Your SlideShare is downloading. ×
0
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
CTU June 2011 - Guided Hands on Lab on GPO - GPP
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CTU June 2011 - Guided Hands on Lab on GPO - GPP

1,457

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,457
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Guide class to login to Physical Host and launch Hyper-VAccessing to the Hyper-V VMsLogin to the VM using the Domain Admin AccountsDomain Admin: AdministratorDomain Account: CTUUser01CTUUser02Domain Groups:CTU_LocalAdminCTU_Users
  • To show that for certain OU, one cannot link GPO to it.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User un-able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Mention that DNS must be able to resolve properly too!But DNS is very critical for GPO to function properly
  • Work together with class on how to configure this GPO and apply.And show what is the end resultExpected Result:User able to insert another domain group to the local machine administrators group.User able to add another domain account to the local machine administrators group.
  • Create Batch file containing following line to perform the action to remove the registry keyREG DELETE "HKLM\\SOFTWARE\\Microsoft\\Group Policy\\Client\\RunOnce" /va
  • Transcript

    • 1. Guided Hands-On Lab on GPO-GPP<br />Presenter Tan Chee<br />Title MVP in GPO<br />Event CTU 2011 June<br />Date 25th June 2011<br />
    • 2. Guided HOL on GPO-GPP<br />Getting Familiarize with the HOL Setup<br />HOL Session #1 – Restricted Group (GPO & GPP)<br />HOL Session #2 – Deployment of TCPIP Printer (GPO & GPP)<br />HOL Session #3 – Managing Office 2010 settings (GPO)<br />HOL Session #4 – WMI Filter<br />HOL Session #5 – Basic Troubleshooting<br />Tips and Tricks plus Discussion (Sharing Experience)<br />Agenda<br />
    • 3. Getting Familiarize with the HOL Setup<br />The Setup<br />Virtual Machines (Hyper-V): Private Network<br />Domain Name: ONPREM.LOCAL<br />Physical Host<br />
    • 4. Quick Walk Through on the HOL Setup<br />
    • 5. Getting Ready<br />Under “START” > “Administrative Tools”<br />Start “Active Directory Users and Computers” Console<br />Understand the OU structure<br />Understand where is the User Objects<br />Understand where is the Computer Objects<br />Start “Group Policy Management” Console<br />Start “Active Directory Sites and Services” Console (For manual replication)<br />DC1.onprem.local (Domain Controller)<br />
    • 6. OU Structure and Dummy Accounts<br />
    • 7. GPMC<br />OU that cannot link GPO to<br />
    • 8. Getting Ready<br />Login as Domain Admin<br />Open Command Prompt<br />Get ready to run following commands<br />GPUPDATE /FORCE<br />You may be required to login as CTUUSER01 in later part<br />Client1.onprem.local (Domain Machine)<br />
    • 9. HOL Session #1 – Restricted Group (GPO)<br />
    • 10. HOL Session #1<br />Restrict adding of members to local administrators group<br />Insertion of Domain Group to be a member of local administrators group<br />Restricted Group through GPO<br />
    • 11. HOL #1a - Restrict adding of members to local machine administrators group<br />
    • 12. HOL Session #1a<br />On DC1.onprem.local (Domain Controller)<br />Start GPMC<br />Create and Configure GPO – “CTU_Restricted_Group”<br />Link the GPO to the OU containing Computer – “Client1”<br />On Client1.onprem.local (Client Machine)<br />Under “local users and groups” > “Groups”, try adding “CTUUser01” to “Administrators” group.<br />Then under command prompt, run “GPUPDATE /FORCE”<br />Restrict adding of members to local machine administrators group<br />
    • 13. HOL Session #1a<br />Expected Result:<br />User able to insert another domain group to the local machine administrators group.<br />User un-able to add another domain account to the local machine administrators group.<br />Restrict adding of members to local machine administrators group<br />
    • 14. HOL #1b - Insert Domain Group to be a member of local machine administrators group<br />
    • 15. HOL Session #1b<br />On DC1.onprem.local (Domain Controller)<br />Start GPMC<br />Create and Configure GPO – “CTU_Inject_LocalAdmin”<br />Link the GPO to the OU containing Computer – “Client1”<br />On Client1.onprem.local (Client Machine)<br />Under “local users and groups” > “Groups”, try adding “CTUUser01” to “Administrators” group.<br />Then under command prompt, run “GPUPDATE /FORCE”<br />Insert Domain Group to be a member of local machine administrators group<br />
    • 16. HOL Session #1b<br />Expected Result:<br />User able to insert another domain group to the local machine administrators group.<br />User able to add another domain account to the local machine administrators group.<br />Insert Domain Group to be a member of local machine administrators group<br />
    • 17. HOL #1c – Managing Local Machine Administrators Group using GPP<br />
    • 18. GPP contain similar settings? Yes!<br />
    • 19. HOL #1c – Managing Local Machine Administrators Group using GPP<br />DEMO<br />
    • 20. HOL Session #2 – Deployment of TCPIP Printer (GPO & GPP)<br />
    • 21. Getting Ready<br />On DC1.onprem.local<br />Print Service (Add Role)<br />Add Printer Drivers (Both x64 and x86)<br />Share out the Printer (192.168.1.40 – CTU Printer)<br />Create and Configure GPO – “CTU_Deploy_Printer”<br />Link the GPO to the OU containing Computer<br />On Client machine, under command prompt, run “GPUPDATE /FORCE<br />Deployment of TCPIP Printer (GPO & GPP)<br />
    • 22. Deployment of TCPIP Printer (GPO & GPP)<br />Printer Driver (32bit and 64bit)<br />GPO Setting – Computer Configuration > Administrative Templates > Printers > Point and Print Restrictions: Enabled<br />Impact to Boot Up<br />Through Computer or User GPP?<br />Pointers to take note<br />
    • 23. HOL Session #3 – Managing Office 2011 settings (GPO)<br />
    • 24. Getting Ready<br />On DC1.onprem.local<br />Create and Configure GPO – “CTU_Office2010”<br />Import GPO template files for Office 2010<br />Note that the settings are under User Configuration<br />Link the GPO to the OU containing Users – “CTUUser01”<br />Managing Office 2011 settings (GPO)<br />
    • 25. Setting to Try<br />Configure as following.<br />On Client, Login as CTUUser01 to verify setting is applied.<br />Default Font Name, Size<br />
    • 26. HOL Session #4 – WMI Filter<br />DEMO<br />
    • 27. WMI Filter (GPO)<br />Useful to target GPO for Machine running different OS under same OU.<br />Demo on how to import and apply WMI Filter<br />
    • 28. HOL Session #5 – Basic Troubleshooting Relates to GPO<br />
    • 29. Basic Troubleshooting<br />On Client machine (Login with Domain account)<br />Event Viewer of Client<br />Run Command Line – GPRESULT /H <Filename>.html<br />On Domain Controller<br />Use GPMC to generate a Group Policy Result<br />
    • 30. Requirement for GPMC Group Policy Results Wizard to work <br />WMI service on target must be running<br />Firewall port must open for WMI (Predefined Program)<br />
    • 31. Tips and Tricks plus Discussion!!<br />
    • 32. Tips and Tricks<br />In Client Machine, Remove the following registry key and run GP update, the GPP that is configured as Apply Once Only will apply again.<br />HKLMSOFTWAREMicrosoftGroup PolicyClientRunOnce<br />GPP – Apply Once Only? <br />
    • 33. Tips and Tricks<br />GPP – Settings with Red and Green Underline – What does it mean?<br />Red – [No Go], Will not Deliver<br />Green – [Go], Will be Delivered<br />
    • 34. Tips and Tricks<br />GPO Settings Supersede GPP Settings<br />
    • 35. Discussion<br />
    • 36. Thank You!!<br />

    ×