2 Using Group Policy Management Tools

16/11/2014
2 Using Group Policy Management Tools

Section Topics
Local vs. Domain Policies
Editing Local Policies
Managing Domain Policies
Understanding Group Policy Refresh
Section Objectives
After completing this section, you will be able to:

Use Group Policy Management tools
Describe the advantages of using domain policies instead of local policies
List the capabilities of the Group Policy Management Console
Describe the requirements for installing the Group Policy Management Console
Explain how to use the different GPMC features to create and manage policies
Describe the elements of the gpupdate command
Section Overview
This section describes the differences between local and domain policies and the Group Policy
management tools you can use to manage these policies. One of these tools is the Group
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=3&FontSize=
1/32
16/11/2014
Policy Management Console.

This section also describes the Group Policy refresh process and how to manually force a
refresh ahead of the default interval.
Local vs. Domain Policies
Figure 20: Local vs. Domain Policies

Policy management encompasses tools both at the local and domain level. You can manage
policies independently on each individual computer where appropriate. However, the power of
Group Policy is exposed in the domain environment where you can apply policies on a broad
basis to large numbers of computers and users. This provides a central management capability
that is not available when you configure policies locally. In addition, policies that are
configured through the domain cannot be overridden by local policy settings, so they are more
secure.
Group policies exist on every local computer and are applied at computer startup. This
happens regardless of whether the computer is part of a domain or in a stand-alone workgroup
mode.
Sometimes it is useful to configure local policies on a computer for a variety of reasons as
listed in Figure 20.
Beginning with Windows Vista, it is now possible to create multiple policies on the local
computer and apply them to different users or groups. This will most often be helpful in a
workgroup scenario when you cannot use domain-based policies.
2/32
16/11/2014
The following section explains how to edit local policies.
Editing Local Policies
Figure 21: Editing Local Policies

You can edit local policies by either running the gpedit.msc directly on the local computer, or
by running the mmc.exe and adding the GPOE (Group Policy Object Editor) snap-in. Figure
21 lists these tools and their features.
The following topics explain how to use these tools.
Using Gpedit.msc
3/32
16/11/2014
Figure 22: Using Gpedit.msc

Gpedit.msc is a simple tool that you can use to run and edit the policies on a local computer.
Depending on the Windows operating system that is running on the computer, it can be
executed as follows:
On Windows Vista or later computers, click Start and type gpedit.msc in the Search box
or on the Start screen with Windows 8 Client.
On Windows XP computers, click Start and type gpedit.msc in the Run box.
The advantage of this tool is that it is simple to run. However, when you launch gpedit.msc
manually, you can only edit policies on the local computer and you cannot change its focus.
Using MMC.exe with the Group Policy Object Editor Snapin
4/32
16/11/2014
Figure 23: Using MMC.exe with the Group Policy Object Editor Snap-in
Another way to edit policies is to use the MMC (Microsoft Management Console). After the
MMC starts, you can add the GPOE snap-in to the console. When you add the snap-in, you
will be prompted to edit the policies for either the local computer, or another system on the
network.
The advantages of using the MMC with the Group Policy Object Editor snap-in are:
You can edit policies on remote computers.
On Windows Vista and later computers, you can edit multiple local policies via the MMC
with the Group Policy Object Editor snap-in.
You can save the MMC to an *.msc file to conveniently edit local or remote computer
policies.
Managing Domain Policies
5/32
16/11/2014
Figure 24: Managing Domain Policies

The management of Group Policies involves using the right tools to create and edit a policy
and knowing where to create the policy and what values to set the items to. This topic
describes the process of managing Group Policies.
Using the GPMC
Figure 25: Using the GPMC

The GPMC (Group Policy Management Console), or gpmc.msc, is the primary tool for
viewing and managing all the policies that exist in a given Active Directory forest. You can
view all the sites, domains, and OUs from one console interface. The tool also displays a
listing of all GPOs that have been defined in each domain, even if they are not currently
applied to anything.
In addition to displaying the structure of the group policies, the GPMC tool allows the
administrator to quickly see which policy settings are being applied at each level of the OU
structure without opening each policy in the Group Policy Management Editor.
Built in to the GPMC are tools for viewing Group Policy modeling and Group Policy results.
6/32
16/11/2014
These tools are very helpful in testing and troubleshooting the policies that are applied to
computers or users.
This section describes the Group Policy Management Console.
Understanding the Group Policy Management Console
Figure 26: Understanding the Group Policy Management Console

The GPMC is a centralized policy management tool. Using the GPMC, you can perform most
of the common Group Policy operations without having to switch between separate windows
in separate Active Directory utilities. The GPMC also offers several capabilities, as shown in
Figure 26, that you cannot find anywhere else.
In Windows 2000, Windows XP, and Windows Server 2003, the GPMC is an optional piece
of software that is a free download from Microsoft. It is now the primary tool for Group
Policy management in Windows Server 2008 and later versions.
Before the GPMC
Think about the various actions that you occasionally need to perform with Group Policy.
Figure 27 lists these actions and the tools that you needed to carry them out prior to the arrival
of the GPMC.
7/32
16/11/2014
Action
Tool
Create or modify site-based policy
Active Directory Sites and Services
Create or modify domain-based policy
Active Directory Users and Computers
Create or modify OU-based policy
Active Directory Users and Computers
Create or modify local policy
Local Group Policy
Predict policy effects
Resultant Set of Policy
Report policy effects
Print GPO settings
Perform security group filtering
DACL editor for the specific GPO
Delegate Group Policy links
Delegation of Control wizard
Figure 27: Actions Performed with Group Policy and Tools Used to Carry Them Out
If you think about the number of menus, submenus, property sheets, and dialog boxes in any
of the tools, you realize that working with these fragmented tools in Group Policy can be an
overwhelming task.
The GPMC Solution
The GPMC, released in April 2003 as a separate download (not part of the Windows 2003
Server distribution), lets you perform all the activities, which are listed in Figure 27, from a
single console, gpmc.msc. (Although the GPMC does not actually have GPO editing
capability, you can start the Group Policy console from its user interface.)
Additionally, the Group Policy Management Console provides the ability to:
Back up and restore policy objects
Import settings from one policy object as the basis for creating a new object
View all the links for a specific policy object
8/32
16/11/2014
The GPMC allows you to perform these functions as well.

What the GPMC Is Not
The GPMC does not replace the Group Policy console (called Group Policy Object Editor in
Windows 2003 Server and Group Policy Management Editor in Windows Vista, Windows
Server 2008 and later operating systems). In fact, when you are working in the GPMC and
you select a setting to change, GPMC invokes the Group Policy Management Editor console
for that purpose.
You would choose a GPO from the Group Policy Objects node, right-click, and select Edit.
Note also that the GPMC is not a replacement for the Active Directory Users and Computers
MMC snap-in. You still need Active Directory Users and Computers for tasks such as
creating, editing, and deleting users, groups, and computers. One of the few, yet important,
objects that you can create in the GPMC is an OU. Because most policies are built on the OU
structure, it is convenient to create the OUs directly in the GPMC.
Installing the GPMC
Figure 28: Installing the GPMC

If you want to install the GPMC on Windows XP or Windows Server 2003, you can
download it (free) from Microsoft. Windows Vista and later operating systems require the
RSAT to be installed, followed by enabling the GPMC. Windows Server 2008 and later
already include the GPMC, but you must enable it.
9/32
16/11/2014
To install the GPMC on Windows Vista SP1, follow these steps:

1.
Download and Install the RSAT.
2.
Open the Control Panel, the Programs and Features interface.
3.
Click the Turn Windows Features On or Off link.
4.
Select the Remote Server Administration Tools, Feature Administration Tools, Group
Policy Management Tools option.
5.
Click OK.
To enable the GPMC on Windows Server 2008 or later, follow these steps:
1.
Open Server Manager.
2.
Use the Add Roles and Features option to add the Group Policy Management feature.
Installation Requirements
The GPMC requires Windows XP or later to run. The GPMC does not run on:
A Windows 2000 Professional or Windows 2000 Server computer of any kind, even
though the GPMC can administer a Windows 2000 network.
A 64-bit version of Windows XP or Windows Server 2003.
The GPMC is included in:

The RSAT pack for Windows Vista and later.
Windows Server 2008 and later.
Other installation requirements for the GPMC include:

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=3&FontSize
10/32
16/11/2014
Domain member: The computer on which you run GPMC must be a member of either a
domain in the forest that you wish to administer, or a domain that has a trust with that
forest. That is, you cannot run GPMC on a computer that belongs to a workgroup.
Domain controllers: In order to support the signed-and-encrypted LDAP communications
that GPMC uses, GPMC requires that any Windows 2000 Server domain controllers must
run SP2 or higher, and the Windows 2000 Server domain controllers in a separate forest to
which you connect must run SP3 or higher.
For Windows XP: If you want to run the console on Windows XP, you need to fulfill these
additional requirements:
Upgrade Windows XP to SP1.
You must have the Microsoft .NET Framework.
GPMC requires hotfix Q326469 (which updates Gpedit.dll to version 5.1.2600.1186).
The GPMC installer offers to install this for you if you do not already have it.
For Windows Vista and later: If you want to run the console on Windows Vista or later
operating systems to take advantage of all the new Group Policy features, you need to:
Download and install the RSAT Pack for your version of Windows Client.
Use Control Panel, Programs and Features, Turn Windows Features On or Off to enable
the RSAT features that you need, including the GPMC.
Opening the GPMC
Figure 29: Opening the GPMC

After installation, you can use any of the following methods to run the console:
11/32
16/11/2014
In the Server Manager on Windows Server 2012 and Windows 8 Client, click Tools,
Group Policy Management.
Click Start and type gpmc.msc.
Click Start (All Programs, if necessary), Administrative Tools, and Group Policy
Management.
Run mmc.exe and create your own custom console, adding the Group Policy
Management snap-in.
In Windows XP and Windows Server 2003, in Active Directory Users and Computers or
Active Directory Sites and Services, go to the Group Policy tab and click Open.
Note
When the GPMC is installed on Windows XP or Windows Server 2003, the Group Policy tab
of Active Directory Users and Computers (and, for site policies, Active Directory Sites and
Services) is disabled. Instead, you get a dialog box on a Windows XP or Windows Server
2003
computer directing you to the GPMC. In Windows Vista and later there is no Group Policy
tab available in the ADUC tool.
Using the GPMC from the Server Manager
12/32
16/11/2014
Figure 30: Using the GPMC from the Server Manager

The new Server Manager tool in Windows Server 2012 and Windows 8 Client has a Tools
menu that replaces the Start, All Programs, Administrative Tools functionality from previous
versions of Windows.
Configuring the GPMC
Figure 31: Configuring the Console

The first time that you open the GPMC after installing it, you will see a top-level node
13/32
16/11/2014
corresponding to the forest that your computer account resides in. The following subnodes will
appear under the forest node:
Domains
Sites
Group Policy Modeling
Group Policy Results
Right-click the Domains node, select Show Domains, and then select the domain or domains
that you wish to view by checking the appropriate boxes. You can show multiple domains in
the console pane at the same time, although their DNS structure will not affect their placement
in the console.
You can connect to a different forest, if desired, by right-clicking the top node (Group Policy
Management) and choosing Add Forest. However, the forest you add must be trusted by the
forest you are already in.
As usual with MMCs, the Action menu mirrors the context menu for each node. The contents
of the details pane change depending on what you select in the console pane. In addition, you
can expand nodes by clicking the plus (+) sign next to them.
Searching and Filtering
14/32
16/11/2014
Figure 32: Searching and Filtering

In a very large GPO deployment, there may be hundreds of GPOs with thousands of policy
settings configured in them. Finding what you are looking for among all of those configured
items can be a major challenge.
For this reason, it is important to take advantage of two GPMC features:
GPO Search
Administrative Templates Filtering
Searching for GPOs
15/32
16/11/2014
Figure 33: Searching for GPOs

In a large Active Directory environment, it might be convenient to search for GPOs by several
different criteria. The GPMC has a fairly advanced search facility to satisfy this need. You
can activate the search feature on a per-domain or per-forest basis, as follows:
Right-click a specific domain and choose Search.
Right-click a specific forest and choose Search.
You can search for GPOs using many different categories and conditions. This allows you
to find a specific GPO without having to examine the settings inside every GPO. In Figure
33, the GPO search option is being used to simply look for text inside the GPO name.
When you create search criteria, specify a search item, a condition, and a value.
Search Item: This criterion specifies what kind of item you are looking for; for example, a
GPO name, a user configuration setting, or a GPO GUID.
Condition: This criterion is really more correctly referred to as an operator and relates the
search item to the value. Example conditions are Contains, Exist in, Has This Explicit
Permission, Is, Is Not, and so on. The available conditions depend on what you choose
for your search item.
16/32
16/11/2014
Value: This criterion is the syntactical object of the operator, specifying the precise details
of what you want your search to find. It might be a specific domain or OU name, a
particular kind of policy setting, or a certain security permission.
The list of choices you can select from the Search Item drop-down menu are:
GPO Name: Enables you to specify the exact name, or a substring.
GPO Link: Enables you to specify links that exist, or do not exist, in specific domains or
sites. This setting is useful for finding GPOs with cross-domain links, as well as GPOs with
no links at all.
Security Group: Enables you to specify a search for GPOs where security groups have or
do not have apply, edit, and read permissions, either explicitly or effectively.
Linked WMI Filter: Enables you to specify the name of the filter.
User Configuration: Enables you to specify a search for GPOs where the User
Configuration half of the policy object contains, or does not contain, Folder Redirection,
IE Branding, Registry, Scripts, or Software Installation settings.
Computer Configuration: Enables you to specify a search for GPOs where the Computer
Configuration half of the policy object contains, or does not contain, EFS Recovery, IP
Security, Disk Quota, QoS Packet Scheduler, Registry, Scripts, Security, Software
Installation, or Wireless Group Policy settings.
GPO GUID: Enables you to specify the globally unique identifier for the GPO.
Caution
The search function has a known bug: it can return false positives when settings in the
following categories are made, then later removed:
EFS
17/32
16/11/2014
Folder Redirection
IE Maintenance
Security Settings
Software Installation
Therefore, do not regard the search results as an authoritative list of GPOs.

Filtering in the GPO Editor
Figure 34: Filtering in the GPO Editor

The Filter option in the GPO Editor allows you to limit the number of Administrative
Templates that are displayed. Thousands of items exist by default and you can add more by
incorporating additional ADMX templates.
You can limit the display in a number of ways:
Managed items
Configured items
18/32
16/11/2014
Commented items
Keyword filtering
Requirements filtering
Other Group Policy Tools
Figure 35: Other Group Policy Tools

Several tools, some graphical and some command-line based, are used in managing and
troubleshooting the Group Policy process.
The following topics describe these tools.
Group Policy Management Editor
The Group Policy Management Editor, or gpedit.msc, is a tool that allows you to view and
modify all of the policy settings within a GPO. Many settings within the editor are simply on,
off, or not configured. Other settings require selections from drop-down lists, or they require
text entry.
You can start the Group Policy Management Editor from within the GPMC, or as a standalone tool. When launched by itself, it displays the local policies of a computer.
Gpupdate.exe and Invoke-GPUpdate
The Group Policy Update tool, or gpupdate.exe, is a command-line tool that you can use to
update GPOs before their scheduled update interval. When you troubleshoot policies, you
19/32
16/11/2014
may sometimes need to apply policies ahead of the normal refresh interval of 90 to 120
minutes.
Invoke-GPUpdate is a PowerShell version of this tool that provides additional options.
Gpresult.exe
The Group Policy Results tool, or gpresult.exe, is a command-line tool that can display all the
policy settings that are active for a computer or user. You can redirect output from the tool to
a file for later viewing.
Get-GPResultantSetOfPolicy is a PowerShell form of RSOP that can provide results as either
HTML or XML output.
Creating Policies
Figure 36: Creating Policies

Policies can be created within the Group Policy Objects container and later linked to a Site,
Domain or OU. Policy links can be deleted and will still be available for use within the Group
Policy Objects container.
Once a policy is linked, it will then affect the users or computers from that level and below.
20/32
16/11/2014
Editing Policies
Figure 37: Editing Policies

Most organizations implement at least a few of the Group Policy desktop features and
restrictions.
Some of these restrictions affect the computer as a whole, while others affect the individual
user.
This topic describes some of these features and restrictions.
Computer and User Configuration Items
A GPO is a collection of settings that configure the user or computer environment. Each GPO
is broken down into two primary sections:
Computer Configuration: Any policy settings that occur within the Computer
Configuration section apply only to the computer objects that are within the scope of the
policy.
User Configuration: Any settings that occur within the User Configuration section apply
only to the user objects that are within the scope of the policy.
21/32
16/11/2014
Policies
In the Group Policy Management Editor, most of the settings and restrictions that affect
computers and users fall under the Policies section. Within the Policies section are three subsections:
Software Settings: Allows for the deployment of MSI based software packages via Group
Policy.
Windows Settings: Contains settings that relate to security, folder redirection, logon scripts
and more.
Administrative Templates
The Administrative Templates section contains the most widely used settings within Group
Policy.
These settings affect everything from the desktop and start menu, to individual applications.
Administrative Templates settings are often associate with locking down the desktop
environment, but can be used for much more. Settings in the Computer Configuration section
affect the machine as a whole no matter who logs on. The settings in the User Configuration
section affect the user wherever they log on.
Preferences
Group Policy Preferences go beyond the typical capabilities of the settings found under
Policies.
These settings are more granular, and can apply to systems in a more flexible manner.
Preferences are broken down into two sub-sections: Windows Settings and Control Panel
Settings.
Preferences do not lock down the setting, allowing a user to change the value at a later time.
22/32
16/11/2014
However, Preferences can be set to reapply upon Group Policy refresh.
Configuring Values
Figure 38: Configuring Values

Most policies have three available states:
Not Configured
Enabled
Disabled
Some policies will have additional values available if they are enabled. These values could be
checkboxes, radio buttons, text values, or drop-down lists of options.
Once you click OK to accept the change to the value, that setting is immediately available to
the level at which the GPO is linked.
Understanding Group Policy Refresh
23/32
16/11/2014
Figure 39: Understanding Group Policy Refresh

User and computer policy settings will automatically update on a 90-minute interval, plus a
random value of 0 to 30 minutes. This provides a variable window of 90 to 120 minutes for
Group Policy refresh so that not every computer on the network is updating at the same time.
Most policy changes will be incorporated automatically on this automatic refresh.
Occasionally, it may be necessary to update policies earlier than the scheduled interval, such
as when testing or troubleshooting.
Invoke-GPUpdate
24/32
16/11/2014
Figure 40: Invoke-GPUpdate

Invoke-GPUpdate is a new PowerShell cmdlet that can perform more powerful GPUpdate
operations. It can be used to update the local or a remote machine or user's settings. It can
also be used to schedule a GPUpdate in the future, up to 31 days later. The refresh is
automatically offset by a random delay.
GPUpdate.exe
Figure 41: GPUpdate.exe

The Group Policy Update tool is a command-line tool that is used to update GPOs. When
25/32
16/11/2014
troubleshooting policies, it may sometimes be necessary to apply policies ahead of the normal
refresh interval of 90 to 120 minutes.
Remote GPUpdate in the GPMC
Figure 42: Remote GPUpdate in the GPMC

The Group Policy Management Console now supports a Remote GPUpdate mechanism that
can update policies for all computers in a specific OU. This is useful when a policy change has
been made and it is important for that change to take effect as quickly as possible. The update
is scheduled with a random delay and is not instantaneous so as not to affect the network with
a surge of update requests all at once.
To perform a Remote GPUpdate:
1.
Open the Group Policy Management console.
2.
Right-click an OU that has machines that need to be updated, then select the Group
Policy Update option.
3.
Click Yes to perform the update.
Acronyms
26/32
16/11/2014
The following acronyms are used in this section:

ADMX Administrative Templates
DACL
discretionary access control list
DNS
Domain Name System
EFS
Encrypting File System
GPMC Group Policy Management Console

GPO
Group Policy object
GPOE
Group Policy Object Editor
GUID
globally unique identifier
IE
Windows Internet Explorer
IP
Internet Protocol
LDAP
Lightweight Directory Access Protocol
MMC
Microsoft Management Console
OU
organizational unit
QoS
Quality of Service
RSAT
Remote Server Administration Tools
RSoP
SP1
Service Pack 1
SP2
Service Pack 2
SP3
Service Pack 3
WMI
Windows Management
Instrumentation
Section Review
Summary
The advantages of using domain policies instead of local policies are:
You can apply policies on a broad basis to large number of computers and users.
This provides a central management capability that is not available when you configure
27/32
16/11/2014
policies locally.
Policies that are configured through the domain cannot be overridden by local policy
settings, so they are more secure.
Using the GPMC, you can perform most of the common Group Policy operations without
having to switch between separate windows in separate Active Directory utilities. The
GPMC also offers the following capabilities:
OU hierarchy view
Policy editing
RSoP
Backup and restore of policies
Back up policy objects (and restore them if necessary)
Import settings from one policy object as the basis for creating a new object
View all the links for a specific policy object
The GPMC is included in the RSAT pack for Windows Vista and later. It is also included in
Windows Server 2008 and later, but you must enable it. The GPMC requires Windows XP
or later to run. It also requires the following:
The computer on which you run GPMC must be a member of either a domain in the
forest that you wish to administer, or a domain that has a trust with that forest.
Windows 2000 Server domain controllers must run SP2 or higher.
Windows 2000 Server domain controllers in a separate forest to which you connect must
run SP3 or higher.
For Windows XP, GPMC also requires the following:
o Upgrade Windows XP to SP1
o Microsoft.NET Framework
o Hotfix Q326469 (updates gpedit.dll to version 5.1.2600.1186)
28/32
16/11/2014
For Windows Vista, GPMC also requires the following:

o Upgrade Windows Vista to SP1
o Download and install the RSAT Pack for Windows Vista
Four subnodes (Domains, Sites, Group Policy Modeling, and Group Policy Results)
appear under the forest node. You can use the GPMC to:
Show multiple domains in the console pane at the same time (right-click Domains
subnode)
Connect to a different forest (right-click the top node [Group Policy Management] and
select Add Forest)
Show the context menu for each node (Actions menu)
GPMC has two features for searching and filtering:
Search: Allows you to search on a per-domain or per-forest basis; specify a condition to
search by or create a list of conditions
Filter: Allows you to limit the number of Administrative Templates that are displayed;
limit the display by managed items, configured items, commented items, keyword
filtering, and requirements filtering
The Group Policy Update tool is a command-line tool that is used to remotely update
GPOs. The elements of the gpupdate command are:
/Target: {Computer | User}: Used to specify that only the user or computer policy
settings that are updated will use this switch
/Force: Reapplies the policy settings
/Wait:value: Specifies how long the system should wait (in seconds) for the policy
processing to complete
/Logoff: Indicates that the user is logged off after the policy settings have been applied
/Boot: Causes the system to reboot after the policy settings are applied
29/32
16/11/2014
Knowledge Check
1.
What are the advantages of using domain policies instead of local policies? (Choose all
that apply.)
a.
They are more secure.
b.
They provide a central management capability.
c.
They affect a large number of computers and users.
d.
They are helpful in a workgroup scenario when you cannot use local-based policies.
2.
List the capabilities of the GPMC.
3.
How is the GPMC installed on Windows 8?
4.
Briefly describe the following elements of the gpupdate command:

/force:
/logoff:
5.
In which ways can you limit the display of Administrative Templates? (Choose all that
apply.)
6.
a.
Managed items
b.
Deleted items
c.
Commented items
d.
Keyword filtering
Describe each tool, feature, or policy used to manage group policies in the space
provided.
Group Policy Management Editor:
Gpupdate.exe:
Folder redirection:
User Configuration and Computer Configuration sections of Group Policy:
30/32
16/11/2014
Knowledge Check Answer Key

The correct answers to the Knowledge Check questions are bolded.
1.
What are the advantages of using domain policies instead of local policies? (Choose all
that apply.)
2.
a.
They are more secure.
b.
They provide a central management capability.
c.
They affect a large number of computers and users.
d.
They are helpful in a workgroup scenario when you cannot use local-based policies.
List the capabilities of the GPMC.

Provides a view of the OU hierarchy
Contains built-in policy editing
Contains inherent RSoP views
Provides backup and restore of policies
3.
How is the GPMC installed on Windows 8?

It is installed as part of the RSAT package that must be downloaded from
Microsoft.
4.
Briefly describe the following elements of the gpupdate command:

/force: This switch reapplies the policy settings. By default, only the policy settings
that have changed are applied.
/logoff: This switch indicates that the user is logged off after the policy settings
have been applied.
31/32
16/11/2014
5.
In which ways can you limit the display of Administrative Templates? (Choose all that
apply.)
6.
a.
Managed items
b.
Deleted items
c.
Commented items
d.
Keyword filtering
Describe each tool, feature, or policy used to manage group policies in the space
provided.
Group Policy Management Editor: Is used to view and modify all of the policy settings
within a GPO.
Gpupdate.exe: Is used to remotely update GPOs.
Folder redirection: A process that stores the users personal My Documents files on a
server instead of locally.
User Configuration and Computer Configuration sections of Group Policy:
User configuration settings apply only to the computer objects that are within the
scope of the policy.
Computer configuration settings apply only to the user objects that are within the
scope of the policy.
32/32

2 Using Group Policy Management Tools

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2 Using Group Policy Management Tools

Uploaded by

Copyright:

Available Formats

16/11/2014