Designing Group Policy

About This Presentation

Title:

Description:

Number of Views:21

Avg rating:3.0/5.0

Slides: 20

Provided by: higheredM

Category:

Tags: designing | group | policy | super | why

Transcript and Presenter's Notes

Title: Designing Group Policy

1
Designing Group Policy

2
Planning Deployment of Group Policy

3
Group Policy Overview

Group Policy allows centralized control of user
and computer configuration settings.
Group Policy uses Active Directory to centralize
management and standardize security settings.
Use the Block Policy Inheritance attribute or the
No Override attribute to modify the default
inheritance model.

4
Planning Group Policy Inheritance

Inheritance simplifies Group Policy
administration by allowing widespread policy
settings only to higher-level organizational
units (OUs).
Group Policy can be applied at different levels
within Active Directory by defining Group Policy
objects (GPOs) that are linked to sites, domains,
or OUs.
The Group Policy is applied to all computer or
user objects within the container where the Group
Policy object is defined.
Effective permissions are based on the
inheritance model.
The settings applied to an OU typically take
precedence.

5
Group Policy Application Order
6
Assessing Group Policy Application

Security requirements must be met without
significantly affecting logon performance.
Use the following design strategies
Disable unused portions of Group Policy.
Minimize the levels at which Group Policy is
applied.
Avoid cross-domain Group Policy object
assignments.

7
No Override and Block Policy Inheritance
8
Making the Decision Designing Group Policy

9
OU Structure for the Engineering Domain
10
OU Structure for the Wide World Importers Domain
11
Filtering Group Policy by Using Security Groups

Group Policy is not applied to security groups.
Group Policy is based on the location of objects
within the Active Directory hierarchy.
By default, Group Policies apply to all users and
computers within a site, domain, or OU.
Use security groups to filter Group Policy
application so that it applies only to specific
users and groups within a given object.
When defining a Group Policy object, define which
security groups will be able to Read and Apply
Group Policy in the Group Policy objects
Security tab.

12
Making the Decision Designing Group Policy
Filtering Strategies

Ensure that a Group Policy is applied to a
security group.
Prevent an OU administrator from blocking
inheritance.
Prevent application of a Group Policy object to
a specific group of users or computers.

13
Applying the Decision Group Policy Filtering at
Wide World Importers

Create two custom domain local groups named
FullTimeGP and ContingentGP.
Create two custom global groups named
FullTimeEmployees and ContingentStaff that
contain all full-time staff and all contingent
staff.
Configure the security for the Office Group
Policy so that only the FullTimeGP domain local
group has Read and Apply Group Policy
permissions.
The network administrators could also configure
the Office Group Policy to have the No Override
attribute.

14
Troubleshooting Group Policy

15
Assessing Group Policy Troubleshooting

16
Gpresult Utility

17
Making the Decision Troubleshooting Group
Policy Application

Determine all possible locations where Group
Policy objects might be defined.
Determine whether the Group Policy that was
applied is a user or computer configuration
setting.
Determine why a higher-level Group Policy is not
applied.
Determine why a lower-level Group Policy is not
applied.
Determine why a Group Policy does not apply to
all computers or users within a site, domain, or
OU.

18
Applying the Decision Troubleshooting Group
Policy Application at Wide World Importers

Verify the location of Dons user account in
Active Directory.
Determine where Group Policies might exist that
could affect Don's user account for application
of Group Policy.
Run Gpresult to determine all user Group Policies
that were applied to Don's user account at logon.
Determine if filtering is affecting the Group
Policy application.