IT tutorials
 
Technology
 

Active Directory 2008 : Implementing Group Policy (part 5)

8/23/2013 9:27:46 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Practice Implementing Group Policy

In this practice, you implement configuration in the contoso.com domain by using Group Policy. You create, configure, and scope GPOs, and you also gain hands-on experience with the features of Group Policy in Windows Server 2008 R2.

EXERCISE 1 Create, Edit, and Scope a Group Policy Object

In this exercise, you create a GPO that implements a setting mandated by the corporate security policy of Contoso, Ltd., and you scope the setting to all users and computers in the domain.

  1. Log on to SERVER01 as Administrator.

  2. Open the Group Policy Management console from the Administrative Tools folder.

  3. Expand Forest, Domains, the contoso.com domain, and the Group Policy Objects container.

  4. Right-click the Group Policy Objects Container in the console tree and choose New.

  5. In the Name box, type CONTOSO Standards. Click OK.

  6. Right-click the CONTOSO Standards GPO and choose Edit.

    Group Policy Management Editor appears.

  7. Right-click the root node of the console, CONTOSO Standard, and choose Properties.

  8. Click the Comment tab and type Contoso corporate standard policies. Settings are scoped to all users and computers in the domain. Person responsible for this GPO: your name. Then click OK.

    In this scenario, the Contoso corporate IT security policy specifies that computers cannot be left unattended and logged on for more than 10 minutes. To meet this requirement, you configure the screen saver timeout and password-protected screen saver policy settings. You use the search functionality of Group Policy to locate the policy settings.

  9. Expand User Configuration\Policies\Administrative Templates.

  10. Spend a few moments browsing the settings beneath this node. Review the explanatory text of policy settings that sound interesting to you. Do not make any configuration changes.

  11. Right-click Administrative Templates in the User Configuration node and choose Filter Options.

  12. Select the Enable Keyword Filters check box.

  13. In the Filter For Word(s) text box, type screen saver.

  14. In the drop-down list next to the text box, choose Exact.

  15. Click OK.

    Administrative Templates policy settings are filtered to show only those that contain the words screen saver.

  16. Browse to examine the screen saver policies that you have found.

  17. In the Control Panel\Personalization node, click the policy setting Screen Saver Timeout. Note the explanatory text in the left margin of the console’s details pane.

  18. Double-click the policy setting Screen Saver Timeout.

  19. Review the explanatory text in the Help box.

  20. Click Enabled.

  21. In the Seconds box, type 600.

  22. In the Comment box, type Corporate IT Security Policy implemented with this policy in combination with Password Protect The Screen Saver.

  23. Click OK.

  24. Double-click the Password Protect The Screen Saver policy setting.

  25. Click Enabled.

  26. In the Comment box, type Corporate IT Security Policy implemented with this policy in combination with Screen Saver Timeout.

  27. Click OK.

  28. Close the GPME.

    Changes you make in the GPME are saved in real time. There is no Save command.

  29. In the Group Policy Management console, right-click the contoso.com domain and choose Link An Existing GPO.

  30. Select the CONTOSO Standards GPO and click OK.

EXERCISE 2 View the Effects of Group Policy Application

In this exercise, you experience the effect of the Group Policy setting you configured in Exercise 1, “Create, Edit, and Scope a Group Policy Object,” and you practice triggering a manual policy refresh, using Gpupdate.exe.

  1. On SERVER01, start Control Panel, and then click Appearance.

  2. Click Change Screen Saver.

  3. Note that you can change the screen saver timeout and the option to display the logon screen on resume. Close the Screen Saver Settings dialog box.

  4. Open Command Prompt and type gpupdate.exe /force /boot /logoff.

    These options of the Gpupdate.exe command invoke the most complete Group Policy refresh. Wait until the command has completed.

  5. Return to the Screen Saver Settings dialog box. Note that you can no longer change the screen saver timeout or resume option.

EXERCISE 3 Explore a GPO

Now that you’ve seen a GPO in action, you explore the GPO itself to learn about the inner workings of Group Policy.

  1. In the Group Policy Management console, in the console tree under the Group Policy Objects container, select the CONTOSO Standards GPO.

  2. On the Scope tab, notice that the GPO reports its links in the Links section.

  3. Click the Settings tab to see a report of the policy settings in the GPO.

    If you have Internet Explorer Enhanced Security Configuration (IE ESC) enabled, you are prompted to confirm that you want to add about:security_mmc.exe to your Trusted Sites zone. Click Add. In the Trusted Sites dialog box, click Add, and then click Close.

  4. Click the Show All link at the top of this settings report to expand all sections of the report. Notice that the policy setting comments you added are part of the settings report.

  5. Point to the text for the policy Screen Saver Timeout. Notice that the policy title is actually a hyperlink. Click the link to open a new window that shows the explanatory text for the policy setting.

    If you have IE ESC enabled, you are prompted to confirm that you want to add about:security_mmc.exe to your Trusted Sites zone. Click Add. In the Trusted Sites dialog box, click Add, and then click Close. If a Script Error dialog box appears, click Yes. If you continue to have problems clicking the Screen Saver Timeout link, open Server Manager and disable IE ESC.

  6. In the Group Policy Management console, click the Details tab. Notice that your GPO comments appear on this tab along with GPO version information.

  7. Write down the Unique ID shown on the Details tab.

  8. In Windows Explorer, open the following folder: \\contoso.com\SYSVOL\contoso.com\Policies.

  9. Double-click the folder with the same name as the GPO’s Unique ID.

    This is the GPT of the GPO.

EXERCISE 4 Explore Administrative Templates

Administrative templates provide the instructions with which the GPME creates a user interface to configure Administrative Templates policy settings and specify the registry changes that must be made based on those policy settings. In this exercise, you examine an administrative template.

  1. In Windows Explorer, open the %SystemRoot%\PolicyDefinitions folder.

  2. Open the en-us folder or the folder for your region and language.

  3. Double-click ControlPanelDisplay.adml. Choose the Select A Program From A List Of Installed Programs option and click OK. Choose to open the file with Notepad and click OK.

  4. Turn on Word Wrap from the Format menu.

  5. Search for the ScreenSaverIsSecure text.

  6. Note the label for the setting and, on the next line, the explanatory text.

  7. Close the file and navigate up to the PolicyDefinitions folder.

  8. Double-click ControlPanelDisplay.admx. Choose the Select A Program From A List Of Installed Programs option and click OK. Choose to open the file with Notepad and click OK.

  9. Search for the text shown here:

    <policy name="CPL_Personalization_ScreenSaverIsSecure" class="User"
                displayName="$(string.CPL_Personalization_ScreenSaverIsSecure)"
                explainText="$(string.CPL_Personalization_ScreenSaverIsSecure_Help)"
                key="Software\Policies\Microsoft\Windows\Control Panel\Desktop"
                valueName="ScreenSaverIsSecure">
       <parentCategory ref="Personalization" />
       <supportedOn ref="windows:SUPPORTED_Win2kSP1" />
       <enabledValue>
          <string>1</string>
       </enabledValue>
       <disabledValue>
          <string>0</string>
        </disabledValue>
    </policy>

  10. Identify the parts of the template that define the following:

    • The name of the policy setting that appears in the GPME

    • The explanatory text for the policy setting

    • The registry key and value affected by the policy setting

    • The data put into the registry if the policy is enabled

    • The data put into the registry if the policy is disabled

EXERCISE 5 Create a Central Store

In this exercise, you create a central store of administrative templates to centralize the management of templates.

  1. In the Group Policy Management console, right-click CONTOSO Standards and choose Edit.

  2. Expand User Configuration\Policies\Administrative Templates, and then click Administrative Templates.

  3. Note that the node reports Policy Definitions (ADMX Files) Retrieved From The Local Machine.

  4. Close the GPME.

  5. In Windows Explorer, open the following folder: \\contoso.com\SYSVOL\contoso.com\Policies.

  6. Create a folder named PolicyDefinitions.

  7. Copy the contents of the %SystemRoot%\PolicyDefinitions folder to the \\contoso.com\SYSVOL\contoso.com\Policies\PolicyDefinitions folder you created in the previous step.

  8. In the Group Policy Management console, right-click CONTOSO Standards and choose Edit.

  9. Expand User Configuration\Policies\Administrative Templates, and then click Administrative Templates.

  10. Note that the node reports Policy Definitions (ADMX Files) Retrieved From The Central Store.
 
Others
 
- Active Directory 2008 : Implementing Group Policy (part 4) - Registry Policies in the Administrative Templates Node
- Active Directory 2008 : Implementing Group Policy (part 3) - Policy Settings
- Active Directory 2008 : Implementing Group Policy (part 2) - Group Policy Objects
- Active Directory 2008 : Implementing Group Policy (part 1) - An Overview and Review of Group Policy
- Microsoft Lync Server 2010 : Front End and User Migration to Lync Server 2010 (part 2) - Automatic Client Upgrade , Decommission Process
- Microsoft Lync Server 2010 : Front End and User Migration to Lync Server 2010 (part 1)
- Microsoft Lync Server 2010 : Migrating from LCS and OCS - Edge Server Migration to Lync Server 2010
- Microsoft Lync Server 2010 : Migrating from LCS and OCS - Office Communications Server 2007 R2
- Windows 8 : Managing Content - Libraries - To add a folder to a library
- Windows 8 : Managing Content - The Picker (part 2) - To open a file or files, To view an alphabetical directory of your folders
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us