Group PoliciesLearning ObjectiveOverview of Group PoliciesBenefits of Group PoliciesTypes of Group PoliciesGroup Policy Objects (GPOs)Creating a GPOUsing the Group Policy Snap-InSupport for Windows 95, Windows 98, and Windows NT 4.0Exercise: Creating Group Policy Objects (GPO) and setting policiesThe Group Policy snap-inThe Group Policy snap-in (cont.)GPO and applicationsSlide 14GPO rulesGPO rules (cont.)Setting Local Computer Policy1Group Policies(Week 11, Monday 3/19/2007)© Abdou Illia, Spring 20072Learning ObjectiveDiscuss Group Policies and their useCreate/Modify Group Policy Objects3Overview of Group PoliciesGroup policies are a set of configuration settings that an administrator applies to one or more objects in the Active Directory store.A group policy consists of settings that govern how an object and its child objects behave.4Benefits of Group PoliciesLowering your network’s total cost of ownership (TCO)Securing a user’s environment5Types of Group PoliciesSoftware SettingsScriptsSecurity SettingsAdministrative TemplatesRemote Installation Services (RIS)Folder Redirection6Group Policy Objects (GPOs)A GPO contains group policy settings for sites, domains, and OUs.One or more GPOs can be applied to a site, a domain, or an OU.A local GPO exists on every Windows 2003 computer, and by default, only security settings are configured.Need appropriate permissions to create GPOEnterprise Administrator for GPO at site levelDomain Administrator for GPO at domain or OU level7Creating a GPO8Using the Group Policy Snap-In9Support for Windows 95, Windows 98, and Windows NT 4.0The Group Policy snap-in does not provide client support for Microsoft Windows 95, Windows 98, or Windows NT computers.Windows NT is supported through .adm files and Poledit.exe.Windows 95 and Windows 98 clients are supported through the Windows 9x System Policy Editor.10Exercise: Creating Group Policy Objects (GPO) and setting policies Hands-on exercise in lab11The Group Policy snap-inThe Group Policy snap-in is divided into:a Computer Configuration node anda User Configuration nodeComputer Configuration policies affect the computer environment byImplementing changes in the OS settingsImplementing changes in the hardware settingsImplementing changes in applications, etc.Note: GPO set in Computer Configuration apply when the OS initialize.12The Group Policy snap-in (cont.)User Configuration policies affect the user environment includingDesktop appearanceApplications available to the userStart menu, etc.Note: GPO set in User Configuration apply when the user logs on to the domain.13GPO and applicationsApplications can be assigned or published using GPOWith User Configuration, you can assign or publish applications to usersIf an application is assigned, it will appear in the Start menu for all site’s users, domain’s users, or OU users.If an application is published, it will appear in the Add/Remove Programs wizard for all site’s users, domain’s users, or OU users.Note: If an application is assigned to a user, it is announced to him/her when he/she logs on. The application is installed when the user selects it on the start menu or tried to open a document created with the application14GPO and applicationsWith Computer Configuration, you can assign applications to computers.If an application is assigned using the Computer Configuration node, it will appear in the Start menu for all computers in the site, domain or OU.15GPO rulesGPOs assigned to the site are processed first, next GPOs assigned to the domain are processed, and finally GPOs assigned to OUs and child OUs are processed.The policy finally assigned to a computer or a user is the cumulative effect of all GPOs assigned to the site, domain, and OU to which the user or computer belongs.16GPO rules (cont.)If a GPO is assigned to the parent container, but not the child container, the parent container settings apply.If GPOs are assigned to both parent and child container and there is no conflict, both GPOs apply.If GPOs are assigned to both parent and child container and there is a conflict, the child container settings apply.In case of conflict, computer settings take precedence over user settings.17Setting Local Computer PolicyA Local Computer Policy apply when you logon to the local computer (not the domain)Policies set in Computer Configuration node apply to the computer, regardless of who logs on Policies set in User Configuration node apply to each user who logs on to the computerThe gpedit.msc command tool is use to launch the Local Computer Policy snap-inThe Group Policy settings applied by your network administrator take precedence over any of the Group Policy settings you have configured on your
View Full Document