
SECURITY FILTERING
![Page 4: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/4.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 4
WMI FILTERS
Windows Management Instrumentation (WMI)
Used for queries and filters concerning Hardware
Software
Operating system type
Can be linked to multiple GPOs
![Page 5: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/5.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 5
WMI FILTER EXAMPLES
Table 10-1 WMI Filter Examples
TTaarrggeett CCoommppuutteerr SSaammppllee WWMMII All computers that arerunning Windows XPProfessional
Select * from Win32_OperatingSystemwhere Caption = "Microsoft WindowsXP Professional"
All computers that havemore than 10 MB ofavailable drive space
on a C: NTFS partition
Select * from Win32_LogicalDiskWHERE Name= "C:" AND DriveType = 3AND FreeSpace > 10485760 ANDFileSystem = "NTFS"
All computers with amodem installed
Select * from Win32_POTSModemWhere Name = " MyModem"
FFiilltteerr SSttrriinngg
![Page 6: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/6.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 6
CREATING WMI FILTERS
![Page 7: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/7.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 7
GROUP POLICY MANAGEMENT CONSOLE (GPMC)
Free add-on tool that can be used to manage Group Policy. Installs on: Windows XP with Service Pack 1
Any edition of Windows Server 2003
Can be used for: Importing and copying GPO settings
Backing up and restoring of GPOs
Executing the Resultant Set of Policy (RSoP) snap-in
Generating HTML reports
![Page 8: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/8.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 8
INSTALLING GPMC
GPMC is not on the Windows Server 2003 CD-ROM.
Can be downloaded for free from the Microsoft Web site.
In this course, gpmc.msi is on your supplemental CD-ROM. Double-click the gpmc.msi file and run
through the wizard.
Distribute through Group Policy.
![Page 9: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/9.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 9
GPMC CHANGES ACTIVE DIRECTORY USERS AND COMPUTERS
![Page 10: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/10.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 10
CREATING WMI FILTERS IN GPMC
![Page 11: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/11.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 11
LINKING WMI FILTERS
![Page 12: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/12.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 12
NAVIGATING WITH GROUP POLICY MANAGEMENT
![Page 13: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/13.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 13
INFORMATION DISPLAYED IN THE GPMC INTERFACE
![Page 14: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/14.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 14
DETERMINING AND TROUBLESHOOTING EFFECTIVE POLICY SETTINGS
Resultant Set Of Policy (RSoP) Wizard
Group Policy Results
Group Policy Modeling
Gpresult.exe command line tool
![Page 15: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/15.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 15
RSOP LOGGING MODE
![Page 16: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/16.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 16
RSOP PLANNING MODE
![Page 17: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/17.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 17
GROUP POLICY MODELING IN GPMC
![Page 18: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/18.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 18
GROUP POLICY RESULTS
![Page 19: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/19.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 19
Gpresult.exe
![Page 20: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/20.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 20
DELEGATING GROUP POLICY ADMINISTRATIVE CONTROL
Creation of GPOs
Permissions on GPOs
Linking of GPOs
Use of Group Policy Modeling and Group Policy Results
Creation of WMI filters
WMI permissions
![Page 21: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/21.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 21
DELEGATING GPO CREATION
![Page 22: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/22.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 22
DELEGATING PERMISSIONS TO AN INDIVIDUAL GPOGPMC Individual GPO Permissions
AAlllloowweedd PPeerrmmiissssiioonnssCCaatteeggoorryy UUnnddeerrllyyiinngg PPeerrmmiissssiioonnss aanndd EEffffeeccttss
Read Allows Read Access on the GPO.
Edit settings Includes Read, Write, Create Child Objects, andDelete Child Objects.
Edit, delete, andmodify security
Includes Read, Write, Create Child Objects, DeleteChild Objects, Delete, Modify Permissions, and Modify
Owner. Implies Full Control without the Apply GroupPolicy permission being set.
Read (fromSecurity Filtering)
An automatic setting that appears when a user hasRead and Apply Group Policy permissions to the GPO.
Custom These permissions include those set individuallyusing the ACL editor for the GPO. The ACL editor isinvoked by using the Advanced button and shows the
Security tab contents for the GPO.
![Page 23: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/23.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 23
DELEGATING LINKING, MODELING, AND RESULTS
![Page 24: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/24.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 24
DELEGATING WMI FILTERING
![Page 25: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/25.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 25
PLANNING GROUP POLICY INTEGRATION
Create policies at the highest level possible.
Limit the number of GPOs created.
Create specialized GPOs for policies.
Disable unnecessary portions (user or computer).
Only apply GPOs to sites when settings are required on a site basis.
![Page 26: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/26.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 26
RECOMMENDATIONS ON GROUP POLICY INHERITANCE
Limit use of the following: No Override
Block Policy Inheritance
Security filtering
![Page 27: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/27.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 27
PLANNING ADMINISTRATION AND IMPLEMENTATION OF GPOS
Determine which administrators will have policy delegation roles
Test policy settings
Document the plan
![Page 28: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/28.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 28
RESTORING DEFAULT SECURITY SETTINGS
![Page 29: 11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10](https://reader035.vdocuments.us/reader035/viewer/2022070413/5697bfd51a28abf838cad225/html5/thumbnails/29.jpg)
Chapter 10: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY 29
CHAPTER SUMMARY
Name two methods you can use to filter GPOs.
How many WMI filters can be applied to each GPO?
What can you do with GPMC?
What two modes are available in RSoP?
List ways in which you can delegate Group Policy control.