• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
CTU June 2011 - Guided Hands on Lab on GPO - GPP
 

CTU June 2011 - Guided Hands on Lab on GPO - GPP

on

  • 1,680 views

 

Statistics

Views

Total Views
1,680
Views on SlideShare
1,536
Embed Views
144

Actions

Likes
0
Downloads
21
Comments
0

6 Embeds 144

http://innovativesingapore.com 99
url_unknown 26
http://spiffy.sg 16
http://www.slideshare.net 1
http://www.spiffy.sg 1
http://spiffy1.capturepagedesigns.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Guide class to login to Physical Host and launch Hyper-VAccessing to the Hyper-V VMsLogin to the VM using the Domain Admin AccountsDomain Admin: AdministratorDomain Account: CTUUser01CTUUser02Domain Groups:CTU_LocalAdminCTU_Users
  • To show that for certain OU, one cannot link GPO to it.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User un-able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Mention that DNS must be able to resolve properly too!But DNS is very critical for GPO to function properly
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Create Batch file containing following line to perform the action to remove the registry keyREG DELETE "HKLM\\SOFTWARE\\Microsoft\\Group Policy\\Client\\RunOnce" /va

CTU June 2011 - Guided Hands on Lab on GPO - GPP CTU June 2011 - Guided Hands on Lab on GPO - GPP Presentation Transcript

  • Guided Hands-On Lab on GPO-GPP
    Presenter Tan Chee
    Title MVP in GPO
    Event CTU 2011 June
    Date 25th June 2011
  • Guided HOL on GPO-GPP
    Getting Familiarize with the HOL Setup
    HOL Session #1 – Restricted Group (GPO & GPP)
    HOL Session #2 – Deployment of TCPIP Printer (GPO & GPP)
    HOL Session #3 – Managing Office 2010 settings (GPO)
    HOL Session #4 – WMI Filter
    HOL Session #5 – Basic Troubleshooting
    Tips and Tricks plus Discussion (Sharing Experience)
    Agenda
  • Getting Familiarize with the HOL Setup
    The Setup
    Virtual Machines (Hyper-V): Private Network
    Domain Name: ONPREM.LOCAL
    Physical Host
  • Quick Walk Through on the HOL Setup
  • Getting Ready
    Under “START” > “Administrative Tools”
    Start “Active Directory Users and Computers” Console
    Understand the OU structure
    Understand where is the User Objects
    Understand where is the Computer Objects
    Start “Group Policy Management” Console
    Start “Active Directory Sites and Services” Console (For manual replication)
    DC1.onprem.local (Domain Controller)
  • OU Structure and Dummy Accounts
  • GPMC
    OU that cannot link GPO to
  • Getting Ready
    Login as Domain Admin
    Open Command Prompt
    Get ready to run following commands
    GPUPDATE /FORCE
    You may be required to login as CTUUSER01 in later part
    Client1.onprem.local (Domain Machine)
  • HOL Session #1 – Restricted Group (GPO)
  • HOL Session #1
    Restrict adding of members to local administrators group
    Insertion of Domain Group to be a member of local administrators group
    Restricted Group through GPO
  • HOL #1a - Restrict adding of members to local machine administrators group
  • HOL Session #1a
    On DC1.onprem.local (Domain Controller)
    Start GPMC
    Create and Configure GPO – “CTU_Restricted_Group”
    Link the GPO to the OU containing Computer – “Client1”
    On Client1.onprem.local (Client Machine)
    Under “local users and groups” > “Groups”, try adding “CTUUser01” to “Administrators” group.
    Then under command prompt, run “GPUPDATE /FORCE”
    Restrict adding of members to local machine administrators group
  • HOL Session #1a
    Expected Result:
    User able to insert another domain group to the local machine administrators group.
    User un-able to add another domain account to the local machine administrators group.
    Restrict adding of members to local machine administrators group
  • HOL #1b - Insert Domain Group to be a member of local machine administrators group
  • HOL Session #1b
    On DC1.onprem.local (Domain Controller)
    Start GPMC
    Create and Configure GPO – “CTU_Inject_LocalAdmin”
    Link the GPO to the OU containing Computer – “Client1”
    On Client1.onprem.local (Client Machine)
    Under “local users and groups” > “Groups”, try adding “CTUUser01” to “Administrators” group.
    Then under command prompt, run “GPUPDATE /FORCE”
    Insert Domain Group to be a member of local machine administrators group
  • HOL Session #1b
    Expected Result:
    User able to insert another domain group to the local machine administrators group.
    User able to add another domain account to the local machine administrators group.
    Insert Domain Group to be a member of local machine administrators group
  • HOL #1c – Managing Local Machine Administrators Group using GPP
  • GPP contain similar settings? Yes!
  • HOL #1c – Managing Local Machine Administrators Group using GPP
    DEMO
  • HOL Session #2 – Deployment of TCPIP Printer (GPO & GPP)
  • Getting Ready
    On DC1.onprem.local
    Print Service (Add Role)
    Add Printer Drivers (Both x64 and x86)
    Share out the Printer (192.168.1.40 – CTU Printer)
    Create and Configure GPO – “CTU_Deploy_Printer”
    Link the GPO to the OU containing Computer
    On Client machine, under command prompt, run “GPUPDATE /FORCE
    Deployment of TCPIP Printer (GPO & GPP)
  • Deployment of TCPIP Printer (GPO & GPP)
    Printer Driver (32bit and 64bit)
    GPO Setting – Computer Configuration > Administrative Templates > Printers > Point and Print Restrictions: Enabled
    Impact to Boot Up
    Through Computer or User GPP?
    Pointers to take note
  • HOL Session #3 – Managing Office 2011 settings (GPO)
  • Getting Ready
    On DC1.onprem.local
    Create and Configure GPO – “CTU_Office2010”
    Import GPO template files for Office 2010
    Note that the settings are under User Configuration
    Link the GPO to the OU containing Users – “CTUUser01”
    Managing Office 2011 settings (GPO)
  • Setting to Try
    Configure as following.
    On Client, Login as CTUUser01 to verify setting is applied.
    Default Font Name, Size
  • HOL Session #4 – WMI Filter
    DEMO
  • WMI Filter (GPO)
    Useful to target GPO for Machine running different OS under same OU.
    Demo on how to import and apply WMI Filter
  • HOL Session #5 – Basic Troubleshooting Relates to GPO
  • Basic Troubleshooting
    On Client machine (Login with Domain account)
    Event Viewer of Client
    Run Command Line – GPRESULT /H <Filename>.html
    On Domain Controller
    Use GPMC to generate a Group Policy Result
  • Requirement for GPMC Group Policy Results Wizard to work
    WMI service on target must be running
    Firewall port must open for WMI (Predefined Program)
  • Tips and Tricks plus Discussion!!
  • Tips and Tricks
    In Client Machine, Remove the following registry key and run GP update, the GPP that is configured as Apply Once Only will apply again.
    HKLMSOFTWAREMicrosoftGroup PolicyClientRunOnce
    GPP – Apply Once Only?
  • Tips and Tricks
    GPP – Settings with Red and Green Underline – What does it mean?
    Red – [No Go], Will not Deliver
    Green – [Go], Will be Delivered
  • Tips and Tricks
    GPO Settings Supersede GPP Settings
  • Discussion
  • Thank You!!