Understanding Group Policy Part 1 of 3

Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor

Microsoft CanadaMicrosoft Canada

rick.claus@microsoft.comrick.claus@microsoft.com

http://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus

What Will We Cover?

• Group Policy concepts

• Creating test and staging environments

• Group Policy tools

Helpful Experience

Level 200

• Experience supporting Windows servers

• Experience supporting Microsoft networks

• Familiarity with Active Directory

Agenda

• Preparing the Environment

• Creating a Staging Environment

• Managing Group Policy

Designing an OU Structure

Demo

Organizing OUs

demonstration

What Is Group Policy?

• Manage user and computer environments• Manage user and computer environments• Enforce IT policies• Enforce IT policies• Simplify administrative tasks• Simplify administrative tasks• Implement security settings• Implement security settings

Group Policy Terms

Scope of Management

Group Policy Object

Site

Domain OU

Computer Configuration

User Configuration

Common Desktop Scenarios

• Lightly managed

• Mobile • Multiuser • AppStation • TaskStation • Kiosk

Usage Scenarios – Lightly Managed

• For power users or developers

• Least restricted

• Free-seating

• Core set of applicationswww.microsoft.com/downloads/details.aspx?FamilyID=354b9f45-8aa6-4775-9208-c681a7043292&displaylang=en (Search for Group Policy Scenarios)

Usage Scenarios – Mobile

• Aimed at mobile users

• Data available at all times

• Partial free-seating

• Log off without disconnecting

Usage Scenarios – Multiuser

• Basic customization

• Free-seating

• Restricted write access

• Security-enhanced

• Assigned and published applications

Usage Scenarios – AppStation

• Minimal customization

• Few applications

• Free-seating

• Restricted write access

• Security-enhanced

Usage Scenarios – TaskStation

• For order entry or call centers

• Runs a single application

• No desktop or Start menu

Usage Scenarios – Kiosk

• Unattended public workstation

• Single application and user

• Security-enhanced

• No user changes or write access

• Always on

Agenda

• Preparing the Environment

• Creating a Staging Environment

• Managing Group Policy

Build staging environmentBuild staging environment11 Synchronize with productionSynchronize with production22

Implementing a Staging Environment

Test GPOsTest GPOs33Production Staging

CreateXMLFromEnvironment.wsf CreateEnvironmentFromXML.wsfGroup Policy ModelingGroup Policy Results

Prepare for deploymentPrepare for deployment44 Deploy to productionDeploy to production55

Group Policy Results

GPO Backups

Migration Tables

Demo

Creating a Staging Environment

demonstration

Agenda

• Preparing the Environment

• Creating a Staging Environment

• Managing Group Policy

Group Policy Management Console

• MMC snap-in

• Includes Group Policy Object Editor

• Reporting and modeling

• Supports cross-forest trusts

GPMC Service Pack 1

• Various bug fixes

• New languages

• Updated GPMC EULA

• Updated MSXML4

http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

Demo

Reviewing the GPMC

demonstration

Sales Users settings

User and Computer Configuration

Lab Computers settings

Sales Users settings

Lab Computers settings

Local Security Policy

Site Policy

Domain Policy

Parent OU Policy

Child OU Policy

Group Policy Order of Precedence

When is Group Policy Applied?

Startup and shutdown

Logon and logoff

Defined intervals

Forced with GPUpdate.exe

Group Policy Processing

Synchronous Initial Processing

Asynchronous Initial Processing

Demo

Modifying Group Policy Objects

demonstration

Group Policy Modeling and Results

• Group Policy Modeling

Simulates GPOs on user or computer

• Group Policy Results

Reports actual policy settings

Demo

Group Policy Modeling and Results

• Using Group Policy Modeling• Using Group Policy Results

demonstration

Backing Up and Restoring GPOs

Demo

Backing up and Restoring GPOs

demonstration

Session Summary• Manage and control your environment more easily with Group Policy

• Use a staging environment to test Group Policy before production deployment

• Use the GPMC to manage Group Policy

For More Information

Visit TechNet USA at www.microsoft.com/technetVisit TechNet Canada at www.microsoft.ca/technet

Rick ClausRick ClausIT Pro AdvisorIT Pro Advisor

Microsoft CanadaMicrosoft Canada

rick.claus@microsoft.comrick.claus@microsoft.com

http://blogs.technet.com/rclaushttp://blogs.technet.com/rclaus

What Will We Cover? (Part 2)

• Advanced Group Policy management

• Deploying software with Group Policy

• Group Policy troubleshooting

What Will We Cover? (Part 3)• Group Policy Management

• Advanced Group Policy Security

• Scripting Group Policy

• Group Policy Modeling