Group Policy Object Heng Sovannarith heng_sovannarith@yahoo.com
Group Policy is a method of controlling se?ng across your network. Group Policy consists of user and computer se?ng on all version of Windows since Windows 2000 that can be implemented during computer startup and shutdown and user logon and logoff You can configure one or more GPOs with a domain and then user a process called linking which applies these se?ngs to various containers (domain, sites, and OUs) with AcMve Directory. You can link mulmple GPOs to a single container or link one GPO to mulmple containers throughout the AcMve Directory structure.
The follwing managed se?ngs can be defined or changed through Group Policies: Registry- based policies As the name implies, these se?ngs modify the Windows Registry. So3ware installa6on policies can be used to ensure that user always have a the latest version of applicamons. Folder redirec6on allows files to be redirected to a network drive for backup and make them accessible from anywhere on the network. Offline file storage work with folder redirecmon to provide the ability to cached file locally. This allow files to be available even when the network is in accessible.
Scripts Including logon, logoff, startup, and shutdown scripts, these can assist in configuring the user environment. Windows Deployment Service (WDS) Assists in rebuilding or deploying workstamons quickly and efficiently in an enterprise environment. MicrosoW Internet Explorer Se?ngs Provide quick links and bookmarks for user accessibility, in addimon to browser opmons such as proxy user, acceptance of cookie, and caching opmons. Security se?ng protect resources on computer in the enterprise.
Group Policies can be linked to sites, domains, or Ous (not groups) to apply those se?ngs to all users and computers with these AcMve Directory container. Contain all of Group Policy se?ngs that you wish to implement to user and computer objects within a site, domain, or OU. Must be associated (linking) with a container to which it is applied. There are three types of GPOs: Local GPOs Domain GPOs Starter GPOs
Local GPO The local GPO se?ng are stored on the local comptuer in the %systemroot%/system32/ GrouPolicy folder Local GPOs contain fewer opmons. They do not support folder redirecmon or Group Policy sowware installamon. Fewer security se?ngs are available When a local and a nonlocal (AcMve Directory- based) GPO have conflicmng se?ng, the local GPO is overwriben by the non local GPO.
Nonlocal GPOs Non- local GPs are created in AcMve Directory. They are linked to sites, domain, or Ous. Once linked to a container, the GPO is applied to all users and computer within that container by default.
Start GPOs A new feature in Window Server 2008. Used as GPO template with AcMve Directory Allow you to configure a standard set of items that will be configured by default in any GPO that is derived from a starter GPO.
Default Group Policies When AcMve Directory is installed, two main GPOs are created by default. Default Domain Policy It is linked to the domain, and its se?ng affect all users and computer in the domain. Default Domain Controller Policy It is linked to the Domain Controllers OU and its se?ng affect all domain controllers in the domain.
CreaMng and Managing Group Policies The Group Policy Management Console (GPMC) is a the MicrosoW Management Console (MMC) snap- in that is used to create and modify Group Policies and their se?ngs. The GPMC was not pre- installed in Windows Server 2003; it need to be downloaded manually from the MicrosoW Web site. The GPCM is included in Windows Server 2008 by default. When you configure a GPO, you will use the Group Policy Management Editor, which can be accessed through the GPMC or through AcMve Directory Users and Computers.
Group Policy Processing (LSDOU) Local policies. Site Policies. Domain policies. OU policies Any conflicmng GPO se?ngs are overwriben by the later running GPO.
Reference hbp://www.slideshare.net/brianmorris/ 70-640- lesson07- ppt- 041009