Rob Dunn, profile picture
Uploaded byRob Dunn
PPTX, PDF5,906 views

Useful Group Policy Concepts

The document provides an overview of Group Policy, its management, and useful tips for configuring settings via Active Directory. It covers various aspects including Group Policy Objects (GPOs), their application order, software restriction policies, and the use of PowerShell for managing GPOs. Additionally, it discusses the importance of Group Policy Preferences and loopback processing for terminal services, emphasizing best practices for security and management.

Embed presentation

Downloaded 299 times
USEFUL GROUP POLICY CONCEP TS A random collection of some helpful tips. Let’s start with a review!
Review: What is Group Policy? Group Policy provides the centralized management and configuration of Operating Systems, Apps, and user settings via Active Directory. Set Screensaver timeout
Review: What are GPO’s good for? You can tweak things like: Password complexity settings Screensaver timeouts File/Folder Permisisons Web browser settings WiFi profiles Application-specific settings What a user can and cannot access (regedit.exe, cmd.exe, OS features) Networking characteristics Windows Update settings And much, much more!
Managing Group Policies Open Group Policy Management Console (GPMC) from your Domain Controller Or Install the Remote Server Administration Toolkit (RSAT) on your Windows client OS Windows 10 build >= 9926: http://www.microsoft.com/en- us/download/details.aspx?id=45520 Windows 8.1: http://www.microsoft.com/en-us/download/details.aspx?id=39296 Windows 8: http://www.microsoft.com/en-us/download/details.aspx?id=28972 Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887 Windows Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
Managing Group Policies
Review: What exactly are Group Policy Objects?  Group Policy Objects (GPO’s) are settings & definitions which reside on your domain controllers and replicate via DFS and FRS, stored in the sysvol folder.  These GPO’s contain settings which can manipulate a computer’s or user’s configuration/experience – as such, the settings are broken into ‘Computer Configuration’ and ‘User Configuration.’  GPO’s are then associated (aka ‘linked’) to Organizational Units (OU’s) in Active Directory. Any user or computer object in the OU tree will apply the settings from those GPO’s by default.  You can link one GPO to many OU’s if desired.  You can allow or disallow GPO application per user/computer/group by way of Security Filtering.
Review: The order in which GPO’s are applied 1. Local computer policy (gpedit.msc) 2. Site 3. Domain 4. OU 5. Child OU (highest priority) Things change a bit if you right-click and ‘enforce’ group policies – The order of precedence now favors the enforced policy.
Review: When Group Policies are Applied  By default they refresh at around 90 minutes for workstations and 5 minutes for domain controllers.  They are also processed at bootup/logon.  You can force a refresh by running GPUpdate /force from an elevated command prompt  You can also force a refresh from the GPMC or ADUC if you are running Windows 8 or Server 2012 (SpecOps makes a tool for this as well that works with Windows 7). http://www.specopssoft.com/product/specops-gpupdate/
Review: Getting started with Group Policy? 1. Create a new OU 2. Move a computer/user object into the OU 3. Create a new GPO, make a change 4. Link the new GPO to your test OU. Starter tips:  Don’t modify the default domain policy (DDP) – use only for account security settings.  Don’t move your domain controllers out of the ‘Domain Controllers’ OU Nifty online reference for GPO settings: http://gpsearch.azurewebsites.net
SOFTWARE RESTRICTIONS Yes, you don’t need to open that email from george32426@earthlink.com. Really.
Stopping your users from running “junk” Software Restriction Policies  Allow or disallow certain programs from being run on your domain computers  Users will receive a “helpful” popup telling them that their application has been blocked  Event log entry 866 is generated
Software Restriction Policies: How they work Block or approve applications based on file hash, path, or folder name. Decent start for preliminary defense against malware like Cryptolocker. AppLocker is the next generation of SRP, found on Windows Ultimate & Enterprise (and Server).
Software Restriction Policies: Blacklist or Whitelist? You maintain a list of applications that are not OK to run. Everything else is allowed to execute. Good for when you need to block one or two problem apps in your environment. Easier to introduce/implement. This is tedious. Configure under Computer ConfigurationPoliciesWindows SettingsSoftware Restriction PoliciesUnrestricted You maintain a list of applications that are approved* to run. Everything else is not allowed to execute. The whitelist will set up a default set of applications that Windows needs to operate. Requires extensive testing to make sure everything works as expected. Best for overall system security. Configure under Computer ConfigurationPoliciesWindows SettingsSoftware Restriction PoliciesDisallowed Blacklisting Whitelisting
Software Restriction Policies - where to find them In your GPMC, head to: Computer or User ConfigurationPoliciesWindows SettingsSecurity SettingsSoftware Restriction Policies
GROUP POLICY PREFERENCES Do you have a moment to talk about our savior, Group Policy Preferences?
Group Policy Preferences (GPP)  Printers & Mapped Drives  ODBC Data Sources  Modify local user groups  Power Plans  Scheduled Tasks & Services  Copy, Update or Remove Files/Folders  Application Shortcuts  Registry Entries  Etc.
Group Policy Preferences – where to find them  Head to ‘Computer’ or ‘User Configuration’Preferences in your GPMC.
Item Level Targeting: Granular Preferences Deployment of preferences and configs to computers & users based upon very specific criteria: Examples:  If a computer has a battery  If a user is or is not a member of a security group  If a computer has a specific IP address  If an object is a member of a particular OU Etc.  Or a combination of the above!
Group Policy Preferences Console Shortcuts • F5 – applies all visible options (green) • F6 – applies only the option that currently has focus (green) • F7 – does not apply the option that currently has focus (dashed red) • F8 – does not apply all visible options (dashed red) Extremely useful if you only want to configure a single preference out of a large grouping.
LOOPBACK POLICIES Perfect for Terminal/Citrix servers…
What do Loopback Policies do?  These are policies where you can configure user based configurations on computer objects.  I.e. lock out user access to certain items or perhaps set application specific settings only when they log into a particular computer.  Great for Kiosk/Terminal/Citrix other shared computers where every user must have the same experience on a specific computer.
How to set up a Loopback Policy 1. Set up a group policy as you normally would, configuring items under ‘User Configuration.’ A good start would be to lock out certain desktop items. 2. Under ‘Computer Configuration,’ modify ‘Configure user Group Policy loopback processing mode’ under Windows SettingsAdministrative TemplatesSystemGroup Policy. 3. Enable ‘Replace’ mode to start with. ‘Merge’ takes longer to process and may produce unexpected results if you’re just starting out. 4. Link group policy to OU where computer object resides. 5. Log in and enjoy!
POWERSHELL AND GROUP POLICY
Working with GPOs in PowerShell: What you need  Windows 7 or better: RSAT (Remote Server Administration Tools) -or-  Server 2008 R2 member server or better: with the GPMC (Group Policy Management Console) installed -or-  Server 2008 R2 Domain Controller or better At least PowerShell 2.0 (this comes with Windows 7/Server 2008 R2) Must Have AND
When performing ‘administrative-like’ duties in PowerShell, always right-click and run PowerShell as an administrator. The more you know…
Starter cmdlets  Get-GPO  Get-GPOReport  Backup/Restore-GPO  Get-GPResultantSetOfPolicy (like ‘GPResult /h’)  Set-GPLink
Backup your GPO Example of output: DisplayName : Computer Policy - Test GpoId : a4bafa8d-a66d-4b08-a433-01e79086e08b Id : 004c5691-45a3-47f5-a556-77b5fb7d4109 BackupDirectory : c:temp CreationTime : 4/28/2015 10:44:26 PM DomainName : lnrdomain.local Comment : Backup-GPO –All –Path c:temp | out-file c:tempgpo-backups.txt
The ID from the Backup-GPO cmdlet output corresponds to the GPO directory names contained the backup folder. Backup your GPO
Restore your GPO This will restore the specified GPO via the ID back to your domain from the c:temp path. A couple things to note:  If you are restoring a GPO that was previously deleted, the restored GPO will NOT retain its original links in AD.  Restoring a GPO will restore the original GPO ID. However, when you run Backup-GPO again against this GPO, a new BackupID will be generated. Restore-GPO –BackupID 004c5691-45a3-47f5-a556-77b5fb7d4109 –Path c:temp
Get an output of all your Policy settings You can use the following PowerShell cmdlet to export the settings for all your domain policies: This is great for a reviewing all GPOs (grab a pot of coffee!), and looks similar to the ‘GPResult.exe’ HTML output.* You can also run this against a single policy: *Note that RSoP PowerShell cmdlet is Get- GPResultantSetOfPolicy Get-GPOReport –All –ReportType Html –Path “c:tempgpo-output.html” Get-GPOReport -Name “Computer Policy – Test” –Path “c:tempcp- test.html”
For more information relating to PowerShell and GPO’s… Use PowerShell to find more cmdlets relating to Group Policy… Want to know more about a specific cmdlet? Type the following: If you have PowerShell 3.0 or better, you can do this… Get-Help Get-GPO #<-- Or whatever cmdlet you want to know about Get-Help Get-GPO -ShowWindow Get-Command –Noun “GP*”
Useful Group Policy Concepts

More Related Content

PPT
Group policy objects
byMianMuhammadMuaz
 
PPTX
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
byMd. Abdul Barek
 
PPT
Chapter03 Creating And Managing User Accounts
byRaja Waseem Akhtar
 
PPT
Chapter09 Implementing And Using Group Policy
byRaja Waseem Akhtar
 
PPT
Windows Security in Operating System
byMeghaj Mallick
 
PPTX
Introduction to Active Directory
bythoms1i
 
PPTX
Windows server
byHideo Amezawa
 
PPTX
windows-server- 2019 installing and configuring
byapel7
 
Group policy objects
byMianMuhammadMuaz
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
byMd. Abdul Barek
 
Chapter03 Creating And Managing User Accounts
byRaja Waseem Akhtar
 
Chapter09 Implementing And Using Group Policy
byRaja Waseem Akhtar
 
Windows Security in Operating System
byMeghaj Mallick
 
Introduction to Active Directory
bythoms1i
 
Windows server
byHideo Amezawa
 
windows-server- 2019 installing and configuring
byapel7
 

What's hot

PPTX
Group policy management window server 2008r2
byIGZ Software house
 
PPTX
Microsoft Active Directory.pptx
bymasbulosoke
 
PPTX
Linux User Management
byGaurav Mishra
 
PPSX
User Administration in Linux
bySAMUEL OJO
 
PPTX
1 introduction to windows server 2016
byHameda Hurmat
 
PPTX
10 implementing GPOs
byHameda Hurmat
 
PDF
Users and groups in Linux
byKnoldus Inc.
 
PPT
Microsoft Active Directory
bythebigredhemi
 
PPTX
User management
byMufaddal Haidermota
 
PPTX
Group policy Best Practices
byRob Dunn
 
PDF
File System Hierarchy
bysritolia
 
PPTX
What is active directory
byAdeel Khurram
 
PPT
active-directory-domain-services
by202066
 
PPT
2.1 users & groups
byMuuluu
 
PPTX
Group policy preferences
byRob Dunn
 
PPT
Active directory
bydeshvikas
 
PPT
Active Directory Training
byNishad Sukumaran
 
PPT
Dns
bySanoj Kumar
 
PPT
DHCP
byKashif Latif
 
PPTX
Active Directory Domain Services.pptx
bysyedasadraza13
 
Group policy management window server 2008r2
byIGZ Software house
 
Microsoft Active Directory.pptx
bymasbulosoke
 
Linux User Management
byGaurav Mishra
 
User Administration in Linux
bySAMUEL OJO
 
1 introduction to windows server 2016
byHameda Hurmat
 
10 implementing GPOs
byHameda Hurmat
 
Users and groups in Linux
byKnoldus Inc.
 
Microsoft Active Directory
bythebigredhemi
 
User management
byMufaddal Haidermota
 
Group policy Best Practices
byRob Dunn
 
File System Hierarchy
bysritolia
 
What is active directory
byAdeel Khurram
 
active-directory-domain-services
by202066
 
2.1 users & groups
byMuuluu
 
Group policy preferences
byRob Dunn
 
Active directory
bydeshvikas
 
Active Directory Training
byNishad Sukumaran
 
Dns
bySanoj Kumar
 
DHCP
byKashif Latif
 
Active Directory Domain Services.pptx
bysyedasadraza13
 

Similar to Useful Group Policy Concepts

PPTX
Group Policy Windows Server 2008
byUnitek Eduation
 
PPTX
A.Group Policy and group policy obj.pptx
byRosannaFranciscoFlor
 
PPTX
Microsoft Offical Course 20410C_11
bygameaxt
 
DOC
Window 2003 server group policy AD
bysentmery5
 
PPT
Ad group policy1
bydenogx
 
PPT
70 640 Lesson07 Ppt 041009
byCoffeyville Community College
 
PPT
Understanding Group Policy Object Windows Server
byAndikSusilo4
 
PDF
Windows server 2012 and group policy
byRavi Kumar Lanke
 
PPTX
Securing Windows with Group Policy
byJosh Rickard
 
PPT
Configuring Windows Using Group Policy.ppt
bysudsdeep
 
PDF
Group Policy
byChris Watson
 
PPTX
Windows 7 Manageability Solutions
byMicrosoft TechNet
 
DOCX
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Co.docx
bygerardkortney
 
PPTX
Domain wide organisation policy
byEmmanuel Oshogwe Akpeokhai
 
PPTX
How To Troubleshoot Group Policy in Windows 10
byGlobal Knowledge Training
 
PPTX
Win Connections Group Policy Changes ( Harold W)
byHarold Wong
 
PPTX
Win Connections Group Policy Changes (Harold W)
byHarold Wong
 
PPTX
12 Securing Windows Servers by Using Group Policy Objects.pptx
byHassanAhmadAbubakar1
 
PPT
Network Implementation and Support Lesson 09 Group Policy - Eric Vanderburg
byEric Vanderburg
 
PPT
Mcts chapter 7
bySadegh Nakhjavani
 
Group Policy Windows Server 2008
byUnitek Eduation
 
A.Group Policy and group policy obj.pptx
byRosannaFranciscoFlor
 
Microsoft Offical Course 20410C_11
bygameaxt
 
Window 2003 server group policy AD
bysentmery5
 
Ad group policy1
bydenogx
 
70 640 Lesson07 Ppt 041009
byCoffeyville Community College
 
Understanding Group Policy Object Windows Server
byAndikSusilo4
 
Windows server 2012 and group policy
byRavi Kumar Lanke
 
Securing Windows with Group Policy
byJosh Rickard
 
Configuring Windows Using Group Policy.ppt
bysudsdeep
 
Group Policy
byChris Watson
 
Windows 7 Manageability Solutions
byMicrosoft TechNet
 
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Co.docx
bygerardkortney
 
Domain wide organisation policy
byEmmanuel Oshogwe Akpeokhai
 
How To Troubleshoot Group Policy in Windows 10
byGlobal Knowledge Training
 
Win Connections Group Policy Changes ( Harold W)
byHarold Wong
 
Win Connections Group Policy Changes (Harold W)
byHarold Wong
 
12 Securing Windows Servers by Using Group Policy Objects.pptx
byHassanAhmadAbubakar1
 
Network Implementation and Support Lesson 09 Group Policy - Eric Vanderburg
byEric Vanderburg
 
Mcts chapter 7
bySadegh Nakhjavani
 

Recently uploaded

PDF
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PDF
Learn about the AI revolution in 2026.pdf
byrokoy68327
 
PDF
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PDF
January Patch Tuesday
byIvanti
 
PDF
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
byAtal Networks
 
PDF
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
PDF
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PDF
XonTel Plus IP-PBX Business Phone System
byXonTel Technology
 
PDF
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
PPTX
congo red stain nd PAS STAIN histopathology
bybushrariaz1240
 
PPTX
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PDF
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
Learn about the AI revolution in 2026.pdf
byrokoy68327
 
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
January Patch Tuesday
byIvanti
 
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
byAtal Networks
 
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
XonTel Plus IP-PBX Business Phone System
byXonTel Technology
 
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
congo red stain nd PAS STAIN histopathology
bybushrariaz1240
 
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 

Useful Group Policy Concepts

  • 1.
    USEFUL GROUP POLICY CONCEP TS A random collectionof some helpful tips. Let’s start with a review!
  • 2.
    Review: What isGroup Policy? Group Policy provides the centralized management and configuration of Operating Systems, Apps, and user settings via Active Directory. Set Screensaver timeout
  • 3.
    Review: What areGPO’s good for? You can tweak things like: Password complexity settings Screensaver timeouts File/Folder Permisisons Web browser settings WiFi profiles Application-specific settings What a user can and cannot access (regedit.exe, cmd.exe, OS features) Networking characteristics Windows Update settings And much, much more!
  • 4.
    Managing Group Policies OpenGroup Policy Management Console (GPMC) from your Domain Controller Or Install the Remote Server Administration Toolkit (RSAT) on your Windows client OS Windows 10 build >= 9926: http://www.microsoft.com/en- us/download/details.aspx?id=45520 Windows 8.1: http://www.microsoft.com/en-us/download/details.aspx?id=39296 Windows 8: http://www.microsoft.com/en-us/download/details.aspx?id=28972 Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887 Windows Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
  • 5.
  • 6.
    Review: What exactlyare Group Policy Objects?  Group Policy Objects (GPO’s) are settings & definitions which reside on your domain controllers and replicate via DFS and FRS, stored in the sysvol folder.  These GPO’s contain settings which can manipulate a computer’s or user’s configuration/experience – as such, the settings are broken into ‘Computer Configuration’ and ‘User Configuration.’  GPO’s are then associated (aka ‘linked’) to Organizational Units (OU’s) in Active Directory. Any user or computer object in the OU tree will apply the settings from those GPO’s by default.  You can link one GPO to many OU’s if desired.  You can allow or disallow GPO application per user/computer/group by way of Security Filtering.
  • 7.
    Review: The orderin which GPO’s are applied 1. Local computer policy (gpedit.msc) 2. Site 3. Domain 4. OU 5. Child OU (highest priority) Things change a bit if you right-click and ‘enforce’ group policies – The order of precedence now favors the enforced policy.
  • 8.
    Review: When GroupPolicies are Applied  By default they refresh at around 90 minutes for workstations and 5 minutes for domain controllers.  They are also processed at bootup/logon.  You can force a refresh by running GPUpdate /force from an elevated command prompt  You can also force a refresh from the GPMC or ADUC if you are running Windows 8 or Server 2012 (SpecOps makes a tool for this as well that works with Windows 7). http://www.specopssoft.com/product/specops-gpupdate/
  • 9.
    Review: Getting startedwith Group Policy? 1. Create a new OU 2. Move a computer/user object into the OU 3. Create a new GPO, make a change 4. Link the new GPO to your test OU. Starter tips:  Don’t modify the default domain policy (DDP) – use only for account security settings.  Don’t move your domain controllers out of the ‘Domain Controllers’ OU Nifty online reference for GPO settings: http://gpsearch.azurewebsites.net
  • 10.
    SOFTWARE RESTRICTIONS Yes, you don’tneed to open that email from george32426@earthlink.com. Really.
  • 11.
    Stopping your usersfrom running “junk” Software Restriction Policies  Allow or disallow certain programs from being run on your domain computers  Users will receive a “helpful” popup telling them that their application has been blocked  Event log entry 866 is generated
  • 12.
    Software Restriction Policies: Howthey work Block or approve applications based on file hash, path, or folder name. Decent start for preliminary defense against malware like Cryptolocker. AppLocker is the next generation of SRP, found on Windows Ultimate & Enterprise (and Server).
  • 13.
    Software Restriction Policies: Blacklistor Whitelist? You maintain a list of applications that are not OK to run. Everything else is allowed to execute. Good for when you need to block one or two problem apps in your environment. Easier to introduce/implement. This is tedious. Configure under Computer ConfigurationPoliciesWindows SettingsSoftware Restriction PoliciesUnrestricted You maintain a list of applications that are approved* to run. Everything else is not allowed to execute. The whitelist will set up a default set of applications that Windows needs to operate. Requires extensive testing to make sure everything works as expected. Best for overall system security. Configure under Computer ConfigurationPoliciesWindows SettingsSoftware Restriction PoliciesDisallowed Blacklisting Whitelisting
  • 14.
    Software Restriction Policies- where to find them In your GPMC, head to: Computer or User ConfigurationPoliciesWindows SettingsSecurity SettingsSoftware Restriction Policies
  • 15.
    GROUP POLICY PREFERENCES Do youhave a moment to talk about our savior, Group Policy Preferences?
  • 16.
    Group Policy Preferences(GPP)  Printers & Mapped Drives  ODBC Data Sources  Modify local user groups  Power Plans  Scheduled Tasks & Services  Copy, Update or Remove Files/Folders  Application Shortcuts  Registry Entries  Etc.
  • 17.
    Group Policy Preferences– where to find them  Head to ‘Computer’ or ‘User Configuration’Preferences in your GPMC.
  • 18.
    Item Level Targeting:Granular Preferences Deployment of preferences and configs to computers & users based upon very specific criteria: Examples:  If a computer has a battery  If a user is or is not a member of a security group  If a computer has a specific IP address  If an object is a member of a particular OU Etc.  Or a combination of the above!
  • 20.
    Group Policy Preferences ConsoleShortcuts • F5 – applies all visible options (green) • F6 – applies only the option that currently has focus (green) • F7 – does not apply the option that currently has focus (dashed red) • F8 – does not apply all visible options (dashed red) Extremely useful if you only want to configure a single preference out of a large grouping.
  • 21.
  • 22.
    What do LoopbackPolicies do?  These are policies where you can configure user based configurations on computer objects.  I.e. lock out user access to certain items or perhaps set application specific settings only when they log into a particular computer.  Great for Kiosk/Terminal/Citrix other shared computers where every user must have the same experience on a specific computer.
  • 23.
    How to setup a Loopback Policy 1. Set up a group policy as you normally would, configuring items under ‘User Configuration.’ A good start would be to lock out certain desktop items. 2. Under ‘Computer Configuration,’ modify ‘Configure user Group Policy loopback processing mode’ under Windows SettingsAdministrative TemplatesSystemGroup Policy. 3. Enable ‘Replace’ mode to start with. ‘Merge’ takes longer to process and may produce unexpected results if you’re just starting out. 4. Link group policy to OU where computer object resides. 5. Log in and enjoy!
  • 24.
  • 25.
    Working with GPOsin PowerShell: What you need  Windows 7 or better: RSAT (Remote Server Administration Tools) -or-  Server 2008 R2 member server or better: with the GPMC (Group Policy Management Console) installed -or-  Server 2008 R2 Domain Controller or better At least PowerShell 2.0 (this comes with Windows 7/Server 2008 R2) Must Have AND
  • 26.
    When performing ‘administrative-like’duties in PowerShell, always right-click and run PowerShell as an administrator. The more you know…
  • 27.
    Starter cmdlets  Get-GPO Get-GPOReport  Backup/Restore-GPO  Get-GPResultantSetOfPolicy (like ‘GPResult /h’)  Set-GPLink
  • 28.
    Backup your GPO Exampleof output: DisplayName : Computer Policy - Test GpoId : a4bafa8d-a66d-4b08-a433-01e79086e08b Id : 004c5691-45a3-47f5-a556-77b5fb7d4109 BackupDirectory : c:temp CreationTime : 4/28/2015 10:44:26 PM DomainName : lnrdomain.local Comment : Backup-GPO –All –Path c:temp | out-file c:tempgpo-backups.txt
  • 29.
    The ID fromthe Backup-GPO cmdlet output corresponds to the GPO directory names contained the backup folder. Backup your GPO
  • 30.
    Restore your GPO Thiswill restore the specified GPO via the ID back to your domain from the c:temp path. A couple things to note:  If you are restoring a GPO that was previously deleted, the restored GPO will NOT retain its original links in AD.  Restoring a GPO will restore the original GPO ID. However, when you run Backup-GPO again against this GPO, a new BackupID will be generated. Restore-GPO –BackupID 004c5691-45a3-47f5-a556-77b5fb7d4109 –Path c:temp
  • 31.
    Get an outputof all your Policy settings You can use the following PowerShell cmdlet to export the settings for all your domain policies: This is great for a reviewing all GPOs (grab a pot of coffee!), and looks similar to the ‘GPResult.exe’ HTML output.* You can also run this against a single policy: *Note that RSoP PowerShell cmdlet is Get- GPResultantSetOfPolicy Get-GPOReport –All –ReportType Html –Path “c:tempgpo-output.html” Get-GPOReport -Name “Computer Policy – Test” –Path “c:tempcp- test.html”
  • 32.
    For more informationrelating to PowerShell and GPO’s… Use PowerShell to find more cmdlets relating to Group Policy… Want to know more about a specific cmdlet? Type the following: If you have PowerShell 3.0 or better, you can do this… Get-Help Get-GPO #<-- Or whatever cmdlet you want to know about Get-Help Get-GPO -ShowWindow Get-Command –Noun “GP*”