Module 5 Creating and Configuring Group Policies Module

Module 5: Creating and Configuring Group Policies

Module Overview • Overview of Group Policies • Configuring the Scope of Group Policy Objects • Evaluating the Application of Group Policy Objects • Managing Group Policy Objects • Delegating Administrative Control of Group Policies

Lesson 1: Overview of Group Policies • What Are Group Policies? • Group Policy Settings • How Group Policies Are Applied • Exceptions to Normal Group Policy Processing • Group Policy Components • What Are ADM and ADMX files? • What Is the Central Store? • Demonstration: Configuring Group Policy Objects

What Are Group Policies? Group Policies enable IT administrators to automate one-to-many management of users and computers Use Group Policies to: • Apply standard configurations • Deploy software • Enforce security settings • Enforce a consistent desktop environment Local group policies are always in effect for local and domain users and local computer settings

Group Policy Settings Group Policy settings for users control these settings: • • Software Windows Security Desktop Group Policy settings for computers control these settings: • • Software Windows Security Operating systems

How Group Policies are Applied Computer starts Refresh Interval Every 90 minutes • Computer settings applied • Startup scripts run User logs on Refresh Interval Every 90 minutes • User settings applied • Logon scripts run

Exceptions to Group Policy Processing • 500 KPS by default • Certain client side extensions are not Slow links processed • Prior to Vista, ICMP is used to detect a slow link • Vista uses Network Location Awareness • Windows XP and Vista use cached credential Cached credentials for faster logons • Many GPO settings take two logons to take effect Additional exceptions: • Remote access connections • Moving a user or computer object in Active Directory

Group Policy Components Group Policy Container • Stored in Active Directory • Provides version information Group Policy Object Group Policy Template • Contains Group Policy settings • Stores content in two locations • Stored in shared SYSVOL folder • Provides Group Policy settings • Supports both ADM and ADMX templates

What Are ADM and ADMX Files? ADM files are: • Copied into every GPO in SYSVOL • Difficult to customize ADMX files are: • Language neutral • Not stored in the GPO • Extensible through XML

What Is the Central Store? The Central Store: • Is a central repository for ADMX and ADML files • Is stored in SYSVOL • Must be created manually • Is detected automatically by Windows Vista or Server 2008 ADMX files Windows Vista or Windows Server 2008 workstation Domain controller with SYSVOL

Demonstration: Configuring Group Policy Objects In this demonstration, you will see how to: • Create a GPO • Configure settings

Lesson 2: Configuring the Scope of Group Policy Objects • Group Policy Processing Order • What Are Multiple Local Group Policies? • Options for Modifying Group Policy Processing • Demonstration: Configuring Group Policy Object Links • Demonstration: Configuring Group Policy Inheritance • Demonstration: Filtering Group Policy Objects Using Security Groups • Demonstration: Filtering Group Policy Objects Using WMI Filters • How Does Loopback Processing Work? • Discussion: Configuring the Scope of Group Policy Processing

Group Policy Processing Order GPO 1 Local group GPO 2 Sit e GPO 3 GPO 4 Domai n GPO 5 OU OU OU

What Are Multiple Local Group Policies? • One layer of computer configurations that applies to all users • Layers apply only to individual users, not to groups • There are three layers of user configurations: • Administrator • Non-Administrator • User-specific

Options for Modifying Group Policy Processing Five methods to modify GPO default processing: • Block inheritance • Enforcement • Filtering using security groups or WMI filters • Disabling GPOs • Loopback processing

Demonstration: Configuring Group Policy Object Links • In this demonstration, you will see how to: § Create and link GPOs to different locations within AD DS § Disable a GPO link

Demonstration: Configuring Group Policy Inheritance • In this demonstration, you will see how to: § Block GPO inheritance § Enforce GPO inheritance

Demonstration: Filtering Group Policy Objects By Using Security Groups In this demonstration, you will see how to filter the application of GPOs using security groups

Demonstration: Filtering Group Policy Objects Using WMI Filters In this demonstration, you will see how to create and assign a WMI filter

How Does Loopback Processing Work?

Discussion: Configuring the Scope of Group Policy Processing Woodgrove Bank Domain Tree Woodgrove Bank Head Office site Winnipeg Slow link Branches Toronto Winnipeg Servers SQL Server Exchange Server High-speed link Toronto site Head Office

Lesson 3: Evaluating the Application of Group Policy Objects • What Is Group Policy Reporting? • What Is Group Policy Modeling? • Demonstration: How to Evaluate the Application of Group Policies

What Is Group Policy Reporting? Group policy reporting is a method of planning and troubleshooting group policy • Group Policy results are provided by the GPMC • GPResult is a command line utility

What Is Group Policy Modeling? The Group Policy Modeling Wizard calculates the simulated net effect of GPOs The Group Policy Modeling Wizard simulates: • Site membership • Security group membership • WMI filters • Slow links • Loopback processing • The effects of moving user or computer objects to a different Active Directory container

Demonstration: How to Evaluate the Application of Group Policies In this demonstration, you will see how to run each of the tools for reviewing the application of group policies

Lesson 4: Managing Group Policy Objects • GPO Management Tasks • What Is a Starter GPO? • Demonstration: How to Copy a GPO • Demonstration: Backing up and Restoring GPOs • Demonstration: Importing a GPO • Migrating Group Policy Objects

GPO Management Tasks GPO management tasks: • Back up GPOs • Restore GPOs • Copy GPOs • Import GPOs

What Is a Starter GPO? • Stores administrative template settings on which the new GPOs will be based • Can be exported to. cab files • Can be imported into other areas of the enterprise Exported to cab file starter. GPO Imported to GPMC Cab file Load cabinet file

Demonstration: How to Copy a GPO In this demonstration, you will see how to copy a GPO

Demonstration: Backing up and Restoring GPOs In this demonstration, you will see how to back up and restore a GPO

Demonstration: Importing a GPO • In this demonstration, you will see how to: § Import a GPO § Use a migration table

Migrating Group Policy Objects The ADMX Migrator utility: • Can be used to convert custom ADM files to ADMX • Is GUI based and can be downloaded from the Microsoft download site utility

Lesson 5: Delegating Administrative Control of Group Policies • Options for Delegating Control of GPOs • Demonstration: How to Delegate Administrative Control of GPOs

Options for Delegating Control of GPOs Create Methods to delegate GPOs in control of GPOs the domain Membership in Group Policy Creator Owners group or explicit permission to create GPOs Assign Edit rights to individual policies Delegate the right to link GPOs to containers Delegate the right to use group policy reporting tools Edit or delete GPOs Link GPOs to containers Use reporting tools

Demonstration: How to Delegate Administrative Control of GPOs In this demonstration, you will see how to delegate the right to create, edit, link, and use the reporting tools for group policies

Lab: Creating and Configuring GPOs • Exercise 1: Creating Group Policy Objects • Exercise 2: Managing the Scope of GPO Application • Exercise 3: Verifying GPO Application • Exercise 4: Managing GPOs • Exercise 5: Delegating Administrative Control of GPOs Logon information Virtual machine NYC-DC 1, NYCCL 1 User name Administrator Password Pa$$w 0 rd Estimated time: 75 minutes

Lab Review • What other method could be used to grant a user the right to create GPOs in the domain? • If you need to apply a GPO to computers that have certain services installed, what is the best approach?

Module Review and Takeaways • Considerations • Review questions

Beta Feedback Tool Beta feedback tool helps: • § § § • Collect student roster information, module feedback, and course evaluations. Identify and sort the changes that students request, thereby facilitating a quick team triage. Save data to a database in SQL Server that you can later query. Walkthrough of the tool

Beta Feedback Overall flow of module: • § § Which topics did you think flowed smoothly, from topic to topic? Was something taught out of order? Pacing: • § § § Were you able to keep up? Are there any places where the pace felt too slow? Were you able to process what the instructor said before moving on to next topic? Did you have ample time to reflect on what you learned? Did you have time to formulate and ask questions? Learner activities: • § § § Which demos helped you learn the most? Why do you think that is? Did the lab help you synthesize the content in the module? Did it help you to understand how you can use this knowledge in your work environment? Were there any discussion questions or reflection questions that really made you think? Were there questions you thought weren’t helpful?