mcse-08-implementing of an active directory service-05-theory

8/6/2019 MCSE-08-Implementing of an Active Directory Service-05-Theory

1/52

ADVANTAGE PRO Chennais Premier Networking Training Center

Implementing Group Policy


2/52


Content

Creating and Configuring GPOs

Configuring Group Policy Refresh Rates and Group

Policy Settings

Managing GPOs

Verifying and Troubleshooting Group Policy

Delegating Administrative Control of Group Policy

Planning a Group Policy Strategy for Enterprise


3/52


GPO Components

Group Policy Object

Contains Group Policy Settings

Stores content in two locations

-- Group Policy Container (GPC)

-- Group Policy Template (GPT)


4/52


GPO Components

Group Policy Container (GPC)

It is an Active Directory object that contains GPO

status.

Computer can access the GPC to locate GPT and DC

can access the GPC to obtain Version information

Replication occurs to obtain the latest version of the

GPO


5/52


GPO Components

Group Policy Template

It is a folder hierarchy in the shared SYSVOL folder

on a DC.

It contains all Group Policy settings and information,

including administrative templates, security, software

installation, scripts and folder redirection.

It is identical to GUID that Active Directory users to

identify the GPO in the GPC.


6/52


Installing Group Policy Management Console

Download the Group Policy Management Tool frominternet.

Run the EXE file which you have downloaded from

the internet


7/52


Loop back Processing

Loop back processing applies the set of GPOs for thecomputer to any user who logs on, is affected by this

settings.

Loop back processing has two modes

-- Replace Mode

-- Merge Mode


8/52



Replace Mode

This mode replaces the users settings that are defined

in computer GPOs.

Replace GPOs with the user settings that are

normally applied to the user.


9/52



Merge Mode

This mode combines the user settings that are

defined in computer GPOs and the users GPOs.

If conflict occurs, the user settings in the computers

GPO take precedence over the users normal settings.


10/52


Order in which Group Policy Applied

When Computer Starts Computer settings applied

Startup Scripts runs

When User logs on User settings apllied

Logon scripts run


11/52


Assign Group Policy Script Settings

Procedure for Copying a Script


12/52


Refresh Group Policy using Gpupdate.exe

Procedure

In the Run dialog box, type cmd and then press Enter

Type

Gpupdate [/target:{computer/user}] [/force]

[/wait:vslue] [/logoff] [/boot]


13/52


Copy Operation

A copy of a GPO transfers only the settings within aGPO

The new GPO is created unlinked

When you copy a GPO from a domain to another,

you must specify the mapping behavior.


14/52


Backup Operation

In a Backup operation, Group Policy Managementexport all data in the GPO to the selected file and

saves the GPT files

You can send backed-up GPO to folder by using arestore or import operation

You can only restore a backed-up GPO to another

domain by using an import operation.


15/52


Store a Backup

Identify each backed-up GPO by one of the followingcriteria

GPO display name

GPO GUID

Description of the backup

Date and time stamp of the backup

Domain name


16/52


Restore Operation

In a restore operation, the contents of the GPO arereturned to exactly the same state.

You can restore exiting GPO or a deleted GPO that

was backed up.


17/52


Common problems with imlementing Group

Policy

SYMPTOM CAUSE

Cannot open a GPO Read and Write permissions for the GPO

are not signed

Cannot edit a GPO A networking problem

Cannot apply Group Policy on a GPO are not applied to security groupssecurity group

No effect of Group Policy on a site, Group Policy settings are not configured correctly

domain, or organizational unit

No effect of Group Policy in an GPOs cannot be linked to Active Directory containers

Active Directory containerNo effect of Group Policy on a client A non-local GPO can overwrite local polices

computer


18/52


Group Policy Modeling

You can simulate a policy deployment for users andcomputers before applying the policies.

This feature in Group Policy Management is known

as Resultant Set of Policies(RSoP).

To verify Group Policy settings, you must first create

a Group Policy Query.


19/52


Delegation of GPOs

Delegate the ability to create GPOs: Add the group or user to the Group Policy Creator

Owerns group.

This only method is available prior to Group Policy

Mangement.

Explicity assign the group or user premission to

create GPOs.


20/52


Delegation of GPOs

Delegate Permissions on a individual GPO: Read

Edit settings

Edit, Delete, Modify Security

Read (from Security Filtering)

Custom


21/52


Delegation of WMI Filters

The permissions on the WMI Policy containerdetermine the permissions that a user has to create,

edit, and delete WMI filters

There are two permissions for creating WMI filters:

-- Creator Owner

-- Full Control


22/52


DEPLOYING AND

MANAGING SOFTWARE BY

USING GROUP POLICY


23/52


MANAGING SOFTWARE DEPLOYMENT

You can mange software by using the softwareinstallation extension of group policy.

Users have immediate access to the software that

they require to perform their jobs.

They have an easy and consistent experience when

working with software through its life cycle.

You can use group policy to manage the software

deployment process centrally or from one location.


24/52



You can apply group policy settings to users orcomputers in a site, domain or a organizational unit.

You can manage the various phases of software

deployment without deploying software on each

computer.


25/52



The software life cycle consists of four phases.1.Preparation.

2.Deployment.

3.Maintenance.

4.Removal.


26/52


27/52



That distribution point will be the shared folder in theserver.

You can create a package file by using a third party

utility.


28/52



DEPLOYMENT:

You create GPO that installs the software on the

computer and links the GPO to an appropriate active

directory container.

The software is installed when the computer starts.

Or when the user start the application.


29/52



MAINTENANCE:

You upgrade software with a new version.

Then the software is automatically upgraded when

the computer starts or when the user starts the

application.


30/52



REMOVAL:

To eliminate software that is no longer required.

You remove the software package setting from the

GPO.

The software is then automatically removed.


31/52


WINDOWS INSTALLER:

To enable the group policy to deploy and manage

software.

To deploy and manage software windows 2003 uses

the windows installer.

This component automates the installation and

removal of application.


32/52


The windows installer contains two components.Windows installer service.

Windows installer package.


33/52


WINDOWS INSTALLER SERVICE:

Fully automates the software installation and

configuration process.

Modifies or repairs an existing application

installation.

It installs an application either directly from the

CD-Rom or by using group policy.


34/52


WINDOWS INSTALLER PACKAGE:

Information about installing or uninstalling an

application.

A windows installer file with an .msi extension

Summary information about the software and the

package.

A reference to an installation point where the product

files reside.


35/52


DEPLOYING SOFTWARE:

Deploying software ensures that required application

are available from any computer that a user logs on.

Before going to deploy a software you must specify

how application are installed and maintained in your

organization.


36/52


SOFTWARE DEPLOYMENT PROCESS :

Create a software distribution point.

Use GPO to deploy a software.

Change the software deployment properties.


37/52


There are two types of software deployment.Assigning

Publishing


38/52


ASSIGNING:

In assigning there are two methods one is user

configuration another one is computer configuration.

PUBLISHING:

In publishing there are two methods one is using add or

remove program another one is using document

activation.


39/52


CONFIGURING SOFTWARE

DEPLOYMENT


40/52


SOFTWARE CATEGORIES :

To organize assigned and published software into

logical groups.

So users can easily locate applications in Add or

remove programs.

We can create software categories to arrange

different applications.


41/52


You can organize software into categories,such asgraphics, Microsoft office, and accounting

categories.

You can use the same list of software categories inall policies in the forest.


42/52


SOFTWARE UPGRADES :

You can use group policy to deploy and manage

software upgrades that meet departmental

requirements in your organization.

Upgrades typically involve major changes to

software and have a new version numbers.

A new version of the software is released that

contains new and improved features.


43/52


44/52


45/52


SOFTWARE REDEPLOYMENT:

You can redeploy a deployed package to force a

reinstallation of the software.

If there are interoperability issues or viruses that a

reinstall of the software will fix.


46/52


TO REDEPLOY A SOFTWARE

PACKAGE


47/52


48/52



49/52


REMOVING DEPLOYED SOFTWARE:

There are two removal methods

Forced removal.

Optional removal.


50/52


FORCED REMOVAL:

You can force the removal of the software.

It will automatically deletes the software from a

computer.

Removal takes place before the desktop appears.


51/52


OPTIONAL REMOVAL:

You remove the software from the software

installation.

Software is not actually removed from computers.

The software no longer appears in Add or Remove

programs, but users can still use it.

If users can manually delete the software, they

cannot reinstall it.


52/52


mcse-08-implementing of an active directory service-05-theory

Documents