gpo - windows server 2012. agenda: introduction group policy overview types of group...
TRANSCRIPT
![Page 1: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/1.jpg)
GPO - WINDOWS SERVER 2012
![Page 2: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/2.jpg)
AGENDA:
• Introduction
• Group Policy Overview
• Types of Group Policies/Objects
• Associated Technologies
• How to implement
![Page 3: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/3.jpg)
33CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
GROUP POLICY OVERVIEW
• Group Policy Definition • Preferences• Define Scope of Policy (Site,
Domain, Etc.)• Inheritance/Enforce/Block • Administration/GPMC• Naming Conventions• Security Filtering/WMI Filters• RSOP /Modeling• Login Scripts/Startup Scripts• Fine-grained Password
Policies
• Security Templates (More detail later)
• Machine vs. User Policies• Group Policy Loop-back • Change Control
![Page 4: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/4.jpg)
44CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
USER AND COMPUTER CONFIGURATION SETTINGS
Group Policy settings for users: Desktop settings Software settings Windows settings Security settings
Group Policy settings for computers:
Desktop behavior Software settings Windows settings Security settings
![Page 5: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/5.jpg)
55CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
GPO COMPONENTS
Contains Group Policy settingsStores content in two locations
Group Policy ObjectGroup Policy Object
Stored in shared SYSVOL folder Provides Group Policy settingsStored in shared SYSVOL folder Provides Group Policy settings
Group Policy TemplateGroup Policy Template
Stored in Active DirectoryProvides version informationStored in Active DirectoryProvides version information
Group Policy ContainerGroup Policy Container
![Page 6: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/6.jpg)
66CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
WHEN IS A GPO APPLIED?
Computer startsComputer starts
Computer settings applied
Startup scripts run
Computer settings applied
Startup scripts run
Refresh IntervalRefresh Interval
User logs onUser logs on
User settings applied
Logon scripts run
User settings applied
Logon scripts run
Refresh IntervalRefresh Interval
![Page 7: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/7.jpg)
77CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
GPMC (GROUP POLICY MANAGEMENT CONSOLE)
![Page 8: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/8.jpg)
88CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
WHAT IS A GPO LINK?
Organizational Unit GPOOrganizational Unit GPO
Organizational Unit GPOOrganizational Unit GPO
Site GPOSite GPO
Domain GPODomain GPO
Site
Domain
OUOU
OU
Applied in order: Local Site Domain OU
![Page 9: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/9.jpg)
99CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
GP ENFORCEMENT
![Page 10: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/10.jpg)
1010CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
POLICY FILTERING
![Page 11: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/11.jpg)
1111CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
SITE POLICIES
• Second only to local polices• Conditional Polices depending on Network location (VPN,
DMZ, etc)• Time Zones• Printer location related policies
![Page 12: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/12.jpg)
1212CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
DOMAIN POLICIES
• Password and Account Policies• Security and Auditing Policies• Control Restricted Domain Groups• Do not use the Default Domain Policy
![Page 13: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/13.jpg)
1313CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
DEFAULT DOMAIN POLICIES
• Password Settings• Account Lockout Settings• Allow system to be shutdown without having to log on• Change Administrator account name to: • Change Guest account name to:• Clear pagefile on shutdown• Digitally sign server side communication• Digitally sign client communication
![Page 14: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/14.jpg)
1414CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
FINE GRAINED PASSWORD POLICIES
• New in AD DS 2008• Allows companies to define different password policies for
groups within their organization, without creating separate domains
![Page 15: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/15.jpg)
1515CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
USER POLICIES
• Desktop lockdown discussion » Removal of My Documents folder from
computer/Redirection» Removal of context menus» Remove Add/Remove programs» Password protect screen saver» Standard desktop? – same screen saver, desktop
background, fonts, etc for certain users?» Allow/disallow shared folders» Login/Logout Scripts- SW installation» Loopback processing mode (Kiosks)
![Page 16: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/16.jpg)
1616CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
MACHINE POLICIES
• Roaming profiles – on or off, should they propagate to server• Startup scripts and shutdown scripts – async or sync• Run this at user logon – no matter which user• Disk quotas• Dynamic DNS• Group policy refresh interval• Security policy• EFS policy• (desktops) Remote assistance on/off• (desktops) system restore on/off/settings• (desktops) NTP – time settings
![Page 17: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/17.jpg)
1717CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
GUIDELINES FOR PLANNING GPOS
• Apply GPO settings at the highest level• Reduce the number of GPOs• Create specialized GPOs• Use the Enforced option only when required• Use Block Inheritance sparingly• Use security filtering only when necessary
![Page 18: GPO - WINDOWS SERVER 2012. AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement](https://reader030.vdocuments.net/reader030/viewer/2022032415/56649f065503460f94c1b1db/html5/thumbnails/18.jpg)
1818CDW — PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
Questions?