Add to collection(s) Add to saved
  1. Business

Understanding Group Policy Part 3

advertisement 
Understanding Group Policy
Part 3 of 3
Rick Claus
IT Pro Advisor
Microsoft Canada
rick.claus@microsoft.com
http://blogs.technet.com/rclaus
What Will We Cover?
• Group Policy Management
• Advanced Group Policy Security
• Scripting Group Policy
• Group Policy Modeling
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
Administrative Template Extension
• Simple way to configure policy
• Largest Group Policy extension
• .ADM files enable user interface
Using ADM Template Extensions
321
Modifyapplied
Policy
Group
Policy
to client
Stored
on
domain
controller
SYSVOL
Domain
Controller
Active
Directory
Database
Demo
demonstration
Reviewing .ADM Files
Custom ADM Templates
Use to
•
•
•
•
Do not use to
Increase security
• Configure all settings
Disable interface options • Create unsupported policy
Disable confusing items
Control data
Registry Policies
HKEY_LOCAL_MACHINE\SOFTWARE\policies
HKEY_LOCAL_MACHINE
\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\policies
HKEY_CURRENT_USER
\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Demo
demonstration
Customizing .ADM Templates
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
Scripting Group Policy
Backing up GPOs
Creating a new GPO
Creating environment using XML
GPMC
Importing a GPO
Listing disabled GPOs
COM
Interfaces
Sample
Scripts
Listing GPO information
Demo
demonstration
Scripting Group Policy



Using GPMC Scripts
Changing the Script Host Engine
Using Scripts to Back up GPOs
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
Exclude Accounts from Group Policy
Domain
Controller
Administrator
Demo
demonstration
Configuring Group Policy ACLs

Protect Administrator from Group Policy
Delegating Control of GPOs
Domain
Controller
Delegate
Administrator
Demo
demonstration
Delegating Administration


Delegating “create GPOs” to ITGroup
Delegating Sales User GPO
Security Configuration and Analysis
Does the hard work
Enables quick review
Ensures policies are enforced
Allows local security configuration
Security Configuration Wizard
Administrator
Security
Configuration
Wizard
download.microsoft.com/download/f/7/1/f71adf6e-dbab-48a2-9a299e481110fd55/SCWQuickStartDoc.doc
Demo
demonstration
Applying Security Templates
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
WMI Filtering
XP Professional only
Windows XP
Domain
Controller
WMI Filter
Windows 2000
Windows XP
Demo
demonstration
Using WMI Filters



Creating WMI Filters
Applying WMI Filters
Modeling WMI Filters
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
Copying GPOs between Domains
GPO Backup
GPO Copy
us.contoso.com
uk.contoso.com
us.contoso.com
us.fabrikam.com
Demo
demonstration
Migrating GPOs across Domains
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
Group Policy Modeling Overview
• Group Policy Modeling Wizard
• Group Policy Results Wizard
• HTML Reports
www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Dep
Kit/b8af2303-dac9-4fd5-9717-c3a7f553c627.mspx
Loopback Processing
• Changes GPO processing order
• Process only computer settings
• Merge user and computer settings
Demo
demonstration
Modeling GPO Loopback
Session Summary
• Manage and control your environment
more easily
• Enhance security in your environment
• Group Policy Modeling predicts behavior
of GPOs before implementing them
For More Information
Visit TechNet at
www.microsoft.ca/technet
Rick Claus
IT Pro Advisor
Microsoft Canada
rick.claus@microsoft.com
http://blogs.technet.com/rclaus
Related documents
Group Policy Class Notes
Group Policy Class Notes
MCSE AND SYSTEM ADMINISTRATOR JOB INTERVIEW
MCSE AND SYSTEM ADMINISTRATOR JOB INTERVIEW
Module 6: Creating and Configuring Group Policy
Module 6: Creating and Configuring Group Policy
Svr2012InstallWeek04
Svr2012InstallWeek04
Ch10EOCAs
Ch10EOCAs
Chapter 7
Chapter 7
MOAC294_Chapter07
MOAC294_Chapter07
Download
advertisement