Your SlideShare is downloading. ×
CTU June 2011 - Guided Hands on Lab on GPO - GPP
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CTU June 2011 - Guided Hands on Lab on GPO - GPP

1,424
views

Published on

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,424
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Guide class to login to Physical Host and launch Hyper-VAccessing to the Hyper-V VMsLogin to the VM using the Domain Admin AccountsDomain Admin: AdministratorDomain Account: CTUUser01CTUUser02Domain Groups:CTU_LocalAdminCTU_Users
  • To show that for certain OU, one cannot link GPO to it.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User un-able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Mention that DNS must be able to resolve properly too!But DNS is very critical for GPO to function properly
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Create Batch file containing following line to perform the action to remove the registry keyREG DELETE "HKLM\\SOFTWARE\\Microsoft\\Group Policy\\Client\\RunOnce" /va
  • Transcript

    • 1. Guided Hands-On Lab on GPO-GPP
      Presenter Tan Chee
      Title MVP in GPO
      Event CTU 2011 June
      Date 25th June 2011
    • 2. Guided HOL on GPO-GPP
      Getting Familiarize with the HOL Setup
      HOL Session #1 – Restricted Group (GPO & GPP)
      HOL Session #2 – Deployment of TCPIP Printer (GPO & GPP)
      HOL Session #3 – Managing Office 2010 settings (GPO)
      HOL Session #4 – WMI Filter
      HOL Session #5 – Basic Troubleshooting
      Tips and Tricks plus Discussion (Sharing Experience)
      Agenda
    • 3. Getting Familiarize with the HOL Setup
      The Setup
      Virtual Machines (Hyper-V): Private Network
      Domain Name: ONPREM.LOCAL
      Physical Host
    • 4. Quick Walk Through on the HOL Setup
    • 5. Getting Ready
      Under “START” > “Administrative Tools”
      Start “Active Directory Users and Computers” Console
      Understand the OU structure
      Understand where is the User Objects
      Understand where is the Computer Objects
      Start “Group Policy Management” Console
      Start “Active Directory Sites and Services” Console (For manual replication)
      DC1.onprem.local (Domain Controller)
    • 6. OU Structure and Dummy Accounts
    • 7. GPMC
      OU that cannot link GPO to
    • 8. Getting Ready
      Login as Domain Admin
      Open Command Prompt
      Get ready to run following commands
      GPUPDATE /FORCE
      You may be required to login as CTUUSER01 in later part
      Client1.onprem.local (Domain Machine)
    • 9. HOL Session #1 – Restricted Group (GPO)
    • 10. HOL Session #1
      Restrict adding of members to local administrators group
      Insertion of Domain Group to be a member of local administrators group
      Restricted Group through GPO
    • 11. HOL #1a - Restrict adding of members to local machine administrators group
    • 12. HOL Session #1a
      On DC1.onprem.local (Domain Controller)
      Start GPMC
      Create and Configure GPO – “CTU_Restricted_Group”
      Link the GPO to the OU containing Computer – “Client1”
      On Client1.onprem.local (Client Machine)
      Under “local users and groups” > “Groups”, try adding “CTUUser01” to “Administrators” group.
      Then under command prompt, run “GPUPDATE /FORCE”
      Restrict adding of members to local machine administrators group
    • 13. HOL Session #1a
      Expected Result:
      User able to insert another domain group to the local machine administrators group.
      User un-able to add another domain account to the local machine administrators group.
      Restrict adding of members to local machine administrators group
    • 14. HOL #1b - Insert Domain Group to be a member of local machine administrators group
    • 15. HOL Session #1b
      On DC1.onprem.local (Domain Controller)
      Start GPMC
      Create and Configure GPO – “CTU_Inject_LocalAdmin”
      Link the GPO to the OU containing Computer – “Client1”
      On Client1.onprem.local (Client Machine)
      Under “local users and groups” > “Groups”, try adding “CTUUser01” to “Administrators” group.
      Then under command prompt, run “GPUPDATE /FORCE”
      Insert Domain Group to be a member of local machine administrators group
    • 16. HOL Session #1b
      Expected Result:
      User able to insert another domain group to the local machine administrators group.
      User able to add another domain account to the local machine administrators group.
      Insert Domain Group to be a member of local machine administrators group
    • 17. HOL #1c – Managing Local Machine Administrators Group using GPP
    • 18. GPP contain similar settings? Yes!
    • 19. HOL #1c – Managing Local Machine Administrators Group using GPP
      DEMO
    • 20. HOL Session #2 – Deployment of TCPIP Printer (GPO & GPP)
    • 21. Getting Ready
      On DC1.onprem.local
      Print Service (Add Role)
      Add Printer Drivers (Both x64 and x86)
      Share out the Printer (192.168.1.40 – CTU Printer)
      Create and Configure GPO – “CTU_Deploy_Printer”
      Link the GPO to the OU containing Computer
      On Client machine, under command prompt, run “GPUPDATE /FORCE
      Deployment of TCPIP Printer (GPO & GPP)
    • 22. Deployment of TCPIP Printer (GPO & GPP)
      Printer Driver (32bit and 64bit)
      GPO Setting – Computer Configuration > Administrative Templates > Printers > Point and Print Restrictions: Enabled
      Impact to Boot Up
      Through Computer or User GPP?
      Pointers to take note
    • 23. HOL Session #3 – Managing Office 2011 settings (GPO)
    • 24. Getting Ready
      On DC1.onprem.local
      Create and Configure GPO – “CTU_Office2010”
      Import GPO template files for Office 2010
      Note that the settings are under User Configuration
      Link the GPO to the OU containing Users – “CTUUser01”
      Managing Office 2011 settings (GPO)
    • 25. Setting to Try
      Configure as following.
      On Client, Login as CTUUser01 to verify setting is applied.
      Default Font Name, Size
    • 26. HOL Session #4 – WMI Filter
      DEMO
    • 27. WMI Filter (GPO)
      Useful to target GPO for Machine running different OS under same OU.
      Demo on how to import and apply WMI Filter
    • 28. HOL Session #5 – Basic Troubleshooting Relates to GPO
    • 29. Basic Troubleshooting
      On Client machine (Login with Domain account)
      Event Viewer of Client
      Run Command Line – GPRESULT /H <Filename>.html
      On Domain Controller
      Use GPMC to generate a Group Policy Result
    • 30. Requirement for GPMC Group Policy Results Wizard to work
      WMI service on target must be running
      Firewall port must open for WMI (Predefined Program)
    • 31. Tips and Tricks plus Discussion!!
    • 32. Tips and Tricks
      In Client Machine, Remove the following registry key and run GP update, the GPP that is configured as Apply Once Only will apply again.
      HKLMSOFTWAREMicrosoftGroup PolicyClientRunOnce
      GPP – Apply Once Only?
    • 33. Tips and Tricks
      GPP – Settings with Red and Green Underline – What does it mean?
      Red – [No Go], Will not Deliver
      Green – [Go], Will be Delivered
    • 34. Tips and Tricks
      GPO Settings Supersede GPP Settings
    • 35. Discussion
    • 36. Thank You!!

    ×