Module 7: Managing the
User Environment by
Using Group Policy
Overview
Configuring Group Policy Settings
Assigning Scripts with Group Policy
Restricting Group Membership and Access to Software
Configuring Folder Redirection
Determining Applied GPOs
Lesson: Configuring Group Policy Settings
Why Use Group Policy?
What Are Enabled and Disabled Group Policy Settings?
Practice: Configuring Group Policy Settings
Why Use Group Policy?
Use Group Policy to:
Manage users and computers
Deploy software
Enforce security settings
Enforce a consistent desktop environment
Enforce loopback processing
What Are Enabled and Disabled Group Policy Settings?
Enable / Disable
Multivalued settings
Practice: Configuring Group Policy Settings
In this practice, you will:
Create a GPO to configure a standard
user desktop
Create a GPO to reverse a setting in
the standard desktop GPO for the
Legal department
Lesson: Assigning Scripts with Group Policy
What Are Group Policy Script Settings?
Why Use Group Policy Scripts?
Practice: Assigning Scripts with Group Policy
What Are Group Policy Script Settings?
Group Policy script settings can be used to assign:
For computers
 Startup scripts
 Shutdown scripts
For users
 Logon scripts
 Logoff scripts
Why Use Group Policy Scripts?
Group Policy scripts can:
Perform tasks that cannot be done through other
Group Policy settings
Clean desktops and return computers to their
original state
Provide a secure environment by clearing temp
folders and page files
Practice: Assigning Scripts with Group Policy
In this practice, you will:
Use Group Policy to assign a script to
map a drive
Test the script
Lesson: Restricting Group Membership and
Access to Software
Restricting Group Membership
What Is a Software Restriction Policy?
Software Restriction Rules
Practice: Restricting Group Membership and
Access to Software
Restricting Group Membership
Group Policy can control group membership:
 For any group on a local computer
 For any group in Active Directory
What is a Software Restriction Policy?
A policy-driven mechanism that identifies and
controls software on a client computer
A mechanism restricting software installation
and viruses
A component with two parts:
 A default rule with two options:
Unrestricted
Disallowed
 Exceptions to the default rule
Software Restriction Rules
Hash Rule
Certificate Rule
Use to employ MD5 or SHA1
hash of a file to confirm identity
Checks for digital signature on
application
Use to allow or prohibit a
certain version of a file from
being run
Use when you want to restrict
Win32 applications and
ActiveX content
Path Rule
Internet Zone Rule
Use when restricting the path
of a file
Controls how Internet Zones
can be accessed
Use when multiple files exist
for the same application
Use in high-security
environments to control access
to Web applications
Essential when SRPs are strict
Practice: Restricting Group Membership and
Access to Software
In this practice, you will:
Define the membership of the local
Administrators group for DEN-CL1
Restrict access to Outlook Express for
the domain
Lesson: Configuring Folder Redirection
What Is Folder Redirection?
Folders That Can Be Redirected
Settings That Configure Folder Redirection
Security Considerations for Configuring Folder
Redirection
Practice: Configuring Folder Redirection
What Is Folder Redirection?
Folder Redirection allows:
Redirection to folders on the local computer
or on a network drive
Folders on a server appear as if they are located on
the local drive
Folders That Can Be Redirected
My Documents
Application Data
Desktop
Start Menu
Settings That Configure Folder Redirection
Use basic Folder Redirection
for common files and limitedaccess files
With advanced Folder
Redirection, the server hosting
the folder location is based on
group membership
Accounting
Users
Accounts
A-M
Accounts
N-Z
Accounting
Managers
Misty
Anne
Security Considerations for Configuring
Folder Redirection
NTFS permissions for Folder Redirection root folder
Shared folder permissions for Folder Redirection
root folder
NTFS permissions for each user’s redirected folder
Practice: Configuring Folder Redirection
In this practice, you will:
Create a shared folder
Create a GPO to redirect the
My Documents folder
Test the Folder Redirection
Lesson: Determining Applied GPOs
What Are gpupdate and gpresult?
What Is Group Policy Reporting?
What Is Group Policy Modeling?
What Are Group Policy Results?
Practice: Determining Applied GPOs
What Are gpupdate and gpresult?
Use gpupdate to:
Manually refresh updated Group Policy settings
Force the refresh of all Group Policy settings
Force a reboot or logoff if required to refresh
the settings
Use gpresult to:
Display the resulting set of policies for a user
or computer
Redirect the resulting set of policies information to a file
What Is Group Policy Reporting?
What Is Group Policy Modeling?
What Are Group Policy Results?
Practice: Determining Applied GPOs
In this practice, you will:
Refresh GPO settings with gpupdate
Use Group Policy reporting to view the
settings in a GPO and save the report
Create a Group Policy Results report
Lab: Managing the User Environment by
Using Group Policy
After completing this lab, you will be able to:
 Create and apply a GPO to the Graphics
organizational unit
 Assign a logon script to connect to the
Graphics1 printer
 Use a GPO to configure the membership of
the Backup Operators group
 Use the Group Policy Results Wizard to
verify the policy settings