PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY

Description:

PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY FILTERING GROUP POLICY S SCOPE By default, settings flow from site to domain to OU. – PowerPoint PPT presentation

Number of Views:172
Avg rating:3.0/5.0
Slides: 30
Provided by: yorktechC
Category:

less

Transcript and Presenter's Notes

Title: PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY


1
PLANNING A GROUP POLICY MANAGEMENT AND
IMPLEMENTATION STRATEGY
  • Chapter 10

2
FILTERING GROUP POLICYS SCOPE
  • By default, settings flow from site to domain to
    OU.
  • Three ways to control Group Policy settings
    inheritance
  • Block Policy Inheritance
  • Security filtering
  • WMI filters

3
SECURITY FILTERING
4
WMI FILTERS
  • Windows Management Instrumentation (WMI)
  • Used for queries and filters concerning
  • Hardware
  • Software
  • Operating system type
  • Can be linked to multiple GPOs

5
WMI FILTER EXAMPLES
Table 10-1 WMI Filter Examples
T
a
r
g
e
t

C
o
m
p
u
t
e
r
S
a
m
p
l
e

W
M
I

F
F
i
i
l
l
t
t
e
e
r
r


S
S
t
t
r
r
i
i
n
n
g
g
T
a
r
g
e
t

C
o
m
p
u
t
e
r
S
a
m
p
l
e

W
M
I
All computers that are
Select from Win32_OperatingSystem
running Wi
n
dows
XP
where Ca
p
tion "Microsoft Windows
Professional
XP Professional"
All computers that have
Select from Win32_LogicalDisk
more than 10
MB of
WHERE
Name "C" AND
DriveType 3
available
drive space
AND
FreeSpace gt 10485760 AND
on a C NTFS partition
FileSystem "NTFS"
All computers with a
Select from Win32_POTSModem
modem i
n
stalled
Where Name "
MyModem"
6
CREATING WMI FILTERS
7
GROUP POLICY MANAGEMENT CONSOLE (GPMC)
  • Free add-on tool that can be used to manage
    Group Policy. Installs on
  • Windows XP with Service Pack 1
  • Any edition of Windows Server 2003
  • Can be used for
  • Importing and copying GPO settings
  • Backing up and restoring of GPOs
  • Executing the Resultant Set of Policy (RSoP)
    snap-in
  • Generating HTML reports

8
INSTALLING GPMC
  • GPMC is not on the Windows Server 2003 CD-ROM.
  • Can be downloaded for free from the Microsoft
    Web site.
  • In this course, gpmc.msi is on your supplemental
    CD-ROM.
  • Double-click the gpmc.msi file and run through
    the wizard.
  • Distribute through Group Policy.

9
GPMC CHANGES ACTIVE DIRECTORY USERS AND COMPUTERS
10
CREATING WMI FILTERS IN GPMC
11
LINKING WMI FILTERS
12
NAVIGATING WITH GROUP POLICY MANAGEMENT
13
INFORMATION DISPLAYED IN THE GPMC INTERFACE
14
DETERMINING AND TROUBLESHOOTING EFFECTIVE POLICY
SETTINGS
  • Resultant Set Of Policy (RSoP) Wizard
  • Group Policy Results
  • Group Policy Modeling
  • Gpresult.exe command line tool

15
RSOP LOGGING MODE
16
RSOP PLANNING MODE
17
GROUP POLICY MODELING IN GPMC
18
GROUP POLICY RESULTS
19
  • Gpresult.exe

20
DELEGATING GROUP POLICY ADMINISTRATIVE CONTROL
  • Creation of GPOs
  • Permissions on GPOs
  • Linking of GPOs
  • Use of Group Policy Modeling and Group Policy
    Results
  • Creation of WMI filters
  • WMI permissions

21
DELEGATING GPO CREATION
22
DELEGATING PERMISSIONS TO AN INDIVIDUAL GPO
GPMC Individual GPO Permissions
A
l
l
o
w
e
d

P
e
r
m
i
s
s
i
o
n
s
A
l
l
o
w
e
d

P
e
r
m
i
s
s
i
o
n
s
C
C
a
a
t
t
e
e
g
g
o
o
r
r
y
y
U
U
n
n
d
d
e
e
r
r
l
l
y
y
i
i
n
n
g
g


P
P
e
e
r
r
m
m
i
i
s
s
s
s
i
i
o
o
n
n
s
s


a
a
n
n
d
d


E
E
f
f
f
f
e
e
c
c
t
t
s
s
Read
Allows Read Access on the GPO.
Edit settings
Includes Read, Write, Create Child Objects, and
Delete Child Objects.
Edit, delete, and
Includes Read, Write, Create Child Objects, Delete
modify security
Child O
b
jects, Delete, Modify Permissions, and Modify
Owner. Implies Full Control without the Apply
Group
Policy permission being set.
Read (from
An automatic setting that appears when a user has
Security Filtering)
Read and Apply Group Policy permissions to the
GPO.
Custom
These permissions include those set individually
using the ACL editor for the GPO. The ACL editor
is
invoked by using the Advanced button and shows the
Security tab contents for the GPO.
23
DELEGATING LINKING, MODELING, AND RESULTS
24
DELEGATING WMI FILTERING
25
PLANNING GROUP POLICY INTEGRATION
  • Create policies at the highest level possible.
  • Limit the number of GPOs created.
  • Create specialized GPOs for policies.
  • Disable unnecessary portions (user or computer).
  • Only apply GPOs to sites when settings are
    required on a site basis.

26
RECOMMENDATIONS ON GROUP POLICY INHERITANCE
  • Limit use of the following
  • No Override
  • Block Policy Inheritance
  • Security filtering

27
PLANNING ADMINISTRATION AND IMPLEMENTATION OF GPOS
  • Determine which administrators will have policy
    delegation roles
  • Test policy settings
  • Document the plan

28
RESTORING DEFAULT SECURITY SETTINGS
29
CHAPTER SUMMARY
  • Name two methods you can use to filter GPOs.
  • How many WMI filters can be applied to each GPO?
  • What can you do with GPMC?
  • What two modes are available in RSoP?
  • List ways in which you can delegate Group Policy
    control.
Write a Comment
User Comments (0)
About PowerShow.com