Group Policy is a tool with which you and the settings of different components in the client computer (for Central) manage. Group Policy can be offline for Site, Domain is, OU or computers can be applied. Must make a specific set of a (GPO (Group Policy Object construction. A computer with Windows Server, by default, a Local Group Policy and a number NonLocal Group Policy can also be.
- Local Group Policy: Local knowledge must have a word with meaning, ie a Group Policy Local Group Policy on each computer to save himself when in fact such a method is Athaz Aktyvdayrktvry the environment are not domain. Local Group Policy only on a computer that is where is applied and nonLocal Group Policy is more preferable to have a Local Group Policy. Now if Aktyvdayrktvry domain environment, we nonLocal policy preferences are more on local politics. So important is when the local group policy on a computer network without Aktyvdayrktvry is present. Save this configuration Nahl Systemroot% \ System32 \ GroupPolicy% is.
- NonLocal Group Policy: This policy should be made in Aktyvdayrktvry to a site, domain, OU are related. By default, the installation Aktyvdayrktvry two Group Policy are made which include:
1. Default Domain Policy: This Syasyt on all computers, including domain, username and domain controllers apply.
2. Default Domain Controllers Policy: This policy on all Domain Controllers OU apply. I remember the account domain controllers on a separate ou Domain Controller name to be kept. If instead of sysvol folder is the default value, these policies in the% Systemroot% \ Sysvol \ Domain Name \ Policies \ GPO GUID \ Adm% in the GUID address is a unique ID.
Important: a GPO for a site that is defined on all computers that site apply. Thus, regardless of the domain member computer that has a Group Policy can be imposed. (Obviously they should be in a forest)
Group Policy Object Editor:
Group Policy change is a common tool. Although how this tool can open, it depends on where the policy is to be applied and what type of Group policy.
1. LGPO - Local Group Policy Objects:
- MMC in RUN and enter the file menu option Add / Remove Snap-In select.
- Standalone tab in the tab box Daylag Add / Remove Snap-In Click the Add button.
- Group Policy Object Editor and the Add Please note that Local Computer is selected.
- Finish with a shuffle, then press OK to close Daylag box.
* Using LGPO GPedit.msc can get into. Hence, sometimes instead of the word GPedit GPOE work are the same order is GPOE.
2. LGPO on another computer:
- Do the first steps with the difference that instead of Local Computer, select the desired computer.
3. GPO on a site:
- Go to Administrative tools and Active Directory Site & Services console open.
- In the console tree (left side bar console) on the site that you want to apply Group Policy, right click and click Properties.
- The tabs (Tab) and go to Group Policy GPO option to add a hit add. You can edit existing items, and click Edit ...
4. GPO on an OU or Domain:
- Go to Administrative tools and Active Directory Users & Computers console open.
- In the console tree (left side bar console) on the domain or OU that you want to apply Group Policy, right click and click Properties.
- The tabs (Tab) and go to Group Policy GPO option to add a hit add. You can edit existing items, and click Edit ...
Set Group Policy:
There are two different settings in the console tree GPOE provides good separation. Computer Configuration and User Configuration. As the name is obvious, Computer Configuration apply to computers without paying attention to who uses the computer. User Configuration apply to users regardless of what the computer uses. Some settings only User and some is only applicable to the Computer. Hence, the ability to find preferences among thousands of different items seems difficult. But the tree GPOE well designed and can be acceptable when an item without an exact location, it finds. A non-precise numbers regarding the number of items in this tale that Windows Vista and Server 2008 close to 3000 different items there and in Windows 3000 Item 7 of the border will be passed. It certainly can not be a 3000 option to be a review. Here are the different parts in each group will examine. If you do not Aktyvdayrktvry environment many items will not have access.
A.. Software Settings: User Configuration in both Software Installation and Computer configuration settings are available. The detail on this issue has been spoken here.
B. Windows Settings:
- Scripts: This group includes both settings, but in the Computer Configuration script at the time you turn on / turn off the computer and run set in the User Configuration part of the script when you login / logout runs your pen. Note that first and then the Startup Script Logon Script will be run like this first and then Log off Script Shut down Script. Another point is that if several different Script is set to Windows in order from top to bottom list will run scripts. Another significant issue is that the default maximum script execution time is 10 minutes. Shut down and log off if the script on each other when more than 10 minutes need to get comfortable with the Software Policy of this time change. ActiveX Scirpt any language can be used. Version of Microsoft Visual Basic scripting (VBScript) or MicrosoftJScript or Batch file is (bat. * and cmd .*) are supported.
- Security Settings: Security templates can be pre-made alternative, to edit this section. Separately in the future we will consider here.
- Other groups also are discussed in the future.
C.. Administrative Templates: This group of settings Registery-Based say why are applied through the Registry. Over 700 different items in this section there is a different self-contained groups. For more information on any of these items, a full description of your Group Policy Object Editor Posted on Tuesday is available here.
1. Explain tab on the Properties section of each item.
2. Administrative Templates Help in the Windows Server 2003 onwards there.
3. Bar explained
Note: This comment also for the other items in other sectors is also available and is a complete and comprehensive description.
Each item in the Administrative Templates section has three modes:
1. Not Configured means not applying the changes to the Registry.
2. Enabled means the effective policy is changed and the Registry.
3. Disabled means the effective policy is changed.
* Multiple policy regarding the future are spoken.
Policies in Computer Configuration Administrative Templates branch (HKEY_LOCAL_MACHINE (HKLM registry are stored and policies in the user Configuration Administrative Templates branch (HKEY_CURRENT_USER (HKCU registry are stored. Each item in a specific location of branches are stored, but in general it is:
1. HKEY_LOCAL_MACHINE \ Software \ Policies related to Computer Configuration
2. HKEY_CURRENT_USER \ Software \ Policies related to User Configuration
3. HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies related to Computer Configuration
4. HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies related to the user Configuration
Easier to manage Group Policy - Part I
One useful tool in managing group policy, Group Policy Management Console is. With this tool you can much easier to manage group policies as well as the complexity of links is unsettled. Inheritance is more obvious can be seen throughout the forest to have access. By default, the tool component features Windows Server 2008 and Windows Server 2003 can be downloaded as well.
Activation in Windows Server 2008: Sever Manager went to the console, in the Features, click Add Features and Options Group Policy Managment select and install.
Download and activate Windows Server 2003: From here you can get this tool and install (FREE - Microsoft Direct - 5.5MB)
* Note that Windows XP can be installed as well. Windows Server 2000 domain controller to the next service pack 2 and Service Pack 3 is recommended. Because the Service Pack 2 will have access to all facilities.
Start the GPMC
Open the Administrative Tools with Group Policy Management can access this tool. In the first look at tape of the show left you can see the forest structure. The domain and in two separate sites are displayed. Hmjnyn OU under the domain is also visible. So the other steps to open Group Policy Object Editor will not need. To edit any section of the policy group, just right click on it and choose the Edit button. This Group Policy Managment a new window called the Group Policy Managment Editor will open. GPO Editer in the past was called. GPO Editer with the previous contents were fully met and everything is like before. The only difference is that in both Computer Configuration and User Configuration section (nodes) have a new:
1. Policies: Includes all options and has parts in previous versions of Windows Server 2008 was available. But also added new options for its use must be updated by the client.
2 Preferences: A new section is added in Windows Server 2008 and with it you countless additional settings (in addition to policies) apply. This part will be able to manage the following information:
- Software similar to Microsoft Office versions 2003 onwards
- Mapped Drive (map a drive on the clients)
- Settings in the Registry
- Energy Options
- Regional settings (regional)
- You can Download Files, Printer is, scheduled Task to Deploy ... and on.
- You can also use the hardware to enable or disable. For example, you can use a portable hard to avoid.
Note that all operating systems prior to their release on Windows Server 2008 R1 is to use this section should be updated, otherwise the policy applied, the result will be a disaster. (Including Windows Vista Service Pack 1)
Policy outcome categories:
We have previously observed that several policies could be on a client / user is applied. Inheritance, multiple policies, filters and ... by the resulting policy will apply to difficult. While being given large number of policies, manually calculated in terms of time, would not be practical. For the Resultant Set of Policy tools we use. RSoP impact on policy will be applied and only the results will display. RSoP tools different ways to calculate the resulting policies are. Can be a query (Query) to the computer to send the result of policies that they will receive. Can also use the model to calculate the result of policies and ....
Windows Server 2008 tools for the following analysis we RSoP provides:
1. Group Policy Results Wizard
If you want to understand exactly how a computer policy / user can apply this tool to use. GPMC includes these tools, but through the MMC can also access it on. Required for this are:
- Having a credit management.
- The destination computer (client) running Windows XP is the next.
- Need to WMI on the target computer access. This means that the WMI service is running, the ports 135 and 445 are open and there is no communication problem.
- If a user is supposed to be analyzed, that user must be at least one destination computer has Login, but need not already have Login and be open Session.
To start the Group Policy Results Right-click and select Group Policy Results Wizard hit. Note the process wizard, If you choose a computer can only between users who have once select Login. You can also specify that only the User Configuration or Computer Configuration display. In this case, the selected user / computer will never need.
Note that the Event Log can even specific policy mentioned view and examine. Note that the tabs (Tab) Summery related to last only about Group Policy processing is displayed in the Settings tab, there will be Show RSoP. After analyzing the RSoP you to re-Query or Save or Print your report.
2. Group Policy Modeling Wizard
3. GPresult.exe
