Windows Server 2003 ?????????

1
Windows Server 2003?????????

• ???
• jeffl_at_ms11.hinet.net

2
Introduction to Group Policy

• Group Policy Enables You to
• Set centralized and decentralized policies
• Ensure users have their required environments
• Lower total cost of ownership by controlling user
  and computer environments
• Enforce corporate policies

3
Group Policy Settings

• IntelliMirror Technology
• Establish Enforceable Configurations
• Specify Settings for

4
What Are User and Computer Configuration Settings?

• Group Policy settings for users
• Desktop settings
• Software settings
• Windows settings
• Security settings
• Group Policy settings for computers
• Desktop behavior
• Software settings
• Windows settings
• Security settings

5
When Is Group Policy Applied?
The GetGPOList Function Executes on the Client
Computer During
6
GPO Components
7
What Is a GPO Link?
8
Group Policy Objects and Active Directory
Containers

• GPO Settings Affect User and Computer Objects
  Within Sites, Domains, and OUs to Which a GPO Is
  Linked
• You can link one GPO to multiple sites, domains,
  or OUs
• You can link multiple GPOs to one site, domain,
  or OU
• You Cannot Link GPOs to Default Active Directory
  Containers

9
Group Policy Inheritance

• Windows 2003 Applies GPO Settings in a Specific
  Order
• Child Containers Inherit GPO Settings from Parent
  Containers

10
What Is Local Group Policy?
11
Tools Used to Create GPOs

• Default Group Policy tools
• Active Directory Users and Computers
• Domain and organizational unit GPOs
• Active Directory Sites and Services
• Site GPOs
• Local Security Policy
• Local computer security settings
• Add-in tools
• Group Policy Management
• Domain, organizational unit, and site GPOs

12
Creating a Group Policy Object
13
Examining the Group Policy Interface
14
What Are Disabled and Enabled Group Policy
Settings?
15
What Is GPO Management?
16
What Is Group Policy Reporting?
17
What Is a Copy Operation?

• A copy of a GPO transfers only the settings
  within a GPO
• The new GPO is created unlinked

18
What Is a Backup Operation?
Backup Operation
Backup of a GPO
In a backup operation, Group Policy Management
export all data in the GPO to the selected file
and saves the GPT files
19
What Is a Restore Operation?
Restore Operation
Backed-up GPO
In a restore operation, the contents of the GPO
are returned to exactly the same state
20
What Is an Import Operation?
Import Operation
GPO1
GPO2
GPO Settings
In an import operation, all GPO settings are
copied from the source to the target GPO
21
What Are Administrative Templates?

• Administrative Template Settings Modify Registry
  Settings That Control User Environments
• Settings Modify Registry Settings in the Registry
  Subtrees
• HKEY_LOCAL_MACHINE for computer settings
• HKEY_CURRENT_USER for user settings
• If a GPO No Longer Applies, Policy Settings Are
  Removed
• Windows 2003 Applies Both Group Policy and Local
  Default-Registry Settings Unless There Is a
  Conflict
• Use administrative template (.adm) files to
  control the user environment of client computers
• Windows XP Service Pack 2 administrative
  templates
• system.adm, inetres.adm, conf.adm, wmplayer.adm,
  wuau.adm

22
How Computers Apply Administrative Template
Settings
23
What Is a Security Policy?
24
What Are Security Templates?
Template Description
Default Security (Setup security.inf) Specifies default security settings
Domain Controller Default Security (DC security.inf) Specifies default security settings updated from Setup security.inf for a domain controller
Compatible (Compatws.inf) Modifies permissions and registry settings for the Users group to enable maximum application compatibility
Secure (Securedc.inf and Securews.inf) Enhances security settings that are least likely to impact application compatibility
Highly Secure (Hisecdc.inf and Hisecws.inf) Increases the restrictions on security settings
System Root Security (Rootsec.inf) Specifies permissions for the root of the system drive
25
What Are Security Template Settings?
Security Template Setup Security
Sample of Settings