1 / 42

Planning a Group Policy Management and Implementation Strategy

Planning a Group Policy Management and Implementation Strategy. Lesson 10. Skills Matrix. Introducing the Group Policy Management MMC Snap-In. Import and copy GPO settings to and from the file system. Backup and restoration of GPOs is available in Group Policy Management.

september
Download Presentation

Planning a Group Policy Management and Implementation Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Planning a Group Policy Management and Implementation Strategy Lesson 10

  2. Skills Matrix

  3. Introducing the Group Policy Management MMC Snap-In • Import and copy GPO settings to and from the file system. • Backup and restoration of GPOs is available in Group Policy Management. • Resultant Set of Policy (RSoP) functionality integration includes Group Policy Modeling and Group Policy Results. Lesson 10

  4. Introducing the Group Policy Management MMC Snap-In (cont.) • GPMC is natively installed with Windows Server 2008. • Hypertext Markup Language (HTML) reports allow read-only views of GPO settings and RSoP information. Lesson 10

  5. Introducing the Group Policy Management MMC Snap-In (cont.) • Search for GPOs based on name, permissions, WMI filter, GUID, or policy extensions set in the GPOs. • Search for individual settings within a GPO by keyword, and search for only those settings that have been configured. Lesson 10

  6. Introducing the Group Policy Management MMC Snap-In (cont.) Lesson 10

  7. Managing an Individual GPO • Scope • Details • Settings • Delegation Lesson 10

  8. Configuring a Starter GPO • Open the Group Policy Management MMC console. • Drill down to <forest name>, click <domainname>, and then click Starter GPOs. • If this is the first time you have used Starter GPOs, the Contents tab is gray. Click Create Starter GPOs Folder. Lesson 10

  9. Configuring a Starter GPO (cont.) • Right-click the Starter GPO’s node, and click New. The New Starter GPO dialog box is displayed. • Enter a name and description for the Starter GPO, and click OK. • Right-click the Starter GPO that you just created, and click Edit. The Group Policy Starter GPO Editor will open. Lesson 10

  10. Configuring a Starter GPO (cont.) • Make any modifications to this Starter GPO, and then close the Group Policy Starter GPO Editor. • To create a new GPO that is based on this Starter GPO, navigate to the Group Policy Objects node. Lesson 10

  11. Configuring a Starter GPO (cont.) • Right-click Group Policy Objects, and click New. The window shown in Figure 10-7 is displayed. • Enter a name for the new GPO. • In the Source Starter GPO drop-down list, select the Starter GPO that you want to use as the source of the new GPO, and click OK. Lesson 10

  12. Configuring Security Group Filtering • Remove the ACE entry for the Authenticated Users group that grants Read and Apply Group Policy permissions. • Grant these two permissions to only the groups that you want the GPO to affect. Lesson 10

  13. Configuring Security Group Filtering (cont.) • Set the Apply Group Policy ACE to Deny for the specific group or groups that you want to exclude from the Group Policy. • The GPO will still apply to all other users because of the Authenticated Users ACE. • Open the Group Policy Management MMC snap-in. Lesson 10

  14. Configuring Security Group Filtering (cont.) • Navigate to the GPO that you wish to modify. Click the Delegation tab, and then click Advanced. • If the Administrators group is not listed in the Group or User Names window, click Add. • Key Administrators in the Enter Object Names to Select box, and click OK. Lesson 10

  15. Configuring Security Group Filtering (cont.) • Make sure that Administrators is selected, and click the Deny checkbox for the Apply Group Policy permission. • Click OK. Read the dialog box, and click Yes to continue. • Click OK to close the Properties dialog box for the GPO. Lesson 10

  16. Configuring WMI Filtering • Open the Group Policy Management MMC snap-in. Drill down to <forest name>, click <domainname>, and then click WMI Filters. • Right-click the WMI Filters node, and click New. • In the Name and Description fields, enter a name and description for the new WMI filter. Lesson 10

  17. Configuring WMI Filtering (cont.) • In the Queries section, click Add. The WMI Query window will be displayed. • Enter the desired query information, and click OK. • Click Save to create the WMI filter. Lesson 10

  18. Configuring WMI Filtering (cont.) • Navigate to the Group Policy Objects node. • Select the GPO to be assigned to this WMI filter. • On the Scope tab, select the name of the WMI filter you just created from the WMI Filtering drop-down box. • Click Yes to confirm your changes. Lesson 10

  19. Using the Resultant Set of Policy Wizard • Click Start, and click Run. • Key mmc, and pressEnter. • From the File menu, select Add/Remove Snap-in, and then click the Add button. • Select the Resultant Set of Policy snap-in from the Add Standalone Snap-in windows. • Click Add, and then click Close. Lesson 10

  20. Using the Resultant Set of Policy Wizard (cont.) • Click OK to finish creating the new console window. • In the left console pane, select Resultant Set of Policy. • From the Action menu, select Generate RSoP Data to launch the RSoP Wizard, and click Next. • In the Mode selection page, select Planning Mode, and click Next to continue. Lesson 10

  21. Using the Resultant Set of Policy Wizard (cont.) • In the User and Computer Selection page, complete the appropriate fields to select the user or computer for which you wish to simulate policy settings, and click Next to proceed. • In the Advanced Simulation Options page, you can choose to simulate your policy with additional conditions, such as slow links and loopback processing. • Click Next to continue. Lesson 10

  22. Using the Resultant Set of Policy Wizard (cont.) • On the User Security Groups page, you can choose to simulate the effect of changing the user's security group memberships. • The settings on this page are optional. • Click Next to continue. Lesson 10

  23. Using the Resultant Set of Policy Wizard (cont.) • On the Computer Security Groups page, you can simulate changes to the computer's security groups. • The settings on this page are optional. • Click Next to continue. Lesson 10

  24. Using the Resultant Set of Policy Wizard (cont.) • On the WMI Filters for Users page, select any filters that you would like to include in your simulation. • The page settings here are optional. • Click Next to continue. Lesson 10

  25. Using the Resultant Set of Policy Wizard (cont.) • On the WMI Filters for Computers page, select any filters that you would like to include in your simulation. • The page settings here are optional. • Click Next to continue. Lesson 10

  26. Using the Resultant Set of Policy Wizard (cont.) • On the Summary of Selections page, review your simulation query information. • Change the domain controller on which you wish to process the simulation, if necessary, and click Next to generate the report. Lesson 10

  27. Using the Resultant Set of Policy Wizard (cont.) • Click Finish to close the wizard. • The results of your query will be displayed in an MMC window that looks similar to a Group Policy Object Editor window. • The MMC can be saved with the results of the query. Lesson 10

  28. Using the Resultant Set of Policy Wizard (cont.) • In the left console pane, select Resultant Set of Policy. • From the Action menu, select Generate RSoP Data to launch the RSoP Wizard, and click Next. • From the Mode Selection page, select Logging Mode, and click Next to continue. Lesson 10

  29. Using the Resultant Set of Policy Wizard (cont.) • On the Computer Selection page, you can select This Computer, or select Another Computer and key the name of the computer. • If you are not sure of the computer name, you can click Browse to find the computer for which you wish to perform the query. Lesson 10

  30. Using the Resultant Set of Policy Wizard (cont.) • The other option on this page is to click the Do Not Display Policy Settings for the Selected Computer in the Results Display checkbox. • This will eliminate the computer policy settings from the results window. • Click Next to continue. Lesson 10

  31. Using the Resultant Set of Policy Wizard (cont.) • On the User Selection page, select the appropriate bullet for the user for whom you wish to display query results. • If you chose a computer instead of a user in the User and Computer selection page and do not wish to have user policy settings displayed in the final results, you can click the Do Not Display User Policy Settings in the Results checkbox. • Click Next to continue. Lesson 10

  32. Using the Resultant Set of Policy Wizard (cont.) • On the Summary of Selections page, verify your desired query information. • Click the checkbox to show error information, and click Next to begin the analysis. • Click Finish to close the wizard. The MMC window will display the results of your request. Lesson 10

  33. Creating a Group Policy Modeling Query • From the Administrative Tools folder on the Start menu, open Group Policy Management. • Browse to the forest or domain in which you want to create a Group Policy Modeling query. • Right-click Group Policy Modeling, and then click Group Policy Modeling Wizard. Lesson 10

  34. Creating a Group Policy Modeling Query (cont.) • On the Welcome to the Group Policy Modeling Wizard page, click Next. • Complete the remaining pages by entering the information that will build the appropriate simulation criteria. • These remaining pages are the same as those you completed using the Resultant Set of Policy MMC in Planning mode. Lesson 10

  35. Creating a Group Policy Modeling Query (cont.) Lesson 10

  36. Creating a Group Policy Results Query • From the Administrative Tools folder on the Start Menu, open Group Policy Management. • Browse to the forest or domain from which you want to view query results. • In Group Policy Management, navigate to and right-click Group Policy Results. • Select Group Policy Results Wizard. Lesson 10

  37. Creating a Group Policy Results Query (cont.) • On the Welcome to Group Policy Results Wizard page, click Next. • On the Computer Selection page, select the current computer, or click Browse to select another computer. • Click Next to continue. Lesson 10

  38. Creating a Group Policy Results Query (cont.) • On the User Selection page, select the current user, or specify another user for whom you wish to obtain policy results. Click Next. • On the Summary of Selections page, verify your criteria, and click Next. • Click Finish to close the Completing the Group Policy Results Wizard page. Lesson 10

  39. You Learned • Application of group policies can be filtered by using Block Policy Inheritance, No Override, permissions, and WMI filters. • WMI filters allow administrative control over group policy implementation based on criteria defined in the filter. After evaluation, all filter criteria must return a value of true for the policy to be applied. Any criteria that return a value of false after evaluation will prevent the policy from being applied. Lesson 10

  40. You Learned (cont.) • Only one WMI filter can be applied to each GPO. • GPMC can be used to manage all aspects of Group Policy, including the following: creation, linking, editing, reporting, modeling, backup, restore, copying, importing, and scripting. • Determining effective group policies can be accomplished using RSoP, GPMC, or GPResult. Lesson 10

  41. You Learned (cont.) • RSoP is an MMC snap-in that has two modes: Planning and Logging. Planning mode allows administrators to simulate policy settings prior to their deployment. Logging mode reports on the results of existing policies. Lesson 10

  42. You Learned (cont.) • Delegating administrative control of Group Policy management tasks is an important feature when planning a decentralized administrative approach. GPMC is a comprehensive tool that simplifies delegation of all aspects of Group Policy management. Lesson 10

More Related