Vous êtes sur la page 1sur 31

Group Policy Presentation

This document is classified as Public .

Group Policy Presentation

Presentation Plan
Summary:
    
Overview of Group Policies. Configuring the Scope of Group Policies Objects. Evaluating the Application of Group Policies Objects. Managing Group Policies Objects. Delegating Administrative Control of Group Policies

9 aot 2011 - Group Policy Objects - This document is classified as Public

Group Policy Presentation

Overview of Group Policy

9 aot 2011 - Group Policy Objects - This document is classified as Public

Overview of Group Policies

Preview

Here are the different parts:


      What Are Group Policies? Group Policy Settings How Group Policies Are Applied Group Policy Processing and Exceptions Group Policy Components What Are ADM and ADMX files?

9 aot 2011 - Group Policy Objects - This document is classified as Public

Overview of Group Policies

What Are Group Policies? Group Policies enable IT administrators to automate one-to-many management of users and computers

Use Group Policies to :  Apply standard configurations  Deploy software  Enforce security settings  Enforce a consistent desktop environment

Local group policies are always in effect for local users and local computer settings..
9 aot 2011 - Group Policy Objects - This document is classified as Public

Overview of Group Policies

Group Policy Settings Group Policy settings for users Software Settings Windows Settings Security Settings Desktop Settings Group Policy settings for computers Software Settings Windows Settings Security Settings Operating systems Settings
9 aot 2011 - Group Policy Objects - This document is classified as Public

Overview of Group Policies

How Group Policies Are Applied

Computer starts

Refresh Interval

Every 90 minutes

Computer settings applied Startup scripts run

User logs on

Refresh Interval

Every 90 minutes

User settings applied Logon scripts run

9 aot 2011 - Group Policy Objects - This document is classified as Public

Overview of Group Policies

Group Policy Processing and Exeptions Local Policy Machine/User Site Policy Machine/User Domain Policy Machine/User OUtop OUbottom Policy Machine/User 500 Kbps by default Certain client side extensions are not processed Prior to Vista, ICMP is used to detect a slow link Vista uses Network Location Awareness Windows XP and Vista use cached credential for faster logons Many GPO settings take two logons to take effect

Group Policy Processing

Slow Links

Cached Credential

9 aot 2011 - Group Policy Objects - This document is classified as Public

Overview of Group Policies

Group Policy Container Group Policy Components Group Policy Object


Stored in Active Directory Provides version information Status information List of components

Group Policy Template Contains Group Policy settings Stores content in two locations
Stored in shared SYSVOL folder Provides Group Policy settings Supports both ADM and ADMX templates

9 aot 2011 - Group Policy Objects - This document is classified as Public

Overview of Group Policies

What Are ADM and ADMX Files?

ADM files are:  Copied into every GPO in SYSVOL  Difficult to customize

ADMX files are:  Language neutral  Not stored in the GPO  Extensible through XML

9 aot 2011 - Group Policy Objects - This document is classified as Public

10

Group Policy Presentation

Configuring the Scope of Group Policy Objects

9 aot 2011 - Group Policy Objects - This document is classified as Public

11

Configuring the Scope of Group Policy Objects

Preview

Here are the different parts:


    Group Policy Processing Order What Are Multiple Local Group Policies? Options for Modifying Group Policy Processing How Does Loopback Processing Work?

9 aot 2011 - Group Policy Objects - This document is classified as Public

12

Configuring the Scope of Group Policy Objects

Group Policy Processing Order GPO1 Local Group Policy Site GPO3 GPO4 Domain GPO5
OU OU

GPO2

OU
9 aot 2011 - Group Policy Objects - This document is classified as Public 13

Configuring the Scope of Group Policy Objects

What are Multiple Local Group Policies?

 One layer of computer configurations that applies to all users  Layers apply only to individual users, not to groups  There are three layers of user configurations: Administrator Non-Administrator User-specific

9 aot 2011 - Group Policy Objects - This document is classified as Public

14

Configuring the Scope of Group Policy Objects

Options for Modifying Group Policy Processing Five methods to modify GPO default processing: Block inheritance Enforcement Filtering using security groups or WMI filters Disabling GPOs Loopback processing

9 aot 2011 - Group Policy Objects - This document is classified as Public

15

Configuring the Scope of Group Policy Objects

How Does Loopback Processing Work?

9 aot 2011 - Group Policy Objects - This document is classified as Public

16

Group Policy Presentation

Evaluating the Application of Group Policy Objects

9 aot 2011 - Group Policy Objects - This document is classified as Public

17

Evaluating the Application of Group Policy Objects

Preview

Here are the different parts:


  What Is Group Policy Reporting? What Is Group Policy Modeling?

9 aot 2011 - Group Policy Objects - This document is classified as Public

18

Evaluating the Application of Group Policy Objects

What Is Group Policy Reporting?

Group policy reporting is a method of planning and troubleshooting group policy

 Group Policy results are provided by the GPMC  GPResult is a command line utility

9 aot 2011 - Group Policy Objects - This document is classified as Public

19

Evaluating the Application of Group Policy Objects

What Is Group Policy Modeling?

The Group Policy Modeling Wizard calculates the simulated net effect of GPOs

The Group Policy Modeling Wizard simulates:  Site membership  Security group membership  WMI filters  Slow links  Loopback processing  The effects of moving user or computer objects to a different Active Directory container

9 aot 2011 - Group Policy Objects - This document is classified as Public

20

Group Policy Presentation

Managing Group Policy Objects

9 aot 2011 - Group Policy Objects - This document is classified as Public

21

Managing Group Policy Objects

Preview

Here are the different parts:


      What Is a Copy Operation? What Is a Backup Operation? What Is a Restore Operation? What Is an Import Operation? What Is a Starter GPO? Migrating Group Policy Objects

9 aot 2011 - Group Policy Objects - This document is classified as Public

22

Managing Group Policy Objects

What Is a Copy Operation?

DACL User 1 GPO1 Read Full Control User 1 GPO2

DACL Read Full Control

A copy of a GPO transfers only the settings within a GPO The new GPO is created unlinked

9 aot 2011 - Group Policy Objects - This document is classified as Public

23

Managing Group Policy Objects

What Is a Backup Operation?

GPO1

GPO1 Backup of a GPO

In a backup operation, Group Policy Management export all data in the GPO to the selected file and saves the GPT files

9 aot 2011 - Group Policy Objects - This document is classified as Public

24

Managing Group Policy Objects

What Is a Restore Operation?


GPO1

GPO1 Backed-up GPO

In a restore operation, the contents of the GPO are returned to exactly the same state

9 aot 2011 - Group Policy Objects - This document is classified as Public

25

Managing Group Policy Objects

What Is an Import Operation?

GPO1 GPO Settings

GPO2

In an import operation, all GPO settings are copied from the source to the target GPO

9 aot 2011 - Group Policy Objects - This document is classified as Public

26

Managing Group Policy Objects

What Is a Starter GPO?


 Stores administrative template settings on which the new GPOs will be based  Can be exported to .cab files  Can be imported into other areas of the enterprise
Exported to CAB file Imported to GPMC

Starter GPO
9 aot 2011 - Group Policy Objects - This document is classified as Public

CAB file
27

Load Cabinet file

Managing Group Policy Objects

Migrating Group Policy Objects


The ADMX Migrator utility :  Can be used to convert custom ADM files to ADMX  Is GUI based and can be downloaded from the Microsoft download site utility

9 aot 2011 - Group Policy Objects - This document is classified as Public

28

Group Policy Presentation

Delegating Administrative Control of Group Policies

9 aot 2011 - Group Policy Objects - This document is classified as Public

29

Delegating Administrative Control of Group Policies

Options for Delegating Control of GPOs


Methods to delegate control of GPOs
Membership in Group Policy Creator Owners group or explicit permission to create GPOs Assign Edit rights to individual policies Delegate the right to link GPOs to containers Delegate the right to use group policy reporting tools
9 aot 2011 - Group Policy Objects - This document is classified as Public

Create GPOs in the domain

Edit or delete GPOs

Link GPOs to containers

Use reporting tools

X X X X X X
30

X X X

X X X

Group Policy Presentation

Do you have any questions ?

9 aot 2011 - Group Policy Objects - This document is classified as Public

31