Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

Implementing Group Policy

advertisement 
April 8, 2009
[Course 2274: Managing a Microsoft® Windows Server™ 2003 Environment]
How to Edit Local Computer Policy Settings
To edit the local computer policy settings, you must be a local computer administrator or a
member of the Domain Admins or Enterprise Admins groups.
1. Add the Group Policy Object Editor for the local computer to an MMC console:
a. Open an MMC console window.
b. Add the Group Policy Object Editor snap-in, focused on the local computer.
2. In the console tree, double-click the folders to view the policy settings in the details pane.
3. In the details pane, double-click a policy setting to open the Properties dialog box, and
then change the policy setting.
a. The default setting is Not Configured, which does not affect the current state of the
computer. The computer will use the current or default setting.
b. Enable a policy to enforce the action it specifies. For example, enable Prohibit
Access To Control Panel to prevent users from accessing Control Panel tools.
c. Disable a policy to prohibit the action it specifies. For example, disable Force
Classic Control Panel Style to force the Control Panel to appear in Category view.
d. Multi-valued policies require you to provide additional information after you enable
the policy, such as the name of a user or group, or a computer's name or IP address.
Create, Link, or Edit a GPO with Active Directory Users and Computers
1. Right-click the domain or OU and then click Properties.
2. Click the Group Policy tab.
3. If you need to add a GPO link, either create a new GPO or link an existing GPO.
a. To create a new GPO, click New, type a name for the GPO, and click OK.
b. To link an existing GPO, click Add, browse to select the GPO, and click OK.
4. If you need to edit the GPO settings, in the list, click the GPO, and then click Edit. Close
Group Policy Object Editor when you are done. On the property sheet, click OK.
Student Note:
Be careful when you edit settings in a GPO that is linked to multiple
containers so that you do not produce unexpected results.
Create, Link, or Edit GPOs Using Group Policy Management
1.
2.
In Group Policy Management, in the console tree, expand the forest containing the
domain in which you want to create a new GPO, and then expand Domains. Expand the
domain.
Create or link the GPO:
a. To create an unlinked GPO, right-click Group Policy Objects, and then click New.
Type a name and click OK.
How to Edit Local Computer Policy Settings
1
April 8, 2009
[Course 2274: Managing a Microsoft® Windows Server™ 2003 Environment]
b. To create and link a GPO, right-click the domain or OU and click Create and Link a
GPO Here. Type a name, and then click OK.
c. To link an existing GPO, right-click the site, domain, or OU, and then click Link an
Existing GPO. Select the GPO, and then click OK.
3.
To edit the GPO, right-click the GPO, and then click Edit. Close Group Policy Object
Editor when you are done.
How to Manage Group Policy Deployment
Configure the No Override Option
To configure the No Override option:
1.
2.
3.
4.
In Active Directory Users and Computers, open the properties of the domain or OU where
you want to block inheritance.
Click the Group Policy tab.
Select the GPO you want to configure, and then click Options.
Select No override: Prevents other Group Policy Objects from overriding policy set
in this one.
Note:
You can also us the Options dialog box to disable the GPO but leave it linked to the
domain or OU.
Configure Group Policy Filtering with Active Directory Users and Computers
To configure Group Policy filtering with Active Directory Users and Computers:
1.
2.
3.
4.
5.
6.
In Active Directory Users and Computers, open the properties of the domain or OU where
you want to block inheritance.
Click the Group Policy tab.
Select the GPO you want to configure, and then click Properties.
Click the Security tab.
If necessary, add accounts to the permissions list.
Click the account for which you want to filter the GPO.
a. To give the account access to the GPO, select the Allow Read and Allow Apply
Group Policy check boxes.
b. To give the account access to the GPO, select the Deny Read and Deny Apply
Group Policy check boxes.
7.
Click OK twice.
How to Manage Group Policy Deployment
2
April 8, 2009
[Course 2274: Managing a Microsoft® Windows Server™ 2003 Environment]
Configure Group Policy Filtering with Group Policy Management
To configure Group Policy filtering with Group Policy Management:
1.
2.
3.
In Group Policy Management, in the console tree, expand the forest and domain with
the GPO.
Expand Group Policy Objects, and then click the GPO.
To grant an account access to the GPO:
a. In the Details pane, on the Scope tab, under Security Filtering, click Add.
b. Enter the account name, and then click OK to add the account and grant the Allow
Read and Allow Apply Group Policy permissions.
4.
To deny an account access to the GPO:
a. In the details pane, select the Delegation tab.
b. Click Advanced.
c. If necessary, add accounts to the permissions list.
d. Click the account for which you want to filter the GPO, and select the Deny Read
and Deny Apply Group Policy check boxes.
e. Click OK.
How to Edit Domain Group Policy Settings
Edit a Group Policy Setting
To edit a Group Policy Setting:
1.
2.
3.
4.
Open the Group Policy Object for editing:
a. In Group Policy Management, in the console tree, navigate to Group Policy Objects.
Right-click the GPO and then click Edit.
b. In Active Directory Users and Computers or Active Directory Sites and Services,
right-click the directory container object the GPO is linked to, click Properties, and
then click the Group Policy tab. Click the GPO, and then click Edit.
In Group Policy Object Editor, navigate to the Group Policy Setting that you want to edit,
and double-click the setting.
In the Properties dialog box, configure the Group Policy setting, and then click OK.
Close Group Policy Object Editor. If the property sheet for the directory container object
is open, click OK.
Configure Group Policy Filtering with Group Policy Management
3
April 8, 2009
[Course 2274: Managing a Microsoft® Windows Server™ 2003 Environment]
How to Deploy Scripts
Assign Scripts with Group Policy
To assign scripts with Group Policy:
1.
2.
3.
Create, test, and save the script file.
Open the GPO for editing.
Open the appropriate policy node:
a. To assign computer startup or shutdown scripts, expand the Computer
Configuration, Windows Settings node.
b. To assign user logon or logoff scripts, expand the User Configuration, Windows
Settings node.
4.
5.
6.
7.
Select the Scripts object.
In the details pane, double-click the type of script you want to assign.
Click Add to add a script assignment.
Click Browse to open the script file folder. Copy and paste the script file into this folder
window. Select the script file and then click Open.
8. In the Add a Script dialog box, in the Script Parameters box, add any parameters that
you would add to the script if you were running it from the command line.
9. Click OK.
10. In the Properties dialog box for the script type, manage the assigned scripts as needed:
a. To change the order of script processing, click a script in the Scripts list, and then
click Up or Down.
b. To change the script name or parameters, click a script, and then click Edit.
c. To remove a script from the list, click the script, and then click Remove.
d. To view the script files stored in the current GPO, click Show Files.
How to Analyze Group Policy Settings
Analyze Group Policy Settings with Group Policy Reporting
1.
2.
3.
4.
5.
In Group Policy Management, expand the forest, domain, and domain name to locate
the GPO you want to generate a report for.
Click the GPO.
In the details pane, click the Settings tab to view the report.
View sections of the report:
a. Click the Show or Hide links to expand or collapse sections of the report display.
b. Click Show All or Hide All to completely expand or collapse the report display.
To print or save the report, right-click the report, and then click Print or Save Report.
How to Deploy Scripts
4
April 8, 2009
[Course 2274: Managing a Microsoft® Windows Server™ 2003 Environment]
Analyze Group Policy Settings with Group Policy Results
1.
2.
3.
4.
5.
6.
In Group Policy Management, expand the forest.
In the console tree, right-click Group Policy Results, and then click Group Policy
Results Wizard.
Click Next.
Follow the prompts in the Wizard to select the user and/or computer for which you want
to generate policy results.
Click Finish. The report will appear in the details pane.
Use the Show and Hide links to view the report.
How to Analyze Group Policy Settings
5
Related documents
GPO Training Program Application
GPO Training Program Application
CH 7 Introduction to Group Policy
CH 7 Introduction to Group Policy
MCSE AND SYSTEM ADMINISTRATOR JOB INTERVIEW
MCSE AND SYSTEM ADMINISTRATOR JOB INTERVIEW
applicant details - BC Cancer Agency
applicant details - BC Cancer Agency
Branches of Government Activity Page
Branches of Government Activity Page
The 1916 Easter Rising
The 1916 Easter Rising
DISCOVER THE USA 1) USA = U S of A
DISCOVER THE USA 1) USA = U S of A
Administrative Templates Files used to generate the user interface
Administrative Templates Files used to generate the user interface
The U - Madison Public Schools
The U - Madison Public Schools
Download
advertisement