Lesson 11-The Best Policy: Managing Computers and Users

advertisement
Lesson 11-The Best Policy:
Managing Computers and
Users Through Group Policy
Khan
Rashid
Overview
• The capabilities of group policies.
• Manage security using group policies.
• Manage users’ environment using
group policies.
• Manage group policy implementation
and interaction.
Khan
Rashid
The Capabilities of Group
Policies
• Group policy tools.
• Group policy settings categories.
Khan
Rashid
Group Policy Tools
Group Policy Object Editor (GPOE):
– Is the most commonly used tool for
working with the Group Policy Objects
(GPOs).
– Is a snap-in for the Microsoft
Management Console (MMC).
Khan
Rashid
Group Policy Tools
There are several methods of
accessing the GPOE:
– Through the properties of the scope of
management (SOM) to which the GPO is
linked.
– By creating a new GPOE console.
Khan
Rashid
Group Policy Tools
The Group Policy tab of the Domain Properties
dialog box
Khan
Rashid
Group Policy Tools
Khan
The Group Policy Object Editor
Console
Rashid
Group Policy Tools
Group Policy Management Console
(GPMC):
Khan
– Is the newest tool for working with
GPOs.
– Provides a single, unified interface for
managing all aspects of all existing
group policies within the domain.
– Provides tools for analyzing and
controlling the interaction of multiple
policies.
Rashid
Group Policy Tools
The Group Policy Management Console
Khan
Rashid
Group Policy Settings
Categories
• Computer configuration settings.
• User configuration settings.
Khan
Rashid
Group Policy Settings
Categories
The computer and the user
configuration settings are subdivided
into the following categories:
• Software settings
• Windows settings
• Administrative templates
Khan
Rashid
Software Settings
Software Settings in the Group Policy
Object Editor
Khan
Rashid
Windows Settings
• The computer and the user
configuration Windows settings are
used to configure startup and
shutdown scripts.
• The user configuration Windows
settings provide fewer security
settings than those available under
computer configuration.
Khan
Rashid
Administrative Templates
The administrative templates
settings for computer and user
configuration can be used to:
• Change the desktop.
• Modify the logon procedure.
• Remove items from the Start menu or the
Control Panel.
Khan
Rashid
Manage Security Using
Group Policies
• Security settings.
• Software restriction policies.
Khan
Rashid
Security Settings
Account policies include:
– Password policies
– Kerberos policies
– Account lockout policies
Khan
Rashid
Security Settings
Password Policies and Their Default Domain Policy
Settings
Khan
Rashid
Security Settings
Kerberos policies:
– Kerberos policies rarely need to be
modified.
– Kerberos security authenticates user
accounts when users log on.
– It also allows them to request services
from the server without further
authentication.
Khan
Rashid
Security Settings
Account Lockout policies and Their Default
Domain Policy Settings
Khan
Rashid
Software Restriction Policies
Software restriction policies:
– Are one of the new features of Windows
Server 2003.
– Help to block executing specific
programs in a directory.
Khan
Rashid
Software Restriction Policies
The GPO Console
Khan
Rashid
Software Restriction Policies
Defining the
Khan
Rashid
Policy
Software Restriction Policies
Account Lockout
Khan
Rashid
Threshold
Properties
Software Restriction Policies
Software Restriction Policies
Khan
Rashid
Software Restriction Policies
New Path Rule
Khan
Rashid
Manage Users’ Environment
Using Group Policy
Khan
Policy Settings
Breakdown for the
Group Policy
Rashid
Administrative
Manage Users’ Environment
Using Group Policy
Khan
Administrative Templates
First-Level Categories
Rashid They Are
and Where
Manage Users’ Environment
Using Group Policy
The administrative templates settings
can be used:
– When the taskbar needs to be locked.
– When an appropriate wallpaper needs to
be used.
– When access to Control Panel needs to
be restricted.
Khan
Rashid
Manage Users’ Environment
Using Group Policy
Khan
Preventing Changes to Taskbar and
Start Menu
Settings
Rashid
Manage Users’ Environment
Using Group Policy
Setting Active Desktop
Khan
Rashid
Wallpaper
Manage Users’ Environment
Using Group Policy
Restrict Access to the Control Panel
Khan
Rashid
Manage Group Policy
Implementation and Interaction
• Applying group policy.
• Analyzing group policy interactions.
Khan
Rashid
Applying Group Policy
• Group Policy Object Options.
• Group Policy Object Properties.
Khan
Rashid
Group Policy Object Options
The options in the Group Policy Object
Options dialog box are:
– No Override – Prevents any other
settings from taking a higher priority.
– Disabled – Does not allow the settings
to be applied, if a GPO link is disabled.
Khan
Rashid
Group Policy Object Options
The Group Policy Object Options
dialog box
Khan
Rashid
Group Policy Object
Properties
The various tabs of the Properties
dialog box for a GPO link are:
• General – Allows users to disable the
computer and/or the used configuration
settings.
• Links – Offers a Find Now button that
searches and displays the sites, domains,
and OUs to which the GPO is linked.
Khan
Rashid
Analyzing Group Policy
Interactions
Resultant Set of Policy (RSoP):
– Is a group policy tool.
– Analyzes all the policies that apply in a
particular situation.
– Reports the resultant policy.
Khan
Rashid
Analyzing Group Policy
Interactions
RSoP can be run in one of the
following modes:
– Planning
– Logging
Khan
Rashid
Summary
• The various tools for working with the
group policy objects (GPOs) are the Group
Policy Object Editor (GPOE) and the Group
Policy Management Console (GPMC).
• The GPO settings are divided into the user
and the computer configuration settings.
• The user and the computer configuration
settings are further divided into software
settings, Windows settings, and
administrative templates.
Khan
Rashid
Summary
• The most commonly used security
settings are the account policies.
• Account policies include password,
account lockout, and Kerberos
policies.
• Software restriction policies help to
block executing specific programs in
an entire directory.
Khan
Rashid
Summary
• The five administrative templates
files are System.adm, Inetres.adm,
conf.adm, Wuau.adm, and
Wmplayer.adm.
• Resultant Set of Policy (RSoP) is a
tool for analyzing the effect of all
applicable policies on a particular
domain, site, OU, computer, or user.
Khan
Rashid
Download