Professional Documents
Culture Documents
Lesson 7
Skills Matrix
Technology Skill
Objective Domain
Objective #
4.3
Group Policy
Group Policy is a method of controlling settings
across your network.
Group Policy consists of user and computer
settings on all versions of Windows since
Windows 2000 that can be implemented during
computer startup and shutdown and user logon
and logoff.
You can configure one or more GPOs within a
domain and then use a process called linking,
which applies these settings to various containers
(domain, sites and OUs) within Active Directory.
You can link multiple GPOs to a single container
or link one GPO to multiple containers throughout
the Active Directory structure.
Group Policy
The following managed settings can be defined
or changed through Group Policies:
Registry-based policies - As the name implies,
these settings modify the Windows Registry.
Software installation policies can be used to
ensure that users always have the latest versions
of applications.
Folder redirection allows files to be redirected to
a network drive for backup and makes them
accessible from anywhere on the network.
Offline file storage works with folder redirection
to provide the ability to cache files locally. This
allows files to be available even when the
network is inaccessible.
Group Policy
Scripts Including logon, logoff, startup, and
shutdown scripts, these can assist in configuring
the user environment.
Windows Deployment Services (WDS)
Assists in rebuilding or deploying workstations
quickly and efficiently in an enterprise
environment.
Microsoft Internet Explorer settings Provide
quick links and bookmarks for user accessibility,
in addition to browser options such as proxy use,
acceptance of cookies, and caching options.
Security settings Protect resources on
computers in the enterprise.
Group Policy
Group Policies can be linked to sites,
domains, or OUs (not groups) to apply
those settings to all users and computers
within these Active Directory containers.
You can use security group filtering,
which allows you to apply GPO settings to
only one or more users or groups within a
container by selectively granting the
Apply Group Policy permission to one or
more users or security groups.
Local GPO
The local GPO settings are stored on the local
computer in the
%systemroot%/System32/GroupPolicy folder.
Local GPOs contain fewer options.
They do not support folder redirection or Group
Policy software installation.
Fewer security settings are available.
Nonlocal GPOs
Nonlocal GPOs are created in Active Directory.
They are linked to sites, domains, or OUs.
Once linked to a container, the GPO is applied to
all users and computers within that container by
default.
Starter GPOs
A new feature in Windows Server 2008.
Used as GPO templates within Active
Directory.
Allow you to configure a standard set of
items that will be configured by default in
any GPO that is derived from a starter
GPO.
GPO Inheritance
You link a GPO to a domain, site, or OU or
create and link a GPO to one of these
containers in a single step. The settings
within that GPO apply to all child objects
within the object.
Local policies.
Site policies.
Domain policies.
OU policies.
GPUpdate Command
If you make changes to a group policy,
users may not see changes take effect
until:
They log off or log back in.
They Reboot the computer.
They wait 90 minutes (+/- 30 minutes) for
stand-alone servers/workstations and 2
minutes for domain controllers.
Summary
Group Policy consists of user and computer
settings that can be implemented during
computer startup and user logon.
These settings can be used to customize the user
environment, to implement security guidelines,
and to assist in simplifying user and desktop
administration.
Group Policies can be beneficial to users and
administrators.
They can be used to increase a company's return
on investment and to decrease the overall total
cost of ownership for the network.
Summary
In Active Directory, Group Policies can be
assigned to sites, domains, and OUs.
By default, there is one local policy per
computer. Local policy settings are
overwritten by Active Directory policy
settings.
Summary
Group Policy content is stored in an Active
Directory GPC and in a GPT.
The GPC can be seen using the Advanced
Features view in Active Directory Users
and Computers.
The GPT is a GUID-named folder located
in the
systemroot\sysvol\SYSVOL\domain_name\
Policies folder.
Summary
The Default Domain Policy and the Default
Domain Controller Policy are created by
default when Active Directory is installed.
The Group Policy Management Console is
the tool used to create and modify Group
Policies and their settings.
Summary
GPO nodes contain three subnodes
including Software Settings, Windows
Settings, and Administrative Templates.
Administrative templates are XML files
with the .admx file extension.
Over 100 ADMX files are included with
Windows Server 2008.
Summary
The order of Group Policy processing can
be remembered using the acronym
LSDOU:
Local
Site
Domain
OU
Summary
Group Policies applied to parent
containers are inherited by all child
containers and objects.
Inheritance can be altered by using the
Enforce, Block Policy Inheritance, or
Loopback settings.