11.1 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003...
-
Upload
felicia-white -
Category
Documents
-
view
213 -
download
0
Transcript of 11.1 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003...
11.1 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Goals Design Group Policies to control the user environment
Design Group Policies to control the computer environment
Understand Group Policy application
Design a Group Policy administration strategy
Design a Group Policy deployment strategy
11.2 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Group Policy
Can be used to define a user’s desktop environment by managing various components
Contains two primary nodes
User Configuration: Affects environment associated with user accounts
Computer Configuration: Responsible for defining configuration changes to computer accounts (see Skill 2)
Designing Group Policies to Control the User Environment
(Skill 1)
11.3 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Computer Configuration node
Responsible for defining configuration changes to computer accounts
Changes apply to the computer account regardless of the user that is logged in
Settings take precedence over user configuration settings if there is a conflict
Use same process to design computer configuration policies as used for designing user configuration policies
Designing Group Policies to Control the Computer Environment
(Skill 2)
11.4 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Role of Group Policy begins when a computer starts up and user logs on (see Figure 11-1 for description of process of computer startup and user logon)
Group Policies are inherited from parent containers to child containers
Possible to set a separate Group Policy for a child container to override settings it inherits from its parent container
Group Policies do not flow between domains
Exception: A Group Policy applied to a site affects all users and/or computers in the site, regardless of domain
Understanding Group Policy Application
(Skill 3)
11.5 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Processing sequence
If no conflicts within policies, all settings from all policies apply
If a conflict occurs, the policy to apply last wins
Sequence in which Group Policy settings are applied
Local GPO
Site GPO
Domain GPO
OU GPOs
Understanding Group Policy Application (2)
(Skill 3)
11.6 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
If more than one GPO is linked to a site, domain, or OU, policies are processed in reverse order (bottom to top) for each container
Exceptions to order in which GPOs are processed
If a computer belongs to a workgroup, it processes only local GPOs
If the No Override option is set for a GPO, no configured policy settings in the GPO can be overridden
In case of multiple GPOs set to No Override, the GPO that is highest in the Active Directory hierarchy gets highest priority; if multiple GPOs in a single container, the one at the bottom of the list wins
Understanding Group Policy Application (3)
(Skill 3)
11.7 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
If Block Policy Inheritance is set for a domain or OU, the GPOs above that point in the structure are blocked
If there is a conflict between No Override and Block Inheritance, No Override always wins
If Loopback settings are applied to a GPO list, the default GPO processing order is not maintained
Group Policies are never applied to Windows NT, 95, 98 or Windows Me computers
Understanding Group Policy Application (4)
(Skill 3)
11.8 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Figure 11-1 The sequence in which computer configuration and user configuration settings are applied
(Skill 3)
11.9 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Figure 11-2 The GPO list
(Skill 3)
11.10 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Figure 11-3 The components of GPO administration
(Skill 4)
11.11 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Factors to consider when implementing Group Policy
Location of GPOs
Delegation of authority
Organization structure
Designing a Group Policy Deployment Strategy
(Skill 5)
11.12 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Major types of Group Policy implementation strategies
Centralized vs. decentralized GPO design
Functional role or team design
Delegation with central control design or distributed control design
Designing a Group Policy Deployment Strategy (2)
(Skill 5)
11.13 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Centralized vs. decentralized GPO design
Centralized approach suggests organization network should be maintained by a small number of large GPOs
Decentralized approach uses separate GPOs for specific policy settings
Designing a Group Policy Deployment Strategy (3)
(Skill 5)
11.14 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Functional role or team design
Uses functional roles of users in the organization to apply Group Policy
Create an OU structure that corresponds to the team structure of the organization
Create a GPO for each OU
Minimizes the number of GPOs to be used as each GPO caters to the needs of a group
Designing a Group Policy Deployment Strategy (4)
(Skill 5)
11.15 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Delegation with central control design or distributed control design
Central control is based on delegating the administrative control of OUs to various administrators of an organization
As an example, create a GPO with specific desktop settings at the domain level
Settings would apply on all child containers, thus maintaining centralized control on the entire domain
Designing a Group Policy Deployment Strategy (5)
(Skill 5)
11.16 © 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network Infrastructure
Lesson 11: Planning Group Policy Implementation
Resultant Set of Policy (RSoP)
Useful tool for troubleshooting Group Policies
Shows the effective Group Policy settings applied to a user, and the GPOs from which those settings are inherited
New feature in Windows Server 2003
Similar to gpresult.exe, which is included in Windows 2000 Resource Kit for Windows 2000 domains
Designing a Group Policy Deployment Strategy (6)
(Skill 5)