Title: Group Policy in Microsoft Windows Active Directory
1Group Policyin Microsoft Windows Active Directory
2What is Active Directory
A central component of the Windows platform,
Active Directory directory service provides the
means to manage the identities and relationships
that make up network environments.
Resources Computers Printers
Services E-Mail, Policies, DNS, etc.
Users Accounts and security groups
3(No Transcript)
4What is Active Directory Group Policy?
- The Group Policy management solution in
Microsoft Windows Server 2003 allows
administrators to define configurations for both
servers and user machines. Local policy settings
can be applied to all machines, and for those
that are part of a domain, an administrator can
use Group Policy to set policies that apply
across a given site, domain, or range of
organizational units (OUs) in the Active
Directory directory service. Support for Group
Policy is available on machines running Microsoft
Windows 2000 Server, Microsoft Windows 2000
Professional, Microsoft Windows XP Professional,
and Windows Server 2003.
5Overview
- Control Internet Explorer Settings
- Control Computer/User Settings
- Software Distribution
- Windows Updates
- Much, Much More..
6Getting Started
- Windows 2003 Active Directory
- Group Policy Manager Plug-in
7Creating a Policy
Create and Link GPO
Choose an Organizational Unit
8Assigning a Policy
Policies Linked to this OU
Policies Inherited to this OU
Delegation of this OU
9Defining Internet Explorer
- Control the Functionality of IE
- Plug-Ins
- Menus
- Empty Temp Folder
- Control the Security of IE
- Active X
- .NET
- Block Sites
10Configuring an IE Policy
- Define your Zones
- Internet
- Intranet
- Trusted
- Restricted
- Define your Settings
- Apply Policy to an OU
ZONES 1 Intranet 2 Trusted 3 Internet 4 -
Restricted
11Control User/Computer Settings
- Configure the Desktop
- Hide icons/menus
- Dictate wallpaper
- Control Software Installation or Use
- Prohibit software from being installed or
uninstalled - Prohibit software from being run
- Lockdown Administrator Functions
- Network or security settings
- Configure Windows Firewall
12Configure a Desktop Policy
13Software Distribution
- Automatically Install Software at Logon
- Publish Software
- Remove Software
- Update Software
14Configure a Software Install Policy
- Install a Software Package on Logon
- The software will be installed when the user logs
on - Publish a Software Package
- The software will be available through
Add/Remove Programs - Redeploy a Software Package
- The package will be redeployed (Update or New
Version) - Uninstall a Software Package
- The software will be removed
Install Path to MSI File
15Managing Windows Updates
- Create a policy to use the Windows Update
Services server - Assign WSUS Server
- Assign WSUS Groups
- Install and Configure WSUS
16Windows System Update Server
- Updates for Windows, Office, Exchange Server, and
SQL Server, with additional product support over
time - Automatic download of specific updates
- Automated actions for updates, determined by
administrator approval - Ability to determine the applicability of updates
before installing them - Targeting
- Reporting
17How WSUS Works
Downloads selected updates to central update
server
Release updates to specified groups
Report on status of updates
18Computer Name
Operating System
Last Status Report
Computer Group
19Install Detect only Not Approved
Update Type
Release Date
Update Name
Approval
20Reporting
Computer Name
Installed
Needed
Not Needed
Unknown
Failed
Last Updated
Update Title
Status Type