IT tutorials
 
Technology
 

Active Directory 2008 : Implementing a Group Policy Infrastructure - Supporting Group Policy (part 2)

8/28/2013 2:51:16 PM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

3. Troubleshooting Group Policy with the Group Policy Results Wizard and Gpresult.exe

As an administrator, you are likely to encounter scenarios that require Group Policy troubleshooting. You might need to diagnose and solve problems, including the following:

  • GPOs are not being applied at all.

  • The resultant set of policies for a computer or user is not what was expected.

The Group Policy Results Wizard and Gpresult.exe often provide the most valuable insight into Group Policy processing and application problems. Remember that these tools examine the WMI RSOP provider to report exactly what happened on a system. Examining the RSOP report often points you to a GPO that is scoped incorrectly or policy processing errors that prevented the application of settings in a GPO.

4. Performing What-If Analyses with the Group Policy Modeling Wizard

If you move a computer or user between sites, domains, or OUs, or change its security group membership, the GPOs scoped to that user or computer change and, therefore, the RSOP for the computer or user is different. RSOP also changes if slow link or loopback processing occurs or if there is a change to a system characteristic that is targeted by a WMI filter.

Before you make any of these changes, you should evaluate the potential impact to the RSOP of the user or computer. The Group Policy Results Wizard can perform RSOP analysis only on what has actually happened. To predict the future and to perform what-if analyses, you can use the Group Policy Modeling Wizard.

To perform Group Policy modeling, right-click the Group Policy Modeling node in the Group Policy Management console tree, click Group Policy Modeling Wizard, and then perform the steps in the wizard.

Modeling is performed by conducting a simulation on a domain controller, so you are first asked to select a domain controller that is running Windows Server 2003 or later. You do not need to be logged on locally to the domain controller, but the modeling request will be performed on the domain controller. You are then asked to specify the settings for the simulation:

  • Select a user or computer object to evaluate, or specify the OU, site, or domain to evaluate.

  • Choose whether slow link processing should be simulated.

  • Specify whether to simulate loopback processing and, if so, choose Replace or Merge mode.

  • Select a site to simulate.

  • Select security groups for the user and the computer.

  • Choose which WMI filters to apply in the simulation of user and computer policy processing.

When you have specified the settings for the simulation, you receive a report that is very similar to the Group Policy Results report discussed earlier. The Summary tab shows which GPOs will be processed, and the Settings tab displays the policy settings that will be applied to the user or computer. You can save this report by right-clicking it and choosing Save Report.

5. Examining Policy Event Logs

Windows Vista, Windows Server 2008, and later versions of Windows improve your ability to troubleshoot Group Policy not only with RSOP tools but also with improved logging of Group Policy events.

The System log provides high-level information about Group Policy, including errors created by the Group Policy Client when it cannot connect to a domain controller or locate GPOs. The Application log captures events recorded by CSEs. The Group Policy Operational Log provides detailed information about Group Policy processing.

To find these Group Policy logs, open the Event Viewer snap-in or console. The System and Application logs are in the Windows Logs node. The Group Policy Operational Log is found in Applications And Services Logs\Microsoft\Windows\GroupPolicy\Operational.

Practice Configuring Group Policy Scope

Practice Configuring Group Policy Scope

In this practice, you follow a scenario that builds upon the GPOs you created and configured in Lessons 1 and 2. You perform RSOP results and modeling analysis and examine policy-related events in the event logs. To perform these exercises, you must have completed the practices in Lessons 1 and 2.

EXERCISE 1 Use the Group Policy Results Wizard

In this exercise, you use the Group Policy Results Wizard to examine RSOP on SERVER01. You confirm that the policies you created in Lessons 1 and 2 have applied.

  1. Log on to SERVER01 as Administrator.

  2. Open Command Prompt and type gpupdate.exe /force /boot to initiate a Group Policy refresh.

    If the system reboots, log on as Administrator. If the system does not reboot, close Command Prompt.

    Make a note of the current system time; you will need to know the time of the refresh for Exercise 3, “View Policy Events.”

  3. Open the Group Policy Management console.

  4. Expand Forest.

  5. Right-click Group Policy Results and click Group Policy Results Wizard.

  6. Click Next.

  7. On the Computer Selection page, select This Computer and click Next.

  8. On the User Selection page, select Display Policy Settings For, select Select A Specific User, and select CONTOSO\Administrator. Then click Next.

  9. On the Summary Of Selections page, review your settings and click Next.

  10. Click Finish.

    The RSOP report appears in the details pane of the console.

  11. On the Summary tab, click the Show All link at the top of the report.

  12. Review the Group Policy Summary results. For both user and computer configuration, identify the time of the last policy refresh and the list of allowed and denied GPOs. Identify the components that were used to process policy settings.

  13. Click the Settings tab and click the Show All link at the top of the page. Review the settings that were applied during user and computer policy application and identify the GPO from which the settings were obtained.

  14. Click the Policy Events tab and locate the event that logs the policy refresh you triggered with the Gpupdate.exe command in step 2.

  15. Click the Summary tab, right-click the page, and choose Save Report. Save the report as an HTML file to your Documents folder with a name of your choice.

  16. Open the saved RSOP report from your Documents folder.

EXERCISE 2 Use the Gpresult.exe Command

In this exercise, you perform RSOP analysis in Command Prompt, using Gpresult.exe.

  1. Open Command Prompt.

  2. Type gpresult /r and press Enter.

    RSOP summary results are displayed. The information is very similar to the Summary tab of the RSOP report produced by the Group Policy Results Wizard.

  3. Type gpresult /v and press Enter.

    A more detailed RSOP report is produced. Notice many of the Group Policy settings applied by the client are listed in this report.

  4. Type gpresult /z and press Enter.

    The most detailed RSOP report is produced.

  5. Type gpresult /h:“%userprofile%\Documents\RSOP.html” and press Enter.

    An RSOP report is saved as an HTML file to your Documents folder.

  6. Open the saved RSOP report from your documents folder. Compare the report, its information, and its formatting to the RSOP report you saved in the previous exercise.

EXERCISE 3 View Policy Events

As a client performs a policy refresh, Group Policy components log entries to the Windows event logs. In this exercise, you locate and examine Group Policy–related events.

  1. Open the Event Viewer console from the Administrative Tools folder.

  2. Expand Windows Logs and click System.

  3. Locate events with GroupPolicy as the Source. You can even click the Filter Current Log link in the Actions pane and then select GroupPolicy in the Event Sources drop-down list.

  4. Review the information associated with GroupPolicy events.

  5. Click the Application node in the console tree under Windows Logs.

  6. Sort the Application log by the Source column.

  7. Review the logs by Source and identify the Group Policy events that have been entered in this log.

    Which events are related to Group Policy application, and which are related to the activities you have been performing to manage Group Policy?

  8. In the console tree, expand Applications And Services Logs\Microsoft\Windows \GroupPolicy and click Operational.

  9. Locate the first event related to the Group Policy refresh that you initiated in Exercise 1, “Use the Group Policy Results Wizard,” with the Gpupdate.exe command. Review that event and the events that followed it.

EXERCISE 4 Perform Group Policy Modeling

In this exercise, you use Group Policy modeling to evaluate the potential effect of your policy settings on users who log on to sales laptops.

  1. Open the Active Directory Users And Computers snap-in.

  2. Create a user account for Mike Danseglio in the User Accounts OU.

  3. Create a computer account in the Clients OU called LAPTOP101.

  4. Add LAPTOP101 to the Sales Laptops group.

  5. In the Group Policy Management console, expand Forest.

  6. Right-click Group Policy Modeling and choose Group Policy Modeling Wizard.

  7. Click Next.

  8. On the Domain Controller Selection page, click Next.

  9. On the User And Computer Selection page, in the User Information section, click User, click Browse, and then select Mike Danseglio.

  10. In the Computer Information section, click Computer, click Browse, and select LAPTOP101 as the computer.

  11. Click Next.

  12. On the Advanced Simulation Options page, select the Loopback Processing check box and select Merge.

    Even though the Sales Laptop Configuration GPO specifies the loopback processing, you must instruct the Group Policy Modeling Wizard to consider loopback processing in its simulation.

  13. Click Next.

  14. On the Alternate Active Directory Paths page, click Next.

  15. On the User Security Groups page, click Next.

  16. On the Computer Security Groups page, click Next.

  17. On the WMI Filters For Users page, click Next.

  18. On the WMI Filters For Computers page, click. Next.

  19. Review your settings on the Summary Of Selections page. Click Next, and then click Finish.

  20. Review the information in the Group Policy Modeling report. Confirm that the following policy settings will be applied to Mike when he logs on to LAPTOP101:

    • The laptop will wait for the network at startup, so that any changes to policy settings are applied before a user is allowed to log on.

    • A password-protected screensaver will launch after 10 minutes.

    • The standard wallpaper will be used.
 
Others
 
- Active Directory 2008 : Implementing a Group Policy Infrastructure - Supporting Group Policy (part 1)
- Microsoft Lync Server 2010 : Enterprise Voice - Call Admission Control (part 2) - Network Region Links, Network Region Routes
- Microsoft Lync Server 2010 : Enterprise Voice - Call Admission Control (part 1) - Bandwidth Policy Profiles , Associate Bandwidth Policy Profile
- Microsoft Lync Server 2010 : Enterprise Voice - Network Configuration - Network Regions, Network Sites, Network Subnets
- Microsoft Lync Server 2010 : Enterprise Voice - Voice Features - Call Park, Unassigned Numbers
- Microsoft Lync Server 2010 : Enterprise Voice - Publishing Changes
- Exchange Server 2010 : Managing User Accounts and Mail Features (part 6) - Changing a User's Web, Wireless Service, and Protocol Options
- Exchange Server 2010 : Managing User Accounts and Mail Features (part 5) - Adding Mailboxes to Existing Domain User Accounts
- Exchange Server 2010 : Managing User Accounts and Mail Features (part 4) - Understanding Logon Names and Passwords - Creating Domain User Accounts with Mailboxes
- Exchange Server 2010 : Managing User Accounts and Mail Features (part 3) - Understanding Logon Names and Passwords - Creating Mail-Enabled User Accounts
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us