Configuration server 2008 70 640 course - chapter 6 group policy infrastructure


Published on

PowerPoint slides created for the Course Configuring Windows Server 2008 Active Directory for Instructor use. Exam: 70-640

Group policy infrastructure and policy inheritance is the main issues

Published in: Technology, News & Politics
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Configuration server 2008 70 640 course - chapter 6 group policy infrastructure

  1. 1. Configuring Windows Server 2008 Active Directory Chapter 6 – Group Policy Infrastructure NæringsAkademiet Fredrikstad Jørn Jensen -
  2. 2. Group Policy Group Policy provides an infrastructure within witch settings can be defined centrally and deployed to users and computers in the enterprise Well managed Group Policys means no need to touch the desktops Some Policy affect a user(User Policy) Some Policy affect a computer(Computer policy) Policy settings are defined and exist within a Group Policy object (GPO) GPO can be managed by using the Group Policy Management console (GPMC)
  3. 3. Policy settings A policy settings can have three states Not Configured Enabled Disabled All users and computers that is affected bye the policy is called the ”Scope og the GPO” GPO links – GPO can be linked to sites, domain and OU’s A single GPO can be linked to more than one site or OU Resultant Set of Policy(RSoP) describes the actuall policy the users receives and is the combination of all policyes that is applied to the user
  4. 4. Group Policy Refresh Computer Configuration Policy System startup and every 90-120 minutes thereafter User Configuration Policy At logon and every 90-120 minuts thereafter Gpupdate.exe – triggers a manual uppdate fo the policy’s Client Side Extensions (CSE) – processes on the client that apply the policies Group Policy Software Installation(GPSI) detects slow links and do not apply settings if the link is to slow
  5. 5. Local GPOs Local GPO that only affects the computer on wich the GPO is stored By default only the Security settings are configured on Local GPOs GPO settings configured for the domain wil override local GPO settings Use only when the computer are not connected to a domain, they are designed for non Domain enviroment
  6. 6. Domain Based GPOs Created in AD and stored on Domain Controllers Two default policys: Default Domain Policy Affects all Default Domain Controllers Policy Affects only domain controller • Additional GPO’s are linked to containers • GPO consists of two components: • Group Policy Container(GPC) – The AD component stored in AS • Group Policy Template (GPT) – The actually stored policy files thaht is updated when you change a policy
  7. 7. Administrative templates Can be downloaded from Microsoft download for the most common applications and added to the GPO Added by using the Add/Remove templates from the GPO editor You can use Filter Options to filter and search for a specified policy you are looking for You create a new GPO with a starter GPO to prepopulate the settings
  8. 8. Managing Group Policy Scopes GPOs can be linked to one or more AD sites, domains og OU’s You can link the same GPO to multiple sites, OU’s and domains Policys precedence over each other, the lower the number the higher is the predence Number 1 will prevail over all other Default is: Sites Domains OU’s
  9. 9. Managing Group Policy Scopes (2) It is possible to block policy inheritance If you choose to enforce a GPO it vil prevail over all others, it takes the highest number of precedence It is possible to select certaing objects that the policy applies to in the Security filtering in the policy editor Use Advanced button under the Deleagation tab for advanced security administration You can use WMI (Windows Management Instrumentation) filter to create a script to apply a policy for certain OS versions etc. Loopback Policy Processing - often used for computers i public places  Replace – User settings in Computer Policy applies  Merge – Both will be merge, Computer policy have the precedence
  10. 10. Supporting group policy Server 2008 proved the following tools for permforming RSoP analysis: The Group Policy Results Wizard Creates a overview for a specific user The Group Policy Modeling Wizard Make a ”model” simulating the policy settings so that you can try it before implementation Gpresult.exe The command line utility for Group Policy Results wizard