Guided Hands-On Lab on GPO-GPP<br />Presenter	Tan Chee<br />Title			MVP in GPO<br />Event		CTU 2011 June<br />Date		25th J...
Guided HOL on GPO-GPP<br />Getting Familiarize with the HOL Setup<br />HOL Session #1 – Restricted Group (GPO & GPP)<br />...
Getting Familiarize with the HOL Setup<br />The Setup<br />Virtual Machines (Hyper-V): Private Network<br />Domain Name: O...
Quick Walk Through on the HOL Setup<br />
Getting Ready<br />Under “START” > “Administrative Tools”<br />Start “Active Directory Users and Computers” Console<br />U...
OU Structure and Dummy Accounts<br />
GPMC<br />OU that cannot link GPO to<br />
Getting Ready<br />Login as Domain Admin<br />Open Command Prompt<br />Get ready to run following commands<br />GPUPDATE /...
HOL Session #1 – Restricted Group (GPO)<br />
HOL Session #1<br />Restrict adding of members to local administrators group<br />Insertion of Domain Group to be a member...
HOL #1a - Restrict adding of members to local machine administrators group<br />
HOL Session #1a<br />On DC1.onprem.local (Domain Controller)<br />Start GPMC<br />Create and Configure GPO – “CTU_Restrict...
HOL Session #1a<br />Expected Result:<br />User able to insert another domain group to the local machine administrators gr...
HOL #1b - Insert Domain Group to be a member of local machine administrators group<br />
HOL Session #1b<br />On DC1.onprem.local (Domain Controller)<br />Start GPMC<br />Create and Configure GPO – “CTU_Inject_L...
HOL Session #1b<br />Expected Result:<br />User able to insert another domain group to the local machine administrators gr...
HOL #1c – Managing Local Machine Administrators Group using GPP<br />
GPP contain similar settings? Yes!<br />
HOL #1c – Managing Local Machine Administrators Group using GPP<br />DEMO<br />
HOL Session #2 – Deployment of TCPIP Printer (GPO & GPP)<br />
Getting Ready<br />On DC1.onprem.local<br />Print Service (Add Role)<br />Add Printer Drivers (Both x64 and x86)<br />Shar...
Deployment of TCPIP Printer (GPO & GPP)<br />Printer Driver (32bit and 64bit)<br />GPO Setting – Computer Configuration > ...
HOL Session #3 – Managing Office 2011 settings (GPO)<br />
Getting Ready<br />On DC1.onprem.local<br />Create and Configure GPO – “CTU_Office2010”<br />Import GPO template files for...
Setting to Try<br />Configure as following.<br />On Client, Login as CTUUser01 to verify setting is applied.<br />Default ...
HOL Session #4 – WMI Filter<br />DEMO<br />
WMI Filter (GPO)<br />Useful to target GPO for Machine running different OS under same OU.<br />Demo on how to import and ...
HOL Session #5 – Basic Troubleshooting Relates to GPO<br />
Basic Troubleshooting<br />On Client machine (Login with Domain account)<br />Event Viewer of Client<br />Run Command Line...
Requirement for GPMC Group Policy Results Wizard to work <br />WMI service on target must be running<br />Firewall port mu...
Tips and Tricks plus Discussion!!<br />
Tips and Tricks<br />In Client Machine, Remove the following registry key and run GP update, the GPP that is configured as...
Tips and Tricks<br />GPP – Settings with Red and Green Underline – What does it mean?<br />Red – [No Go], Will not Deliver...
Tips and Tricks<br />GPO Settings Supersede GPP Settings<br />
Discussion<br />
Thank You!!<br />
CTU June 2011 - Guided Hands on Lab on GPO - GPP
Upcoming SlideShare
Loading in...5
×

CTU June 2011 - Guided Hands on Lab on GPO - GPP

1,471

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,471
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Guide class to login to Physical Host and launch Hyper-VAccessing to the Hyper-V VMsLogin to the VM using the Domain Admin AccountsDomain Admin: AdministratorDomain Account: CTUUser01CTUUser02Domain Groups:CTU_LocalAdminCTU_Users
  • To show that for certain OU, one cannot link GPO to it.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User un-able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Mention that DNS must be able to resolve properly too!But DNS is very critical for GPO to function properly
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Create Batch file containing following line to perform the action to remove the registry keyREG DELETE &quot;HKLM\\SOFTWARE\\Microsoft\\Group Policy\\Client\\RunOnce&quot; /va
  • Transcript of "CTU June 2011 - Guided Hands on Lab on GPO - GPP"

    1. 1. Guided Hands-On Lab on GPO-GPP<br />Presenter Tan Chee<br />Title MVP in GPO<br />Event CTU 2011 June<br />Date 25th June 2011<br />
    2. 2. Guided HOL on GPO-GPP<br />Getting Familiarize with the HOL Setup<br />HOL Session #1 – Restricted Group (GPO & GPP)<br />HOL Session #2 – Deployment of TCPIP Printer (GPO & GPP)<br />HOL Session #3 – Managing Office 2010 settings (GPO)<br />HOL Session #4 – WMI Filter<br />HOL Session #5 – Basic Troubleshooting<br />Tips and Tricks plus Discussion (Sharing Experience)<br />Agenda<br />
    3. 3. Getting Familiarize with the HOL Setup<br />The Setup<br />Virtual Machines (Hyper-V): Private Network<br />Domain Name: ONPREM.LOCAL<br />Physical Host<br />
    4. 4. Quick Walk Through on the HOL Setup<br />
    5. 5. Getting Ready<br />Under “START” > “Administrative Tools”<br />Start “Active Directory Users and Computers” Console<br />Understand the OU structure<br />Understand where is the User Objects<br />Understand where is the Computer Objects<br />Start “Group Policy Management” Console<br />Start “Active Directory Sites and Services” Console (For manual replication)<br />DC1.onprem.local (Domain Controller)<br />
    6. 6. OU Structure and Dummy Accounts<br />
    7. 7. GPMC<br />OU that cannot link GPO to<br />
    8. 8. Getting Ready<br />Login as Domain Admin<br />Open Command Prompt<br />Get ready to run following commands<br />GPUPDATE /FORCE<br />You may be required to login as CTUUSER01 in later part<br />Client1.onprem.local (Domain Machine)<br />
    9. 9. HOL Session #1 – Restricted Group (GPO)<br />
    10. 10. HOL Session #1<br />Restrict adding of members to local administrators group<br />Insertion of Domain Group to be a member of local administrators group<br />Restricted Group through GPO<br />
    11. 11. HOL #1a - Restrict adding of members to local machine administrators group<br />
    12. 12. HOL Session #1a<br />On DC1.onprem.local (Domain Controller)<br />Start GPMC<br />Create and Configure GPO – “CTU_Restricted_Group”<br />Link the GPO to the OU containing Computer – “Client1”<br />On Client1.onprem.local (Client Machine)<br />Under “local users and groups” > “Groups”, try adding “CTUUser01” to “Administrators” group.<br />Then under command prompt, run “GPUPDATE /FORCE”<br />Restrict adding of members to local machine administrators group<br />
    13. 13. HOL Session #1a<br />Expected Result:<br />User able to insert another domain group to the local machine administrators group.<br />User un-able to add another domain account to the local machine administrators group.<br />Restrict adding of members to local machine administrators group<br />
    14. 14. HOL #1b - Insert Domain Group to be a member of local machine administrators group<br />
    15. 15. HOL Session #1b<br />On DC1.onprem.local (Domain Controller)<br />Start GPMC<br />Create and Configure GPO – “CTU_Inject_LocalAdmin”<br />Link the GPO to the OU containing Computer – “Client1”<br />On Client1.onprem.local (Client Machine)<br />Under “local users and groups” > “Groups”, try adding “CTUUser01” to “Administrators” group.<br />Then under command prompt, run “GPUPDATE /FORCE”<br />Insert Domain Group to be a member of local machine administrators group<br />
    16. 16. HOL Session #1b<br />Expected Result:<br />User able to insert another domain group to the local machine administrators group.<br />User able to add another domain account to the local machine administrators group.<br />Insert Domain Group to be a member of local machine administrators group<br />
    17. 17. HOL #1c – Managing Local Machine Administrators Group using GPP<br />
    18. 18. GPP contain similar settings? Yes!<br />
    19. 19. HOL #1c – Managing Local Machine Administrators Group using GPP<br />DEMO<br />
    20. 20. HOL Session #2 – Deployment of TCPIP Printer (GPO & GPP)<br />
    21. 21. Getting Ready<br />On DC1.onprem.local<br />Print Service (Add Role)<br />Add Printer Drivers (Both x64 and x86)<br />Share out the Printer (192.168.1.40 – CTU Printer)<br />Create and Configure GPO – “CTU_Deploy_Printer”<br />Link the GPO to the OU containing Computer<br />On Client machine, under command prompt, run “GPUPDATE /FORCE<br />Deployment of TCPIP Printer (GPO & GPP)<br />
    22. 22. Deployment of TCPIP Printer (GPO & GPP)<br />Printer Driver (32bit and 64bit)<br />GPO Setting – Computer Configuration > Administrative Templates > Printers > Point and Print Restrictions: Enabled<br />Impact to Boot Up<br />Through Computer or User GPP?<br />Pointers to take note<br />
    23. 23. HOL Session #3 – Managing Office 2011 settings (GPO)<br />
    24. 24. Getting Ready<br />On DC1.onprem.local<br />Create and Configure GPO – “CTU_Office2010”<br />Import GPO template files for Office 2010<br />Note that the settings are under User Configuration<br />Link the GPO to the OU containing Users – “CTUUser01”<br />Managing Office 2011 settings (GPO)<br />
    25. 25. Setting to Try<br />Configure as following.<br />On Client, Login as CTUUser01 to verify setting is applied.<br />Default Font Name, Size<br />
    26. 26. HOL Session #4 – WMI Filter<br />DEMO<br />
    27. 27. WMI Filter (GPO)<br />Useful to target GPO for Machine running different OS under same OU.<br />Demo on how to import and apply WMI Filter<br />
    28. 28. HOL Session #5 – Basic Troubleshooting Relates to GPO<br />
    29. 29. Basic Troubleshooting<br />On Client machine (Login with Domain account)<br />Event Viewer of Client<br />Run Command Line – GPRESULT /H <Filename>.html<br />On Domain Controller<br />Use GPMC to generate a Group Policy Result<br />
    30. 30. Requirement for GPMC Group Policy Results Wizard to work <br />WMI service on target must be running<br />Firewall port must open for WMI (Predefined Program)<br />
    31. 31. Tips and Tricks plus Discussion!!<br />
    32. 32. Tips and Tricks<br />In Client Machine, Remove the following registry key and run GP update, the GPP that is configured as Apply Once Only will apply again.<br />HKLMSOFTWAREMicrosoftGroup PolicyClientRunOnce<br />GPP – Apply Once Only? <br />
    33. 33. Tips and Tricks<br />GPP – Settings with Red and Green Underline – What does it mean?<br />Red – [No Go], Will not Deliver<br />Green – [Go], Will be Delivered<br />
    34. 34. Tips and Tricks<br />GPO Settings Supersede GPP Settings<br />
    35. 35. Discussion<br />
    36. 36. Thank You!!<br />
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×