Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada...
-
Upload
ian-keating -
Category
Documents
-
view
213 -
download
1
Transcript of Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada...
Understanding Group Policy Part 3 of 3
Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor
Microsoft CanadaMicrosoft Canada
[email protected]@microsoft.comhttp://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus
What Will We Cover?• Group Policy Management
• Advanced Group Policy Security
• Scripting Group Policy
• Group Policy Modeling
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
Administrative Template Extension
• Simple way to configure policy
• Largest Group Policy extension
• .ADM files enable user interface
Using ADM Template Extensions
Domain Controller Active
Directory Database
SYSVOL
Modify Group PolicyModify Group Policy11 Stored on domain controllerStored on domain controller22 Policy applied to clientPolicy applied to client33
Demo
Reviewing .ADM Files
demonstration
Custom ADM Templates
Use to Do not use to
• Increase security• Disable interface options• Disable confusing items• Control data
• Configure all settings• Create unsupported policy
Registry Policies
HKEY_LOCAL_MACHINE\SOFTWARE\policies
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\policies
HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Demo
Customizing .ADM Templates
demonstration
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
Scripting Group Policy
GPMC
COM Interfaces
Sample Scripts
Backing up GPOs
Creating a new GPO
Creating environment using XML
Importing a GPO
Listing disabled GPOs
Listing GPO information
Demo
Scripting Group Policy
Using GPMC Scripts Changing the Script Host Engine Using Scripts to Back up GPOs
demonstration
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
Exclude Accounts from Group Policy
Domain Controller
Administrator
Demo
Configuring Group Policy ACLs
Protect Administrator from Group Policy
demonstration
Delegating Control of GPOs
Domain Controller
Administrator
Delegate
Delegate
Demo
Delegating Administration
Delegating “create GPOs” to ITGroup Delegating Sales User GPO
demonstration
Security Configuration and Analysis
Does the hard work
Enables quick review
Ensures policies are enforced
Allows local security configuration
Security Configuration Wizard
Security Configuration
Wizard
download.microsoft.com/download/f/7/1/f71adf6e-dbab-48a2-9a29-9e481110fd55/SCWQuickStartDoc.doc
Administrator
Demo
Applying Security Templates
demonstration
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
Windows 2000 Windows XP
Windows XP
WMI Filtering
Domain Controller
WMI Filter
XP Professional only
Demo
Using WMI Filters
Creating WMI Filters Applying WMI Filters Modeling WMI Filters
demonstration
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
GPO Backup
Copying GPOs between Domains
us.contoso.com uk.contoso.com
GPO Copy
us.contoso.comus.fabrikam.com
GPO Import
Demo
Migrating GPOs across Domains
demonstration
Agenda
• Managing .ADM Files
• Scripting Group Policy
• Implementing Advanced Security
• Using WMI Filters
• Migrating GPOs across Domains
• Using Advanced Group Policy Modeling
Group Policy Modeling Overview
• Group Policy Modeling Wizard
• Group Policy Results Wizard
• HTML Reports
www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/b8af2303-dac9-4fd5-9717-c3a7f553c627.mspx
Loopback Processing
• Changes GPO processing order
• Process only computer settings
• Merge user and computer settings
Demo
Modeling GPO Loopback
demonstration
Session Summary• Manage and control your environment more easily
• Enhance security in your environment
• Group Policy Modeling predicts behavior of GPOs before implementing them
For More Information
Visit TechNet at
www.microsoft.ca/technet
Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor
Microsoft CanadaMicrosoft Canada
[email protected]@microsoft.comhttp://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus