Title: Module 5: Creating and Configuring Group Policies
1- Module 5 Creating and Configuring Group
Policies
2Module Overview
- Overview of Group Policies
- Configuring the Scope of Group Policy Objects
- Evaluating the Application of Group Policy
Objects - Managing Group Policy Objects
- Delegating Administrative Control of Group
Policies
3Lesson 1 Overview of Group Policies
- What Are Group Policies?
- Group Policy Settings
- How Group Policies Are Applied
- Exceptions to Normal Group Policy Processing
- Group Policy Components
- What Are ADM and ADMX files?
- What Is the Central Store?
- Demonstration Configuring Group Policy Objects
4What Are Group Policies?
Group Policies enable IT administrators to
automate one-to-many management of users and
computers
Use Group Policies to
-
- Apply standard configurations
- Enforce security settings
- Enforce a consistent desktop environment
Local group policies are always in effect for
local and domain users and local computer settings
5Group Policy Settings
- Software
- Windows
- Security
- Desktop
Group Policy settings for users control these
settings
- Software
- Windows
- Security
- Operating systems
Group Policy settings for computers control
thesesettings
6How Group Policies are Applied
Computer starts
Refresh Interval
Every 90 minutes
- Computer settings applied
- Startup scripts run
User logs on
Refresh Interval
Every 90 minutes
- User settings applied
- Logon scripts run
7Exceptions to Group Policy Processing
Additional exceptions
- 500 KPS by default
- Certain client side extensions are not processed
- Prior to Vista, ICMP is used to detect a slow
link - Vista uses Network Location Awareness
Slow links
Cached credentials
- Windows XP and Vista use cached credential for
faster logons - Many GPO settings take two logons to take effect
- Remote access connections
- Moving a user or computer object in Active
Directory
8Group Policy Components
Group Policy Container
- Stored in Active Directory
- Provides version information
Group Policy Object
Group Policy Template
- Stored in shared SYSVOL folder
- Provides Group Policy settings
- Supports both ADM and ADMX templates
- Contains Group Policy settings
- Stores content in two locations
9What Are ADM and ADMX Files?
ADM files are
- Copied into every GPO in SYSVOL
- Difficult to customize
ADMX files are
- Language neutral
- Not stored in the GPO
- Extensible through XML
10What Is the Central Store?
The Central Store
- Is a central repository for ADMX and ADML files
- Is stored in SYSVOL
- Must be created manually
- Is detected automatically by Windows Vista or
Server 2008
ADMX files
Windows Vista or Windows Server 2008workstation
Domain controller with SYSVOL
Domain controller with SYSVOL
11Demonstration Configuring Group Policy Objects
- In this demonstration, you will see how to
- Create a GPO
- Configure settings
12Lesson 2 Configuring the Scope of Group Policy
Objects
- Group Policy Processing Order
- What Are Multiple Local Group Policies?
- Options for Modifying Group Policy Processing
- Demonstration Configuring Group Policy Object
Links - Demonstration Configuring Group Policy
Inheritance - Demonstration Filtering Group Policy Objects
Using Security Groups - Demonstration Filtering Group Policy Objects
Using WMI Filters - How Does Loopback Processing Work?
- Discussion Configuring the Scope of Group Policy
Processing
13Group Policy Processing Order
GPO1
Local group
GPO5
OU
OU
14What Are Multiple Local Group Policies?
- One layer of computer configurations that
applies to all users
- Layers apply only to individual users, not to
groups
-
- There are three layers of user configurations
- Administrator
- Non-Administrator
- User-specific
15Options for Modifying Group Policy Processing
- Five methods to modify GPO default processing
- Filtering using security groups or WMI filters
16Demonstration Configuring Group Policy Object
Links
- In this demonstration, you will see how to
- Create and link GPOs to different locations
within AD DS - Disable a GPO link
17Demonstration Configuring Group Policy
Inheritance
- In this demonstration, you will see how to
- Block GPO inheritance
- Enforce GPO inheritance
18Demonstration Filtering Group Policy Objects By
Using Security Groups
- In this demonstration, you will see how to filter
the application of GPOs using security groups
19Demonstration Filtering Group Policy Objects
Using WMI Filters
- In this demonstration, you will see how to create
and assign a WMI filter
20How Does Loopback Processing Work?
21Discussion Configuring the Scope of Group Policy
Processing
Woodgrove Bank Domain Tree
Woodgrove Bank
Head Office site
Head Office
Slow link
Branches
High-speed link
Toronto
Winnipeg
Servers
SQL Server
Exchange Server
22Lesson 3 Evaluating the Application of Group
Policy Objects
- What Is Group Policy Reporting?
- What Is Group Policy Modeling?
- Demonstration How to Evaluate the Application of
Group Policies
23What Is Group Policy Reporting?
Group policy reporting is a method of planning
and troubleshooting group policy
-
- Group Policy results are provided by the GPMC
- GPResult is a command line utility
24What Is Group Policy Modeling?
The Group Policy Modeling Wizard calculates the
simulated net effect  of GPOs
- The Group Policy Modeling Wizard simulates
- Site membership
- Security group membership
- WMI filters
- Slow links
- Loopback processing
- The effects of moving user or computer objects to
a different Active Directory container
25Demonstration How to Evaluate the Application of
Group Policies
- In this demonstration, you will see how to run
each of the tools for reviewing the application
of group policies
26Lesson 4 Managing Group Policy Objects
- GPO Management Tasks
- What Is a Starter GPO?
- Demonstration How to Copy a GPO
- Demonstration Backing up and Restoring GPOs
- Demonstration Importing a GPO
- Migrating Group Policy Objects
27GPO Management Tasks
- Back up GPOs
- Restore GPOs
- Copy GPOs
- Import GPOs
28What Is a Starter GPO?
- Stores administrative template settings on which
the new GPOs will be based - Can be exported to .cab files
- Can be imported into other areas of the enterprise
Exported to cab file
Imported to GPMC
starterGPO
Cab file
Load cabinet file
29Demonstration How to Copy a GPO
- In this demonstration, you will see how to copy a
GPO
30Demonstration Backing up and Restoring GPOs
- In this demonstration, you will see how to back
up and restore a GPO
31Demonstration Importing a GPO
- In this demonstration, you will see how to
- Import a GPO
- Use a migration tableÂ
32Migrating Group Policy Objects
33Lesson 5 Delegating Administrative Control of
Group Policies
- Options for Delegating Control of GPOs
- Demonstration How to Delegate Administrative
Control of GPOs
34Options for Delegating Control of GPOs
Methods to delegate control of GPOs Create GPOs in the domain Edit or delete GPOs Link GPOs to containers Use reporting tools
Membership in Group Policy Creator Owners group or explicit permission to create GPOs
Assign Edit rights to individual policies
Delegate the right to link GPOs to containers
Delegate the right to use group policy reporting tools
35Demonstration How to Delegate Administrative
Control of GPOs
- In this demonstration, you will see how to
delegate the right to create, edit, link, and use
the reporting tools for group policies
36Lab Creating and Configuring GPOs
- Exercise 1 Creating Group Policy Objects
- Exercise 2 Managing the Scope of GPO Application
- Exercise 3 Verifying GPO Application
- Exercise 4 Managing GPOs
- Exercise 5 Delegating Administrative Control of
GPOs
Logon information
Virtual machine NYC-DC1, NYC-CL1
User name Administrator
Password Paw0rd
Estimated time 75 minutes
37Lab Review
- What other method could be used to grant a user
the right to create GPOs in the domain? - If you need to apply a GPO to computers that have
certain services installed, what is the best
approach?
38Module Review and Takeaways
- Considerations
- Review questions
39Beta Feedback Tool
- Beta feedback tool helps
- Collect student roster information, module
feedback, and course evaluations. - Identify and sort the changes that students
request, thereby facilitating a quick team
triage. - Save data to a database in SQL Server that you
can later query. - Walkthrough of the tool
40Beta Feedback
- Overall flow of module
- Which topics did you think flowed smoothly, from
topic to topic? - Was something taught out of order?
- Pacing
- Were you able to keep up? Are there any places
where the pace felt too slow? - Were you able to process what the instructor said
before moving on to next topic? - Did you have ample time to reflect on what you
learned? Did you have time to formulate and ask
questions? - Learner activities
- Which demos helped you learn the most? Why do you
think that is? - Did the lab help you synthesize the content in
the module? Did it help you to understand how you
can use this knowledge in your work environment? - Were there any discussion questions or reflection
questions that really made you think? Were there
questions you thought werent helpful?