1 / 22

Windows Server 2003 群組原則設定與管理

Windows Server 2003 群組原則設定與管理. 林寶森 jeffl@ms11.hinet.net. Examples of User Rights. What Are User Rights?. User Rights vs. Permissions. User Rights: Actions on System. Permissions: Actions on Object. What Is a Restricted Group Policy?. Use restricted group policy to control membership

Mercy
Download Presentation

Windows Server 2003 群組原則設定與管理

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server 2003群組原則設定與管理 林寶森 jeffl@ms11.hinet.net

  2. Examples of User Rights What Are User Rights?

  3. User Rights vs. Permissions User Rights: Actions on System Permissions: Actions on Object

  4. What Is a Restricted Group Policy? • Use restricted group policy to control membership • Specify what members belong to a group • Members that are not specified in the policy are removed during configuration or refresh • To apply restricted group policy • Define the policy in a security template - OR - • Define the setting directly on a GPO

  5. What occurred? Who did it? When? What was the result? What Is Auditing? • Auditing tracks user and operating system activities and records selected events in security logs • Enable auditing to: • Create a baseline • Detect threats and attacks • Determine damages • Prevent further damage • Audit access to objects, management of accounts, and users logging on and logging off

  6. What Is Audit Policy? • An audit policydetermines the security events that will be reported to the network administrator • Set up an audit policy to: • Track success or failure of events • Minimize unauthorized use of resources • Maintain a record of activity • Security events are stored in security logs

  7. Audit success events in the directory service access category • Audit success events in the object access category • Audit success and failure events in the system category • Audit success and failure events in the policy change category on domain controllers • Audit success and failure events in the account management category • Audit success events in the logon category • Audit success events in the account logon category on domain controllers • Set an appropriate size for the security log Best Practices for Configuring Auditing

  8. Scripts Startup/Shutdown Computer Computer Configuration Startup/Shutdown User Configuration User Logon/Logoff Logon/Logoff Assigning Scripts by Using Group Policy

  9. Logon Properties Scripts Logon Scripts for Log On Script [AUCKLAND.contoso.msft] Name Parameters Up Development.vbs Down Information Services.vbs Add the script to the appropriate GPO Add... Edit... Remove To view the script files stores in this Group Policy Object, press the button below. Copy the script to the appropriate GPT Show Files... OK Cancel Apply Assigning Group Policy Script Settings

  10. Folder Redirection Application Data Desktop My Documents My Pictures Start Menu What Is Folder Redirection? • Folder Redirection enables users and administrators to redirect the folders to a new location • The new location can be a folder on the local computer or a shared folder on the network • Users can work with documents on a server as if the documents are located on the local drive • Create a standard Desktop • Reduce size of roaming profiles • Files Are Not Saved on the Client Computer

  11. Accounting Users Accounts A-M Accounts N-Z Accounting Managers Private MistyS Private AnnePa Settings Required to Configure Folder Redirection • Use basic Folder Redirection for: • Users who use a common area - or - • Users who use private data • With advanced Folder Redirection, the server hosting the folder location is based on group membership

  12. Desktop Properties Target Desktop Properties Settings Desktop Properties Target You can specify the location of the Desktop folder Settings Target Settings You can specify the location of the Desktop folder Setting: No administrative policy specified You can specify the location of the Desktop folder The Group Policy Object will have no effect on the location of this folder. Setting: Basic – Redirect everyone’s folder to the dame loc Setting: Advanced – Specify locations for various user grou This folder will be redirected to the specified location. An example target path is: \\server\share\%username%. OK Cancel Apply This folder will be redirected to different locations based on the security group membership of the users. An example target path is \\server\share\%username% Target folder location Security Group Membership \\london\desktops\%username% Group Path Browse CONTOSO\acct \\london\acct\%username% CONTOSO\sales \\london\sales\%username% OK Cancel Apply Add Edit Remove OK Cancel Apply Setting a Target Location Use the%username% variable

  13. ? Desktop Properties Target Target Setting Specify the redirection settings for Desktop. Grant the user exclusive rights to Desktop. Move the contents of Desktop to the new location. Policy Removal Leave the folder in the new location when policy is removed. Redirect the folder back to the local user profile location when policy is removed. Setting Configuring Folder Redirection Settings

  14. Create a software distribution point Use a GPO to deploy software 1 2 Publish Assign Change the software deployment properties 3 Property 1 Property 2 Property 3 Software Deployment Process

  15. Assign softwareduring Computer Configuration Assign software during User Configuration Publish software using Add or Remove Programs ? Publish software using document activation Assigning vs. Publishing Software Software Distribution Point

  16. Default Options for Software Installation Specify the location of the software distribution point that contains the .msi package files Specify how to deploy the software Specify whether to use default values or user-defined values

  17. What Are Software Categories? Software categories function across domains

  18. Word 2002 Accounting GPO FileName.doc Accounting Word 2002 Sales GPO Word 2000 FileName.doc Word 2000 Sales What Is Software Association? Manage application associations on a per-GPO basis

  19. Sales GPO3 GPO2 GPO1 Marketing Accounting What Is Software Modification? Single instance on server You can add and remove modifications only during deployment of a software package

  20. 1.0 1.0 2.0 2.0 2.0 2.0 Types of Software Upgrades Deploy next version of the application

  21. 1 2 Upgrade Upgrade Place the software upgrade on the server Group Policy Redeploy the package 4 3 The user logs on and invokes the software The user logs on and activates the software How Software Redeployment Works

  22. Methods for Removing Deployed Software

More Related