Understanding Group Policy Part 1

What Will We Cover?

Group Policy concepts Creating test and staging environments Group Policy tools

Helpful Experience
Experience supporting Windows servers Experience supporting Microsoft networks Familiarity with Active Directory

Level 200
www.microsoft.com/technet/ADD-07 www.microsoft.com/technet/ADD-08

Agenda
Preparing the Environment Creating a Staging Environment Managing Group Policy

Designing an OU Structure

Designing an OU Structure

Designing an OU Structure

Designing an OU Structure

Demo

demonstration
Organizing OUs

What Is Group Policy?

What Is Group Policy?

Manage user and computer environments

What Is Group Policy?

Manage user and computer environments Enforce IT policies

What Is Group Policy?

Manage user and computer environments Enforce IT policies Simplify administrative tasks

What Is Group Policy?

Manage user and computer environments Enforce IT policies Simplify administrative tasks Implement security settings

Group Policy Terms

Group Policy Object

Computer Configuration

User Configuration

Group Policy Terms

Group Policy Object Scope of Management

Domain Computer Configuration User Configuration Site

OU

Group Policy Terms

Group Policy Object Scope of Management

Computer Configuration

User Configuration

Group Policy Terms

Group Policy Object Scope of Management

Computer Configuration

User Configuration

Common Desktop Scenarios

Lightly managed Mobile Multiuser AppStation TaskStation Kiosk

Usage Scenarios Lightly Managed

For power users or developers Least restricted Free-seating Core set of applications
www.microsoft.com/downloads/details.aspx?FamilyID=354b9f45-8aa6-47759208-c681a7043292&displaylang=en (Search for Group Policy Scenarios)

Usage Scenarios Mobile

Aimed at mobile users Data available at all times Partial free-seating Log off without disconnecting

Usage Scenarios Multiuser

Basic customization Free-seating Restricted write access Security-enhanced Assigned and published applications

Usage Scenarios AppStation

Minimal customization Few applications Free-seating Restricted write access Security-enhanced

Usage Scenarios TaskStation

For order entry or call centers Runs a single application No desktop or Start menu

Usage Scenarios Kiosk

Unattended public workstation Single application and user Security-enhanced No user changes or write access Always on

Agenda
Preparing the Environment Creating a Staging Environment Managing Group Policy

Implementing a Staging Environment

1
Build staging environment
Production Staging

Implementing a Staging Environment

2
Synchronize with production
Production Staging

CreateXMLFromEnvironment.wsf

CreateEnvironmentFromXML.wsf

Implementing a Staging Environment

3
Test GPOs
Staging

Group Policy Modeling

Implementing a Staging Environment

3
Test GPOs
Staging

Group Policy Results

Group Policy Modeling

Implementing a Staging Environment

3
Test GPOs

Group Policy Results

Group Policy Results

Implementing a Staging Environment

4
Prepare for deployment
Staging

GPO Backups

Implementing a Staging Environment

4
Prepare for deployment
Staging

GPO Backups

Migration Tables

Implementing a Staging Environment

5
Deploy to production
Production Staging

GPO Backups

Migration Tables

Demo

demonstration
Creating a Staging Environment

Agenda
Preparing the Environment Creating a Staging Environment Managing Group Policy

Group Policy Management Console

MMC snap-in Includes Group Policy Object Editor Reporting and modeling Supports cross-forest trusts

GPMC Service Pack 1

Various bug fixes New languages Updated GPMC EULA Updated MSXML4
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24 -8CBD-4B35-9272-DD3CBFC81887&displaylang=en

Demo

demonstration
Reviewing the GPMC

User and Computer Configuration

User and Computer Configuration

User and Computer Configuration

User and Computer Configuration

Lab Computers settings

User and Computer Configuration

User and Computer Configuration

User and Computer Configuration

Sales Users settings

User and Computer Configuration

User and Computer Configuration

Sales Users Lab Computers settings settings

Group Policy Order of Precedence

Group Policy Order of Precedence

Local Security Policy

Group Policy Order of Precedence

Site Policy Local Security Policy

Group Policy Order of Precedence

Domain Policy Site Policy Local Security Policy

Group Policy Order of Precedence

Parent OU Policy Domain Policy Site Policy Local Security Policy

Group Policy Order of Precedence

Child OU Policy Parent OU Policy Domain Policy Site Policy Local Security Policy

When is Group Policy Applied?

Startup and shutdown

When is Group Policy Applied?

Startup and shutdown Logon and logoff

When is Group Policy Applied?

Startup and shutdown Logon and logoff Defined intervals

When is Group Policy Applied?

Startup and shutdown Logon and logoff Defined intervals Forced with GPUpdate.exe

Group Policy Processing

Synchronous Initial Processing

Group Policy Processing

Synchronous Initial Processing

Group Policy Processing

Synchronous Initial Processing

Asynchronous Initial Processing

Group Policy Processing

Synchronous Initial Processing

Asynchronous Initial Processing

Demo

demonstration
Modifying Group Policy Objects

Group Policy Modeling and Results

Group Policy Modeling
Simulates GPOs on user or computer

Group Policy Results

Reports actual policy settings

Demo

demonstration
Group Policy Modeling and Results
Using Group Policy Modeling Using Group Policy Results

Backing Up and Restoring GPOs

Backing Up and Restoring GPOs

Backing Up and Restoring GPOs

Backing Up and Restoring GPOs

Demo

demonstration
Backing up and Restoring GPOs

Session Summary
Manage and control your environment more easily with Group Policy Use a staging environment to test Group Policy before production deployment Use the GPMC to manage Group Policy

For More Information

Visit TechNet at

www.microsoft.com/technet
Visit the following URL for additional information

www.microsoft.com/technet/ADD-06

Microsoft Press Publications

For the latest titles, visit

www.microsoft.com/learning/books/itpro/

Non-Microsoft Publications

These books can be purchased at all major bookstores and online retailers. .

Training Resources
Course ID Title

2274

Managing a Microsoft Windows Server 2003 Environment

For training information and availability

www.microsoft.com/learning

Readiness with Skills Assessment

Self-study learning tool free to anyone Determines skills gaps Provides learning plans Post your score; see how you stack up

Visit www.microsoft.com/assessment

Become a Microsoft Certified Professional

What are MCP certifications?
Validation in performing critical IT functions

Why Certify?
Worldwide recognition of skills gained through experience More effective deployments with reduced costs for your organizations

What Certifications are there for IT pros?

MCP, MCSE, MCSA, MCDST, MCDBA.

www.microsoft.com/learning/mcp

Heard the News about TechNet?

Software without time limits Complimentary technical support The most current resources on hand

www.microsoft.com/technet/subscriptions

Find all these support options at www.microsoft.com/technet/support

Microsoft offers a progressive series of support options starting with no-charge online support and developing through subscription, incident, and contract support. 1. No-Charge Online Support
Knowledge Base
Search a vast database of articles to pinpoint the information you need.

2. Subscription-Based Support
TechNet Subscription
Subscribe to TechNet for a personal library of articles, service packs, how-tos, resource kits, tools, utilities, and more. Your subscription includes monthly updates delivered on CD or DVD, so you always have the latest information, straight from the source. Upgrade to a TechNet Plus subscription and add all this: 1. Full-version evaluation software, including Microsoft Office System and Windows Server System products, without time restrictions. 2. Free support two complimentary incidents, plus a discount on other support calls. 3. Unlimited, next-business-day access to reliable answers from the IT community and Microsoft Support Professionals through Managed Newsgroups (English only).

3. Assisted Incident Support

E-mail Support
Get online incident help via e-mail from a Microsoft Support Professional.

4. Contract-Based Support
Premier Support

Newsgroups
Access over 20,000 active newsgroups on scores of topics.

Phone Support
Get incident help over the phone from a Microsoft Support Professional.

Product Support Centers

Get answers to frequently asked questions, plus how-to articles and stepby-step instructions organized by product.

Phone Support Contract

Save with a discounted 5-Pack Phone Support contract.

Advisory Services
Add remotely delivered consultation options from Microsoft Advisory Services for proactive support that goes far beyond routine product maintenance.

Get the flexibility to match support options to your organization and enjoy direct access to Microsoft technical experts at any time, day or night. Premier Support delivers customized options for businesses with complex needs, including dedicated technical professionals to oversee your support, 24x7 problem resolution, and training and workshops that keep your IT staff up to date.

DLL Help Database

Search here to identify the software used to install a specific DLL version.

Essential Support
Essential Support offers prepackaged options specifically designed to meet the fundamental support requirements of any business, large or small. Includes account management, problem resolution, and information services.

Events and Errors Message Center

Resolve event and error messages fast with explanations, recommendations, and links to support and resources.

Support Webcasts
Tune in to live technical presentations by Microsoft experts and take part in realtime Q&A.

Chats
Chat online with Microsoft specialists or search the transcript archives.

User Group Program

Access information and support for IT and other interest-specific user groups.

TechNet Security Resource Center

Get ahead of security risks with resources that keep you current, including security newsletters and the Microsoft notification service.

Where Else Can I Get Help?

Free chats and webcasts List of newsgroups Microsoft community sites Community events and columns

www.microsoft.com/technet/community