How To Write A Gpmc Script For A Gpc (Windows 2003) On A Windows 2000 (Windows 2000) On Your Computer Or Your Computer (Windows 3) On An Ipad Or Ipad (Windows 2) On The Macbook



Similar documents
Fundamentals, Security, and the Managed Desktop

MS-50255: Managing, Maintaining, and Securing Your Networks Through Group Policy. Course Objectives. Required Exam(s) Price.

Managing Windows Environments with Group Policy

Managing Windows Environments with Group Policy 50255D; 5 Days, Instructor-led

MS 50255B: Managing Windows Environments with Group Policy (4 Days)

Installing, Configuring, and Managing a Microsoft Active Directory

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

Microsoft. Jump Start. M11: Implementing Active Directory Domain Services

PLANNING AND DESIGNING GROUP POLICY, PART 1

Windows Boston. Group Policy Group Policy Basics. Published 2007 Clyde G. Johnson, MCSE, A+

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

50255: Managing Windows Environments with Group Policy

Group Policy Infrastructure

Configuring, Managing and Maintaining Windows Server 2008 Servers

Configuring Managing and Maintaining Windows Server 2008 Servers (6419B)

Group Policy 21/05/2013

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Windows" 7 Desktop Support

MOC 6419: Configuring, Managing, and Maintaining Windows Server 2008

Managing and Maintaining a Microsoft Windows Server 2003 Environment

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Lecture 3: Active Directory Domain Service (AD DS)

6419: Configuring, Managing, and Maintaining Server 2008

Module 5: Implementing Group Policy

Windows GPO Deep Dive

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Module 8: Implementing Group Policy

6425C - Windows Server 2008 R2 Active Directory Domain Services

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring, Managing and Maintaining Windows Server 2008 Servers

MS 6419 Configuring, Managing and Maintaining Windows Server 2008-based Servers

411-Administering Windows Server 2012

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

Course 6419A: Configuring, Managing and Maintaining Windows Server 2008 Servers

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Paul McFedries. Home Server 2011 LEASHE. Third Edition. 800 East 96th Street, Indianapolis, Indiana USA

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

M6419 Configuring, Managing and Maintaining Windows Server 2008 Servers

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

Administering Windows Server 2012

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring, Managing and Maintaining Windows Server 2008 Servers

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425

Create, Link, or Edit a GPO with Active Directory Users and Computers

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

50331D Windows 7, Enterprise Desktop Support Technician (Windows 10 Curriculum)

Exam : Administrating Windows Server 2012 R2. Course Overview

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

Configuring, Managing and Maintaining Windows Server 2008-based Servers

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

THE POWER OF GROUP POLICY

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment

Course 6419B: Configuring, Managing and Maintaining Windows Server 2008-based Servers

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Group Policy and Organizational Unit Re-Structuring Template

Active Directory. Users & Computers. Group Policies

Server Manager Performance Monitor. Server Manager Diagnostics Page. . Information. . Audit Success. . Audit Failure

How to monitor AD security with MOM

Introduction. Acknowledgments Support & Feedback Preparing for the Exam. Chapter 1 Plan and deploy a server infrastructure 1

Partie Serveur Lab : Implement Group Policy. Create, Edit and Link GPOs. Lab : Explore Group Policy Settings and Features

Outline SSS Configuring and Troubleshooting Windows Server 2008 Active Directory

COMPLETE COMPUTING, INC.

Course Outline. Course 6419 : Configuring, Managing and Maintaining Windows Server 2008-based Servers. Duration: 5 Days

Course Description. Course Page - Page 1 of 9. Administering Windows Server 2012 M Length: 5 days Price: $2,795.00

How To Configure An Active Directory Domain Services

Course 6425C: Five days

This module explains how to configure and troubleshoot DNS, including DNS replication and caching.

Agency Pre Migration Tasks

ms-help://ms.technet.2005mar.1033/winnetsv/tnoffline/prodtechnol/winnetsv/maintain...

MS Exam Objectives Administering Windows Server 2012 R2

Privilege Guard 3.0 Administration Guide

70-685: Enterprise Desktop Support Technician

Microsoft" Windows8 Home Server

MCTS Guide to Microsoft Windows 7. Chapter 13 Enterprise Computing

2. Using Notepad, create a file called c:\demote.txt containing the following information:

WINDOWS 2000 Training Division, NIC

70-417: Upgrading Your Skills to MCSA Windows Server 2012

Lesson Plans LabSim for Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Windows 7, Enterprise Desktop Support Technician

Course: Configuring and Troubleshooting Windows Server 2008 Active Direct-ory Domain Services

M6425a Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Administering Group Policy with Group Policy Management Console

Guide to Securing Microsoft Windows 2000 Group Policy

Windows Server 2008 Active Directory Resource Kit

These guidelines can dramatically improve logon and startup performance.

Transcription:

Group Policy, Profiles, and IntelliMirror for Windows 2003, Windows XP, and Windows 2000 Jeremy Moskowitz SVBEX" San Francisco London

Introduction xviii Chapter 1 Group Policy Essentials 1 Getting Started with Group Policy 1 Understanding Local Group Policy 2 Group Policy Entities and Policy Settings 4 Active Directory-Based Group Policy 5 An Example of Group Policy Application 8 Examining the Resultant Set of Policy 9 At the Site Level 10 At the Domain Level 10 At the OU Level 10 Group Policy, Active Directory, and the GPMC 12 Kickin' It Old-School 12 GPMC Overview 15 Installing the GPMC 15 Using the GPMC in Active Directory 20 Active Directory Users and Computers versus GPMC 20 Adjusting the View within the GPMC 22 The GPMC-centric view 23 Our Own Group Policy Examples 25 More about Linking and the Group Policy Objects Container 26 Applying Group Policy Object to the Site Level 29 Applying Group Policy Objects to the Domain Level 31 Applying Group Policy Objects to the OU Level 34 Testing Your Delegation of Group Policy Management 39 Understanding Group Policy Object Linking Delegation 40 Granting OU Admins Access to Create New Group Policy Objects 41 Creating and Linking Group Policy Objects at the OU Level 42 Creating a New Group Policy Object in an OU 45 Moving Computers into the Human Resources Computers OU 47 Verifying Your Cumulative Changes 48 Things That Aren't Group Policy but Look Like Group Policy 50 Terminal Services 50 Routing and Remote Access 50 Final Thoughts 51

Chapter 2 Managing Group Policy with the GPMC 53 Common Procedures with the GPMC 53 Minimizing the View with Policy Setting Filtering 55 Raising or Lowering the Precedence of Multiple Group Policy Objects 57 Understanding GPMC's Link Warning 59 Stopping Group Policy Objects from Applying 60 Block Inheritance 65 The Enforced Function 66 Advanced Security and Delegation with the GPMC 68 Filtering Group Policy Objects 69 Granting User Permissions upon an Existing Group Policy Object 77 Granting Group Policy Object Creation Rights in the Domain 78 Special Group Policy Operation Delegations 79 Who Can Create and Use WMI Filters? 81 Performing RSoP Calculations with the GPMC 83 What's-Going-On Calculations with Group Policy Results 84 What-If Calculations with Group Policy Modeling 87 Backing Up and Restoring Group Policy Objects 90 Backing Up Group Policy Objects 90 Restoring Group Policy Objects 92 Backing Up and Restoring WMI Filters 94 Searching for Group Policy Objects with the GPMC 95 GPMC At-a-Glance Icon View 96 The GPMC At-a-Glance Compatibility Table 97 Final Thoughts 98 Chapter 3 Group Policy Processing Behavior 101 Group Policy Processing Principles 101 Initial Policy Processing 103 Background Refresh Policy Processing 104 Security Background Refresh Processing 112 Special Case: Moving a User or a Computer Object 117 Policy Application via Remote Access or Slow Links 118 Using Group Policy to Affect Group Policy 120 Affecting the User Settings of Group Policy 120 Affecting the Computer Settings of Group Policy 122 Group Policy Loopback Processing 130

XI Reviewing Normal Group Policy Processing 130 Group Policy Loopback Merge Mode 131 Group Policy Loopback Replace Mode 131 Group Policy with Cross-Forest Trusts 137 What Happens When Logging on to Different Clients Across a Cross-Forest Trust? 139 Disabling Loopback Processing When Using Cross-Forest Trusts 141 Cross-Forest Trust Client Matrix 142 Understanding Cross-Forest Trust Permissions 143 Intermixing Group Policy and NT 4 System Policy 145 Final Thoughts 147 Chapter 4 Troubleshooting Group Policy 149 Under the Hood of Group Policy 150 Inside Local Group Policy 150 Inside Active Directory Group Policy Objects 151 The Birth, Life, and Death of a GPO 155 How Group Policy Objects Are "Born" 155 How a GPO "Lives" 156 Death of a GPO 173 How Client Systems Get Group Policy Objects 173 Client-Side Extensions 174 Where Are Administrative Templates Registry Settings Stored? 177 Why Isn't Group Policy Applying? 179 Reviewing the Basics 179 Advanced Inspection 181 Client-Side Troubleshooting 189 RSoP for Windows 2000 189 RSoP for Windows 2003 and Windows XP 190 Advanced Group Policy Troubleshooting with Log Files 200 Using the Event Viewer 200 Diagnostic Event Log Registry Hacks 201 Turning On Verbose Logging 201 Final Thoughts 204 Chapter 5 Windows ADM Templates 207 Policies versus Preferences 208 Typical ADM Templates 209 Default ADM Templates 210 Vendor-Supplied ADM Templates 211 Creating Your Own Custom ADM Changes 219

xii Table of Contents Creating Your Own Custom ADM Template 220 Viewing Old-Style Preferences 221 Managing Windows ADM Templates 223 How Do You Currently Manage Your Group Policy Objects? 224 ADM Template Behavior ' 225 ADM Template Management Best Practice 227 Create a Windows XP Management Workstation 227 Throttling an Automatic ADM Template Upgrade 228 Cracking the ADM Files 230 Final Thoughts 231 Chapter 6 Implementing Security with Group Policy 233 The Two Default Group Policy Objects 233 GPOs Linked at the Domain Level 234 Group Policy Objects Linked to the Domain Controllers OU 238 Oops, the "Default Domain Policy" GPO and/or "Default Domain Controllers Policy" GPO Got Screwed Up! 240 Understanding Local and Effective Security Permissions 241 The Strange Life of Password Policy 243 Auditing with Group Policy 244 Auditing Group Policy Object Changes 248 Auditing File Access 251 Logon, Logoff, Startup, and Shutdown Scripts 252 Startup and Shutdown Scripts 253 Logon and Logoff Scripts 254 Internet Explorer Maintenance Policies 255 Wireless Network (802.11) Policies 256 Restricted Groups 256 Strictly Controlling Active Directory Groups 257 Strictly Controlling Local Group Membership 259 Strictly Applying Group Nesting 260 Which Groups Can Go into Which Other Groups Via Restricted Groups? 261 Software Restriction Policy 261 Software Restriction Policies' "Philosophies" 262 Software Restriction Policies' Rules 263 Securing Workstations with Templates 271 Security Templates 272 Your Own Security Templates 276 The Security Configuration and Analysis Snap-In 280 Applying Security Templates with Group Policy 287

xiii Final Thoughts What I Didn't Cover Even More Resources Designing versus Implementing 288 289 289 289 Chapter 7 Scripting GPMC Operations Getting Started with GPMC Scripting GPMC Scripting Caveats Scripting References Scripting Tools Setting the Stage for Your GPMC Scripts Initial GMPC Script Requirements Obtaining Domain DNS Names Automatically Obtaining Basic Domain and Site Information Creating Simple GPMC Scripts Automating Routine Group Policy Operations Documenting GPO Links and WMI Filter Links Documenting GPO Settings Creating and Linking New GPOs Backing Up GPOs Restoring GPOs Importing GPOs Changing GPO Permissions Forcing a Group Policy Object Refresh Enabling Remote Scripting Scripting the Forced Background Refresh Using the Included GPMC Scripts from Microsoft Final Thoughts Chapter 8 Profiles: Local, Roaming, and Mandatory What Is a User Profile? The NTUSER.DAT File Profile Folders The Default Local User Profile The Default Domain User Profile Roaming Profiles Setting Up Roaming Profiles Testing Roaming Profiles Migrating Local Profiles to Roaming Profiles Roaming and Nonroaming Folders Windows XP and Windows 2003 Profile Changes Affecting Roaming Profiles with Computer Group Policy Settings 291 292 292 292 293 294 295 297 298 299 303 303 308 310 312 314 318 319 326 326 327 328 329 331 331 332 333 334 338 339 340 344 346 347 348 351

xiv Table of Contents Affecting Roaming Profiles with User Group Policy Settings 357 Mandatory Profiles 362 Establishing Mandatory Profiles from a Local Profile 363 Mandatory Profiles from an Established Roaming Profile 365 Forced Mandatory Profiles (Super-Mandatory) 366 Final Thoughts 368 Chapter 9 IntelliMirror, Part 1: Redirected Folders, Offline Files, Synchronization Manager, and Disk Quotas 369 Overview of Change and Configuration Management and IntelliMirror 369 Redirected Folders 371 Redirected My Documents 372 Redirecting the Start Menu and the Desktop 384 Redirecting the Application Data 385 Troubleshooting Redirected Folders 386 Offline Files and the Synchronization Manager 388 Offline Files Basics 388 Synchronization Manager Basics 389 Making Offline Files Available 390 Client Configuration of Offline Folders 394 The "Do Nothing" Approach 394 Running Around to Each Client to Tweak Offline Files and the Synchronization Manager 399 Offline Files and Synchronization Manager Interaction 404 Using Folder Redirection and Offline Files over Slow Links 405 Synchronizing over Slow Links with Redirected My Documents 406 Synchronizing over Slow Links with Public Shares 406 Using Group Policy to Configure Offline Files (User and Computer Node) 410 Prohibit User Configuration of Offline Files 411 Synchronize All Offline Files When Logging On 411 Synchronize All Offline Files When Logging Off 411 Synchronize All Offline Files Before Suspend 411 Action on Server Disconnect 412 Nondefault Server Disconnect Actions 412 Remove "Make Available Offline" 412 Prevent Use of Offline Files Folder 413 Administratively Assigned Offline Files 413 Turn off Reminder Balloons 414

xv Reminder Balloon Frequency 415 Initial Reminder Balloon Lifetime 415 Reminder Balloon Lifetime 415 Event Logging Level 416 Prohibit "Make Available Offline" for These File and Folders 416 Do Not Automatically Make Redirected Folders Available Offline 417 Using Group Policy to Configure Offline Files (Exclusive to the Computer Node) 417 Allow or Disallow Use of the Offline Files Feature 417 Default Cache Size 418 Files Not Cached 418 At Logoff, Delete Local Copy of User's Offline Files 419 Subfolders Always Available Offline 419 Encrypt the Offline Files Cache 420 Configure Slow Link Speed 421 Disk Quotas 421 Quotas and Groups 424 Designing and Implementing a Quota Strategy 424 Import and Export Quota Entries 427 Using Group Policy to Affect Quotas 428 Final Thoughts 430 Chapter 10 IntelliMirror, Part 2: Software Deployment via Group Policy 431 GPSI Overview 431 The Windows Installer Service 432 Understanding.msi Packages 433 Utilizing an Existing.msi Package 434 Assigning and Publishing Applications 439 Assigning Applications 439 Publishing Applications 440 Rules of Deployment 440 Package-Targeting Strategy 441 Understanding.zap Files 446 Testing Publishing Applications to Users 448 Application Isolation 449 Advanced Published or Assigned 450 The General Tab 450 The Deployment Tab 451 The Upgrades Tab 456 The Categories Tab 457

xvi Table of Contents The Modifications Tab 458 The Security Tab 461 Default Group Policy Software Installation Properties 461 The General Tab 463 The Advanced Tab (Windows 2003 Server Tools Only) 463 The File Extensions Tab 464 The Categories Tab 465 Removing Applications 465 Users Can Manually Change or Remove Applications 465 Automatically Removing Assigned or Published.msi Applications 465 Forcefully Removing Assigned or Published.msi Applications 466 Removing Published.zap Applications 468 Troubleshooting the Removal of Applications 468 Using Group Policy Software Installation over Slow Links 469 Assigning Applications to Users Over Slow Links Using Windows 2000 470 Assigning Applications to Users over Slow Links Using Windows XP and Windows 2003 472 Managing.msi Packages and the Windows Installer 473 Inside the MSIEXEC Tool 473 Affecting Windows Installer with Group Policy 475 GPO Targeting with WMI Filters 482 Tools (and references) of the WMI Trade 483 WMI Filter Syntax 484 Creating and Using a WMI Filter 485 Final WMI Filter Thoughts 486 Fitting Microsoft SMS into Your Environment 487 SMS Versus "In the Box" Rundown Comparison 488 GPSI and SMS Coexistence 490 Final Thoughts 490 Chapter 11 Beyond IntelliMirror: Shadow Copies and Remote Installation Services 493 Shadow Copies 494 Setting Up Shadow Copies on the Server 494 Delivering Shadow Copies to the Client 496 Restoring Files with the Shadow Copies Client 496 Inside Remote Installation Services 499 Server Components 499 Client Components 500 Setting Up RIS Server 501

xvii Loading RIS 502 Installing the Base Image 502 Authorizing Your RIS Server 504 Managing the RIS Server 505 Installing Your First Client 506 Creating a Remote Boot Disk 507 Installing Your First Client 507 The Remote Installation Prep Tool (RIPrep) 511 How to Create Your Own Automated RIS Answer Files 513 Creating a Sample Fully Automated Answer File 513 Associating an Answer File with an Image 514 Using Group Policy to Manipulate Remote Installation Services 516 The Automatic Setup Section 516 The Custom Setup Section 517 The Restart Setup Section 518 The Tools Section 518 Final Thoughts 519 Appendix 521 Index 537

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information