introduction to group policy
DESCRIPTION
Chapter 7. INTRODUCTION TO GROUP POLICY. WHAT CAN YOU DO WITH GROUP POLICY?. Control the user environment. Manipulate Start menu options, wallpaper, colors, and so on. Prevent users from using Control Panel. Control the computer settings. Configure DNS client settings. - PowerPoint PPT PresentationTRANSCRIPT
11
INTRODUCTION TO GROUP POLICY
Chapter 7
Chapter 7: INTRODUCTION TO GROUP POLICY 2
WHAT CAN YOU DO WITH GROUP POLICY? Control the user environment.
Manipulate Start menu options, wallpaper, colors, and so on.
Prevent users from using Control Panel. Control the computer settings.
Configure DNS client settings. Configure the time server client computers use.
Distribute software. Force software installation. Allow for easy optional software installation
through Add/Remove Programs.
Chapter 7: INTRODUCTION TO GROUP POLICY 3
POLICY SETTINGS
Registry-based
Software installations and repairs
Folder redirection and offline storage
Disk quotas
Scripts
Remote Installation Services
Internet Explorer configuration
Security
Chapter 7: INTRODUCTION TO GROUP POLICY 4
LATENT APPLICATIONS OF GROUP POLICY
Term describes a group of policies.
Policies are not applied directly to groups.
Policies can be linked to: Sites
Domains
OUs
Chapter 7: INTRODUCTION TO GROUP POLICY 5
GROUP POLICY BENEFITS
User benefits Access to files either offline or online. Consistent environment. Files are centrally backed up.
Administrator benefits Centralized management of computer and
user settings. Centralized application distribution. Centralized backup. Centralized security enforcement.
Chapter 7: INTRODUCTION TO GROUP POLICY 6
UNDERSTANDING GROUP POLICY OBJECTS (GPOs)
Local GPO Gpedit.msc (Local Computer Policy)
Local Security Policy
Non-Local Group Policy Objects Stored in Sysvol
Linked to sites, domains, or OUs
Chapter 7: INTRODUCTION TO GROUP POLICY 7
LOCAL GROUP POLICY
Chapter 7: INTRODUCTION TO GROUP POLICY 8
GROUP POLICY CONTAINER OBJECT
Chapter 7: INTRODUCTION TO GROUP POLICY 9
GROUP POLICY TEMPLATE (GPT)
Chapter 7: INTRODUCTION TO GROUP POLICY 10
GPT STRUCTURE AND GPT.INI
Chapter 7: INTRODUCTION TO GROUP POLICY 11
GROUP POLICY OBJECT EDITOR FOR DOMAINS AND OUS
Chapter 7: INTRODUCTION TO GROUP POLICY 12
GROUP POLICY OBJECT EDITOR FOR SITES
Chapter 7: INTRODUCTION TO GROUP POLICY 13
GROUP POLICY SETTINGS
Chapter 7: INTRODUCTION TO GROUP POLICY 14
SOFTWARE SETTINGS
Chapter 7: INTRODUCTION TO GROUP POLICY 15
WINDOWS SETTINGS
Chapter 7: INTRODUCTION TO GROUP POLICY 16
ADMINISTRATIVE TEMPLATES
Chapter 7: INTRODUCTION TO GROUP POLICY 17
ADMINISTRATIVE TEMPLATE SETTING OPTIONS
Chapter 7: INTRODUCTION TO GROUP POLICY 18
GROUP POLICIES AND THE ACTIVE DIRECTORY STRUCTURE
Linked to site—Affects all users and computers in the site to which the policy is linked, regardless of domain membership
Linked to domain—Affects all users and computers in the domain to which the policy is linked
Linked to OU—Affects all users and computers in the OU to which the policy is linked
Chapter 7: INTRODUCTION TO GROUP POLICY 19
HOW GROUP POLICIES ARE PROCESSED
Local-Site-Domain-OU (LSDOU) order.
Different settings are merged.
If there is a conflict on a particular setting: By default, the last policy applied wins.
Exceptions: No Override, Block Policy Inheritance, and User Group Policy loopback processing mode.
Chapter 7: INTRODUCTION TO GROUP POLICY 20
SCHOOL OF FINE ART AND GROUP POLICY APPLICATION
Chapter 7: INTRODUCTION TO GROUP POLICY 21
MULTIPLE POLICIES LINKED TO A CONTAINER
Chapter 7: INTRODUCTION TO GROUP POLICY 22
GROUP POLICY PROCESSING AT STARTUP AND LOGON During computer startup, a list of GPOs for the
computer is obtained.
Computer settings are applied during startup.
Startup scripts are run.
Windows Logon prompt appears when step 3 completes.
Upon successful validation of user, the user profile loads.
A list of GPOs for the user is obtained.
Logon scripts are run.
The user interface appears.
Chapter 7: INTRODUCTION TO GROUP POLICY 23
NO OVERRIDE
Ensures policy is applied, regardless of priority, hierarchy, inheritance blocking, or conflicting settings
Configured on a per-policy basis
Chapter 7: INTRODUCTION TO GROUP POLICY 24
BLOCK POLICY INHERITANCE
Prevents policies from being inherited from higher levels in the Active Directory hierarchy
Can be used at the Domain or OU level only—not per policy
Cannot stop a policy marked as No Override
Chapter 7: INTRODUCTION TO GROUP POLICY 25
USER GROUP POLICY LOOPBACK PROCESSING MODE
Maintains a specified user environment, no matter which user logs on
Allows a computer account to apply User Settings last In merge mode, any conflicting settings are
won by the loopback-enabled Group Policy.
In replace mode, all user settings are set to whatever is configured in the loopback-enabled Group Policy.
Chapter 7: INTRODUCTION TO GROUP POLICY 26
SUMMARY
Group Policy is used to control both User settings and Computer settings.
GPOs can be linked to sites, domains, and OUs. GPOs have two parts: GPC and GPT. Default GPOs.
Default Domain Policy Default Domain Controllers Policy
Processing Order: L-S-D-OU. Exceptions: Block Policy Inheritance, No
Override, and loopback.