• Home

  • Documents

  • Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada...
32
Understanding Group Policy Part 3 of 3 Rick Claus Rick Claus IT Pro Advisor IT Pro Advisor Microsoft Canada Microsoft Canada [email protected] [email protected] http://blogs.technet.com/rclaus http://blogs.technet.com/rclaus

Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada [email protected]

Tags:

Embed Size (px)

Citation preview

Page 1: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Understanding Group Policy Part 3 of 3

Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor

Microsoft CanadaMicrosoft Canada

[email protected]@microsoft.comhttp://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus

Page 2: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

What Will We Cover?• Group Policy Management

• Advanced Group Policy Security

• Scripting Group Policy

• Group Policy Modeling

Page 3: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 4: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Administrative Template Extension

• Simple way to configure policy

• Largest Group Policy extension

• .ADM files enable user interface

Page 5: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Using ADM Template Extensions

Domain Controller Active

Directory Database

SYSVOL

Modify Group PolicyModify Group Policy11 Stored on domain controllerStored on domain controller22 Policy applied to clientPolicy applied to client33

Page 6: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Demo

Reviewing .ADM Files

demonstration

Page 7: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Custom ADM Templates

Use to Do not use to

• Increase security• Disable interface options• Disable confusing items• Control data

• Configure all settings• Create unsupported policy

Page 8: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Registry Policies

HKEY_LOCAL_MACHINE\SOFTWARE\policies

HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies

HKEY_CURRENT_USER\SOFTWARE\policies

HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\policies

Page 9: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Demo

Customizing .ADM Templates

demonstration

Page 10: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 11: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Scripting Group Policy

GPMC

COM Interfaces

Sample Scripts

Backing up GPOs

Creating a new GPO

Creating environment using XML

Importing a GPO

Listing disabled GPOs

Listing GPO information

Page 12: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Demo

Scripting Group Policy

Using GPMC Scripts Changing the Script Host Engine Using Scripts to Back up GPOs

demonstration

Page 13: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 14: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Exclude Accounts from Group Policy

Domain Controller

Administrator

Page 15: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Demo

Configuring Group Policy ACLs

Protect Administrator from Group Policy

demonstration

Page 16: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Delegating Control of GPOs

Domain Controller

Administrator

Delegate

Delegate

Page 17: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Demo

Delegating Administration

Delegating “create GPOs” to ITGroup Delegating Sales User GPO

demonstration

Page 18: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Security Configuration and Analysis

Does the hard work

Enables quick review

Ensures policies are enforced

Allows local security configuration

Page 19: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Security Configuration Wizard

Security Configuration

Wizard

download.microsoft.com/download/f/7/1/f71adf6e-dbab-48a2-9a29-9e481110fd55/SCWQuickStartDoc.doc

Administrator

Page 20: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Demo

Applying Security Templates

demonstration

Page 21: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 22: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Windows 2000 Windows XP

Windows XP

WMI Filtering

Domain Controller

WMI Filter

XP Professional only

Page 23: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Demo

Using WMI Filters

Creating WMI Filters Applying WMI Filters Modeling WMI Filters

demonstration

Page 24: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 25: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

GPO Backup

Copying GPOs between Domains

us.contoso.com uk.contoso.com

GPO Copy

us.contoso.comus.fabrikam.com

GPO Import

Page 26: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Demo

Migrating GPOs across Domains

demonstration

Page 27: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Agenda

• Managing .ADM Files

• Scripting Group Policy

• Implementing Advanced Security

• Using WMI Filters

• Migrating GPOs across Domains

• Using Advanced Group Policy Modeling

Page 28: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Group Policy Modeling Overview

• Group Policy Modeling Wizard

• Group Policy Results Wizard

• HTML Reports

www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/b8af2303-dac9-4fd5-9717-c3a7f553c627.mspx

Page 29: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Loopback Processing

• Changes GPO processing order

• Process only computer settings

• Merge user and computer settings

Page 30: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Demo

Modeling GPO Loopback

demonstration

Page 31: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Session Summary• Manage and control your environment more easily

• Enhance security in your environment

• Group Policy Modeling predicts behavior of GPOs before implementing them

Page 32: Understanding Group Policy Part 3 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

For More Information

Visit TechNet at

www.microsoft.ca/technet

Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor

Microsoft CanadaMicrosoft Canada

[email protected]@microsoft.comhttp://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus


SANTA CLAUS !

SANTA CLAUS !

Education
EfficientOptimalLearningforContextualBandits - microsoft.com

EfficientOptimalLearningforContextualBandits - microsoft.com

Documents
ShapeandAnimationbyExample - microsoft.com

ShapeandAnimationbyExample - microsoft.com

Documents
claus roxin.pdf

claus roxin.pdf

Documents
NOAA - microsoft.com

NOAA - microsoft.com

Documents
Claus 2015

Claus 2015

Documents
Finnish Santa Claus By Eveliina. Santa Claus Santa Claus lives with Mrs. Claus and reindeer in Korvatunturi in Rovaniemi. He comes to give presents to

Finnish Santa Claus By Eveliina. Santa Claus Santa Claus lives with Mrs. Claus and reindeer in Korvatunturi in Rovaniemi. He comes to give presents to

Documents
Understanding Group Policy Part 1 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Understanding Group Policy Part 1 of 3 Rick Claus IT Pro Advisor Microsoft Canada [email protected]

Documents
Windows XP SP2 Point de vue du développeur Gilles Guimard (gillesg@microsoft.com) gillesg@microsoft.com Jean Gautier (jeanga@microsoft.com ) jeanga@microsoft.com

Windows XP SP2 Point de vue du développeur Gilles Guimard ([email protected]) [email protected] Jean Gautier ([email protected] ) [email protected]

Documents
Windows internals http:// scoriani@microsoft.com http:// scoriani@microsoft.com

Windows internals http:// [email protected] http:// [email protected]

Documents
Claus Offe

Claus Offe

Documents
Integrate Santa Claus ICT Business Plan Santa Claus helpers

Integrate Santa Claus ICT Business Plan Santa Claus helpers

Documents
Santa Claus

Santa Claus

Documents
Exchange 2010: Ask the expert Alastair Dick – Technology Strategist (alastaid@microsoft.com)alastaid@microsoft.com Brett Johnson – UC TSP brettjo@microsoft.com

Exchange 2010: Ask the expert Alastair Dick – Technology Strategist ([email protected])[email protected] Brett Johnson – UC TSP [email protected]

Documents
April Claus

April Claus

Documents
1 The Art of Building a Reusable Class Library Brad Abrams – BradA@Microsoft.com Krzysztof Cwalina - KCWalina@Microsoft.com BradA@Microsoft.com KCWalina@Microsoft.com

1 The Art of Building a Reusable Class Library Brad Abrams – [email protected] Krzysztof Cwalina - [email protected] [email protected] [email protected]

Documents
Windows Presentation Foundation Fabio Santini fsantini@microsoft.com fsantini@microsoft.com

Windows Presentation Foundation Fabio Santini [email protected] [email protected]

Documents
DIAGNOSING THE DISEASES OF DNS Rick Claus Sr. Technical Evangelist Microsoft Canada, eh? rick.claus@microsoft.com Twitter: RicksterCDN SESSION CODE: SVR305

DIAGNOSING THE DISEASES OF DNS Rick Claus Sr. Technical Evangelist Microsoft Canada, eh? [email protected] Twitter: RicksterCDN SESSION CODE: SVR305

Documents
Pancho Claus

Pancho Claus

Education
Here Comes Santa Claus. Here comes Santa Claus, here comes Santa Claus,

Here Comes Santa Claus. Here comes Santa Claus, here comes Santa Claus,

Documents
Carmen Claus

Carmen Claus

Documents
Claus Petersen Sr. PTS cpeters@microsoft.com Forefront Server Products

Claus Petersen Sr. PTS [email protected] Forefront Server Products

Documents
Group Policy - Part 2 of 3 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com

Group Policy - Part 2 of 3 Rick Claus IT Pro Advisor Microsoft Canada [email protected]

Documents
SANTA CLAUS WALKING OF MOTO REINDEER SANTA CLAUS HOLDING A GREAT CANDY CANES SANTA CLAUS GIVING GIFT SANTA CLAUS SMOKING (SMOKING???) REINDEER WAKING

SANTA CLAUS WALKING OF MOTO REINDEER SANTA CLAUS HOLDING A GREAT CANDY CANES SANTA CLAUS GIVING GIFT SANTA CLAUS SMOKING (SMOKING???) REINDEER WAKING

Documents
David Claudio Costeño a-juancc@microsoft.com Leopoldo Pérez Olguín leoper@microsoft.com

David Claudio Costeño [email protected] Leopoldo Pérez Olguín [email protected]

Documents
CHRISTMAS SONGS AND CAROLS - Craig Bay Estates · Santa Claus is comin’ to town. 8 . HERE COMES SANTA CLAUS Here comes Santa Claus, Here comes Santa Claus Right down Santa Claus

CHRISTMAS SONGS AND CAROLS - Craig Bay Estates · Santa Claus is comin’ to town. 8 . HERE COMES SANTA CLAUS Here comes Santa Claus, Here comes Santa Claus Right down Santa Claus

Documents
Brett Johnson Brettjo@Microsoft.com Julian Datta Julianda@Microsoft.com Architecture Acapella

Brett Johnson [email protected] Julian Datta [email protected] Architecture Acapella

Documents
Microsoft Codename “Dallas” Data for your Apps! Moe Khosravy Group Manager Microsoft Codename “Dallas” (Microsoft.com/Dallas)Microsoft.com/Dallas MoeK@Microsoft.com

Microsoft Codename “Dallas” Data for your Apps! Moe Khosravy Group Manager Microsoft Codename “Dallas” (Microsoft.com/Dallas)Microsoft.com/Dallas [email protected]

Documents
Claus Tøndering claus@tondering.dk

Claus Tøndering [email protected]

Documents
SANTA CLAUS

SANTA CLAUS

Documents