THE USE OF MODELING TOOLS FOR POLICY IN EVOLUTIONARY ENVIRONMENTS
Using Group Policy to Manage User Environments
description
Transcript of Using Group Policy to Manage User Environments
![Page 1: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/1.jpg)
Using Group Policy to Manage User Environments
![Page 2: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/2.jpg)
Overview
Introduction to Managing User Environments
Introduction to Administrative Templates
Assigning Scripts with Group Policy
Using Group Policy to Redirect Folders
Using Group Policy to Secure the User Environment
Troubleshooting User Environment Management
Best Practices
![Page 3: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/3.jpg)
Introduction to Managing User Environments
Control What Users Can Do in Their Environments
Configure and Centrally Manage User Environments Ensure that users always have their data Populate user desktops
Manage User EnvironmentsAdministrative
Templates SettingsScript
SettingsRedirecting User Folders
SecuritySettings
MyDocuments
MyDocuments
HKEY_LOCAL_MACHINEHKEY_CURRENT_USER
RegistryRegistry
![Page 4: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/4.jpg)
What are Administrative Templates?
An administrative template controls the Registry settings of multiple computers (those in the OU, domain or site to which the Group Policy is applied), without requiring manual editing of the individual Registries.
![Page 5: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/5.jpg)
OU Structure
![Page 6: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/6.jpg)
Administrative Templates
![Page 7: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/7.jpg)
Deploying a screen saver lock utilizing Administrative Templates
![Page 8: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/8.jpg)
Cleaning out Temporary Internet files utilizing Administrative Templates
![Page 9: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/9.jpg)
Setting up Software Update Server (SUS) utilizing Administrative Templates
![Page 10: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/10.jpg)
User based policy for all users utilizing Administrative Templates
![Page 11: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/11.jpg)
Adding a custom Administrative Template (*.adm)
![Page 12: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/12.jpg)
What Are Group Policy Script Settings?
Group Policy Script Settings Allow You to: Centrally Configure Scripts to Run Automatically at Startup and
Shutdown, and When Users Log On and Log Off
ScriptsScripts
Computer ConfigurationComputer Configuration
Startup/ShutdownStartup/ShutdownStartup/ShutdownStartup/Shutdown
User ConfigurationUser Configuration
Logon/LogoffLogon/LogoffLogon/LogoffLogon/Logoff
Startup/ShutdownStartup/ShutdownStartup/ShutdownStartup/Shutdown
ComputerComputer
UserUser
Logon/LogoffLogon/LogoffLogon/LogoffLogon/Logoff
![Page 13: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/13.jpg)
Assigning Scripts with Group Policy
What Are Group Policy Script Settings?
The Process of Applying Script Settings with Group Policy
Assigning Group Policy Script Settings
![Page 14: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/14.jpg)
User based logon script for the Fire Dept users
![Page 15: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/15.jpg)
Using Group Policy to Redirect Folders
What Is Folder Redirection?
Selecting the Folders to Redirect
Redirecting Folders to a Server Location
![Page 16: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/16.jpg)
What Is Folder Redirection?
Advantages of Folder Redirection:
Data Is Always Available to Users Regardless of the Computer Logged on to
Data Is Centrally Stored for Ease of Management and Backup
Network Traffic Is Generated Only When Users Gain Access to Files
Files Are Not Saved on the Client Computer
Redirected Personal FoldersRedirected Personal FoldersRedirected Personal FoldersRedirected Personal Folders
Documents Are Stored on the Server but Appear to Be Stored
Locally
Documents Are Stored on the Server but Appear to Be Stored
Locally
MyDocuments
MyDocuments
MyDocuments
MyDocuments
![Page 17: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/17.jpg)
Selecting the Folders to Redirect
FolderFolderFolderFolder ContainsContainsContainsContains Redirect to a server so thatRedirect to a server so thatRedirect to a server so thatRedirect to a server so that
My DocumentsMy Documents A user’s personal data A user’s personal data
Start MenuStart Menu Folders and shortcuts on the Start menuFolders and shortcuts on the Start menu
DesktopDesktop All files and folders that a user places on the desktopAll files and folders that a user places on the desktop
ApplicationDataApplicationData
User-specific data storedby applicationsUser-specific data storedby applications
Users can access their data from any computer, and this data can be backed up and managed centrally
Users can access their data from any computer, and this data can be backed up and managed centrally
Users’ Start menus are standardizedUsers’ Start menus are standardized
Users have the same desktop regardless of the computer to which they log onUsers have the same desktop regardless of the computer to which they log on
Applications use the same user-specific data for a user regardless of the computer to which the user logs on
Applications use the same user-specific data for a user regardless of the computer to which the user logs on
![Page 18: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/18.jpg)
Redirecting Folders to a Server Location
When Redirecting User Folders:
Desktop PropertiesTarget Settings
You can specify the location of the Desktop folder
No administrative policy specifiedSetting:
OK Cancel ApplyApply
The Group Policy Object will have no effect on the location of this folder.
Desktop Properties
Target Settings
You can specify the location of the Desktop folder
Basic – Redirect everyone’s folder to the dame locSetting:
OK Cancel Apply
This folder will be redirected to the specified location. An example target path is: \\server\share\%username%.
Target folder location
\\london\desktops\%username%
Browse
Desktop Properties
Target Settings
You can specify the location of the Desktop folder
Advanced – Specify locations for various user grouSetting:
OK Cancel Apply
This folder will be redirected to different locations based on the security group membership of the users. An example target path is \\server\share\%username%
Security Group Membership
GroupCONTOSO\acct \\london\acct\%username%CONTOSO\sales \\london\sales\%username%
Path
Add EditEdit RemoveRemove
Use the%username%
variable
Use the%username%
variable
![Page 19: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/19.jpg)
Redirecting My Documents
![Page 20: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/20.jpg)
Security Settings
Account Policies Password Policies Account Lockout
Local Policies Auditing User Rights Security
Event Logs Log size Retention
Services Global settings for all computers
![Page 21: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/21.jpg)
Account Policies are…
Password policies
Minimum and maximum password age
Enforce password history
Password must meet complexity requirements
Account lockout options
Account lockout duration
Account lockout threshold
Reset account lockout after…
![Page 22: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/22.jpg)
Account Policies
![Page 23: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/23.jpg)
Local Policies
Auditing
What is it? Give me some examples
User rights
Backup files and directories
Restore files and directories
Load and unload device drivers
Security options
Do not display last username
Message text for users logging on
Message title for users attempting to logon
![Page 24: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/24.jpg)
Local Policies
![Page 25: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/25.jpg)
Auditing policy for everyone logging in
![Page 26: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/26.jpg)
Event log settings are used to …
Set log sizes on computers globally
To retain the logs
Retention settings for all the logs
![Page 27: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/27.jpg)
Event Log settings
![Page 28: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/28.jpg)
Services
Messenger service
Netmeeting
Task scheduler
Telnet
Terminal services
![Page 29: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/29.jpg)
Services
![Page 30: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/30.jpg)
Computer based policy (Disable Services) for all computers
![Page 31: Using Group Policy to Manage User Environments](https://reader036.fdocuments.in/reader036/viewer/2022062322/568150cf550346895dbef362/html5/thumbnails/31.jpg)
Best Practices
Create a Minimal Number of GPOs RequiredCreate a Minimal Number of GPOs Required
Always Test the Effects of Administrative Template SettingsAlways Test the Effects of Administrative Template Settings
Always Redirect the My Documents Folders Always Redirect the My Documents Folders