Implementing Group Policy

ADVANTAGE PRO Chennais Premier Networking Training Center

Content
Creating and Configuring GPOs Configuring Group Policy Refresh Rates and Group Policy Settings Managing GPOs Verifying and Troubleshooting Group Policy Delegating Administrative Control of Group Policy Planning a Group Policy Strategy for Enterprise

ADVANTAGE PRO Chennais Premier Networking Training Center

GPO Components
Group Policy Object  Contains Group Policy Settings  Stores content in two locations -- Group Policy Container (GPC) -- Group Policy Template (GPT)

ADVANTAGE PRO Chennais Premier Networking Training Center

GPO Components
Group Policy Container (GPC)  It is an Active Directory object that contains GPO status.  Computer can access the GPC to locate GPT and DC can access the GPC to obtain Version information  Replication occurs to obtain the latest version of the GPO

ADVANTAGE PRO Chennais Premier Networking Training Center

GPO Components
Group Policy Template  It is a folder hierarchy in the shared SYSVOL folder on a DC.  It contains all Group Policy settings and information, including administrative templates, security, software installation, scripts and folder redirection.  It is identical to GUID that Active Directory users to identify the GPO in the GPC.
ADVANTAGE PRO Chennais Premier Networking Training Center

Installing Group Policy Management Console

Download the Group Policy Management Tool from internet. Run the EXE file which you have downloaded from the internet

ADVANTAGE PRO Chennais Premier Networking Training Center

Loop back Processing

Loop back processing applies the set of GPOs for the computer to any user who logs on, is affected by this settings. Loop back processing has two modes -- Replace Mode -- Merge Mode

ADVANTAGE PRO Chennais Premier Networking Training Center

Loop back Processing

Replace Mode  This mode replaces the users settings that are defined in computer GPOs.  Replace GPOs with the user settings that are normally applied to the user.

ADVANTAGE PRO Chennais Premier Networking Training Center

Loop back Processing

Merge Mode  This mode combines the user settings that are defined in computer GPOs and the users GPOs.  If conflict occurs, the user settings in the computers GPO take precedence over the users normal settings.

ADVANTAGE PRO Chennais Premier Networking Training Center

Order in which Group Policy Applied

When Computer Starts
 Computer settings applied  Startup Scripts runs

When User logs on

 User settings apllied  Logon scripts run

ADVANTAGE PRO Chennais Premier Networking Training Center

Assign Group Policy Script Settings

Procedure for Copying a Script

ADVANTAGE PRO Chennais Premier Networking Training Center

Refresh Group Policy using Gpupdate.exe

Procedure In the Run dialog box, type cmd and then press Enter Type Gpupdate [/target:{computer/user}] [/force] [/wait:vslue] [/logoff] [/boot]

ADVANTAGE PRO Chennais Premier Networking Training Center

Copy Operation
A copy of a GPO transfers only the settings within a GPO The new GPO is created unlinked When you copy a GPO from a domain to another, you must specify the mapping behavior.

ADVANTAGE PRO Chennais Premier Networking Training Center

Backup Operation
In a Backup operation, Group Policy Management export all data in the GPO to the selected file and saves the GPT files You can send backed-up GPO to folder by using a restore or import operation You can only restore a backed-up GPO to another domain by using an import operation.

ADVANTAGE PRO Chennais Premier Networking Training Center

Store a Backup
Identify each backed-up GPO by one of the following criteria GPO display name GPO GUID Description of the backup Date and time stamp of the backup Domain name

ADVANTAGE PRO Chennais Premier Networking Training Center

Restore Operation
In a restore operation, the contents of the GPO are returned to exactly the same state. You can restore exiting GPO or a deleted GPO that was backed up.

ADVANTAGE PRO Chennais Premier Networking Training Center

Common problems with imlementing Group Policy

SYMPTOM Cannot open a GPO CAUSE Read and Write permissions for the GPO are not signed A networking problem GPO are not applied to security groups

Cannot edit a GPO Cannot apply Group Policy on a security group No effect of Group Policy on a site, Group Policy settings are not configured correctly domain, or organizational unit No effect of Group Policy in an GPOs cannot be linked to Active Directory containers Active Directory container No effect of Group Policy on a client A non-local GPO can overwrite local polices computer

ADVANTAGE PRO Chennais Premier Networking Training Center

Group Policy Modeling

You can simulate a policy deployment for users and computers before applying the policies. This feature in Group Policy Management is known as Resultant Set of Policies(RSoP). To verify Group Policy settings, you must first create a Group Policy Query.

ADVANTAGE PRO Chennais Premier Networking Training Center

Delegation of GPOs
Delegate the ability to create GPOs: Add the group or user to the Group Policy Creator Owerns group. This only method is available prior to Group Policy Mangement. Explicity assign the group or user premission to create GPOs.

ADVANTAGE PRO Chennais Premier Networking Training Center

Delegation of GPOs
Delegate Permissions on a individual GPO: Read Edit settings Edit, Delete, Modify Security Read (from Security Filtering) Custom

ADVANTAGE PRO Chennais Premier Networking Training Center

Delegation of WMI Filters

The permissions on the WMI Policy container determine the permissions that a user has to create, edit, and delete WMI filters There are two permissions for creating WMI filters: -- Creator Owner -- Full Control

ADVANTAGE PRO Chennais Premier Networking Training Center

DEPLOYING AND MANAGING SOFTWARE BY USING GROUP POLICY

ADVANTAGE PRO Chennais Premier Networking Training Center

MANAGING SOFTWARE DEPLOYMENT

You can mange software by using the software installation extension of group policy. Users have immediate access to the software that they require to perform their jobs. They have an easy and consistent experience when working with software through its life cycle. You can use group policy to manage the software deployment process centrally or from one location.
ADVANTAGE PRO Chennais Premier Networking Training Center

MANAGING SOFTWARE DEPLOYMENT

You can apply group policy settings to users or computers in a site, domain or a organizational unit. You can manage the various phases of software deployment without deploying software on each computer.

ADVANTAGE PRO Chennais Premier Networking Training Center

MANAGING SOFTWARE DEPLOYMENT

The software life cycle consists of four phases. 1.Preparation. 2.Deployment. 3.Maintenance. 4.Removal.

ADVANTAGE PRO Chennais Premier Networking Training Center

MANAGING SOFTWARE DEPLOYMENT

PREPARATION : You must identify the risks using the current infrastructure that may prevent software installation. You prepare the files that enable the application to be deployed with group policy. Then copy the windows installer package files for an application to a software distribution point.

ADVANTAGE PRO Chennais Premier Networking Training Center

MANAGING SOFTWARE DEPLOYMENT

That distribution point will be the shared folder in the server. You can create a package file by using a third party utility.

ADVANTAGE PRO Chennais Premier Networking Training Center

MANAGING SOFTWARE DEPLOYMENT

DEPLOYMENT: You create GPO that installs the software on the computer and links the GPO to an appropriate active directory container. The software is installed when the computer starts. Or when the user start the application.

ADVANTAGE PRO Chennais Premier Networking Training Center

MANAGING SOFTWARE DEPLOYMENT

MAINTENANCE: You upgrade software with a new version. Then the software is automatically upgraded when the computer starts or when the user starts the application.

ADVANTAGE PRO Chennais Premier Networking Training Center

MANAGING SOFTWARE DEPLOYMENT

REMOVAL: To eliminate software that is no longer required. You remove the software package setting from the GPO. The software is then automatically removed.

ADVANTAGE PRO Chennais Premier Networking Training Center

WINDOWS INSTALLER: To enable the group policy to deploy and manage software. To deploy and manage software windows 2003 uses the windows installer. This component automates the installation and removal of application.

ADVANTAGE PRO Chennais Premier Networking Training Center

 The windows installer contains two components. Windows installer service. Windows installer package.

ADVANTAGE PRO Chennais Premier Networking Training Center

WINDOWS INSTALLER SERVICE: Fully automates the software installation and configuration process. Modifies or repairs an existing application installation. It installs an application either directly from the CD-Rom or by using group policy.

ADVANTAGE PRO Chennais Premier Networking Training Center

WINDOWS INSTALLER PACKAGE: Information about installing or uninstalling an application. A windows installer file with an .msi extension Summary information about the software and the package. A reference to an installation point where the product files reside.
ADVANTAGE PRO Chennais Premier Networking Training Center

DEPLOYING SOFTWARE: Deploying software ensures that required application are available from any computer that a user logs on. Before going to deploy a software you must specify how application are installed and maintained in your organization.

ADVANTAGE PRO Chennais Premier Networking Training Center

SOFTWARE DEPLOYMENT PROCESS : Create a software distribution point. Use GPO to deploy a software. Change the software deployment properties.

ADVANTAGE PRO Chennais Premier Networking Training Center

 There are two types of software deployment. Assigning Publishing

ADVANTAGE PRO Chennais Premier Networking Training Center

ASSIGNING: In assigning there are two methods one is user configuration another one is computer configuration.

PUBLISHING: In publishing there are two methods one is using add or remove program another one is using document activation.
ADVANTAGE PRO Chennais Premier Networking Training Center

CONFIGURING SOFTWARE DEPLOYMENT

ADVANTAGE PRO Chennais Premier Networking Training Center

SOFTWARE CATEGORIES : To organize assigned and published software into logical groups. So users can easily locate applications in Add or remove programs. We can create software categories to arrange different applications.

ADVANTAGE PRO Chennais Premier Networking Training Center

 You can organize software into categories,such as graphics, Microsoft office, and accounting categories. You can use the same list of software categories in all policies in the forest.

ADVANTAGE PRO Chennais Premier Networking Training Center

SOFTWARE UPGRADES : You can use group policy to deploy and manage software upgrades that meet departmental requirements in your organization. Upgrades typically involve major changes to software and have a new version numbers. A new version of the software is released that contains new and improved features.
ADVANTAGE PRO Chennais Premier Networking Training Center

 Patches and security or functional enhancements have been made to the software since the last release. An organization decides to use different vendors software. There are three methods of upgrades Mandatory upgrade. Optional upgrade. Selective upgrade.
ADVANTAGE PRO Chennais Premier Networking Training Center

MANDATORY UPGRADE: These upgrades automatically replace an old version of software with an upgraded version. OPTIONAL UPGRADE: These upgrades allow users to decide when to upgrade to the new version. SELECTIVE UPGRADE: If some users require an upgrade but not others.
ADVANTAGE PRO Chennais Premier Networking Training Center

SOFTWARE REDEPLOYMENT: You can redeploy a deployed package to force a reinstallation of the software. If there are interoperability issues or viruses that a reinstall of the software will fix.

ADVANTAGE PRO Chennais Premier Networking Training Center

TO REDEPLOY A SOFTWARE PACKAGE

ADVANTAGE PRO Chennais Premier Networking Training Center

ADVANTAGE PRO Chennais Premier Networking Training Center

ADVANTAGE PRO Chennais Premier Networking Training Center

REMOVING DEPLOYED SOFTWARE: There are two removal methods Forced removal. Optional removal.

ADVANTAGE PRO Chennais Premier Networking Training Center

FORCED REMOVAL: You can force the removal of the software. It will automatically deletes the software from a computer. Removal takes place before the desktop appears.

ADVANTAGE PRO Chennais Premier Networking Training Center

OPTIONAL REMOVAL: You remove the software from the software installation. Software is not actually removed from computers. The software no longer appears in Add or Remove programs, but users can still use it. If users can manually delete the software, they cannot reinstall it.
ADVANTAGE PRO Chennais Premier Networking Training Center

ADVANTAGE PRO Chennais Premier Networking Training Center