Book Image

Mastering Windows Group Policy

By : Jordan Krause
5 (1)
Book Image

Mastering Windows Group Policy

5 (1)
By: Jordan Krause

Overview of this book

This book begins with a discussion of the core material any administrator needs to know in order to start working with Group Policy. Moving on, we will also walk through the process of building a lab environment to start testing Group Policy today. Next we will explore the Group Policy Management Console (GPMC) and start using the powerful features available for us within that interface. Once you are well versed with using GPMC, you will learn to perform and manage the traditional core tasks inside Group Policy. Included in the book are many examples and walk-throughs of the different filtering options available for the application of Group Policy settings, as this is the real power that Group Policy holds within your network. You will also learn how you can use Group Policy to secure your Active Directory environment, and also understand how Group Policy preferences are different than policies, with the help of real-world examples. Finally we will spend some time on maintenance and troubleshooting common Group Policy-related issues so that you, as a directory administrator, will understand the diagnosing process for policy settings. By the end of the book, you will be able to jump right in and use Group Policy to its full potential.

Related Content you might be interested in

Current Title:

Small book image
Mastering Windows Group Policy
Jordan Krause
Nov, 2018 | 408 pages
Small book image
Windows Server 2016 Administration Cookbook
Jordan Krause
Apr, 2018 | 248 pages
Small book image
Mastering Windows Server 2019, Third Edition
Jordan Krause
Jul, 2021 | 690 pages
Small book image
Mastering Windows Server 2022
Jordan Krause
May, 2023 | 720 pages
Table of Contents (12 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Group Policy - The Basics
Group Policy - The Basics
Terminology
What is Group Policy?
Requirements for Group Policy
Hierarchy of Group Policy processing
Building a lab to test Group Policy today
Summary
2
Group Policy Management Console (GPMC)
Group Policy Management Console (GPMC)
Technical requirements
Launching the console locally
Accessing Group Policy remotely
Exploring the GPMC
Summary
3
Daily Tasks in Group Policy
Daily Tasks in Group Policy
Default policies and permissions
Modifying an existing GPO
Creating a new GPO
More on GPO links
Everyday command-line tools
Summary
4
Advanced Filtering of Group Policy Objects
Advanced Filtering of Group Policy Objects
Link order precedence
Blocking GPO inheritance
Enforcing GPOs
User settings versus computer settings
Exercises with OUs and links
Filtering GPOs with security filters
Filtering GPOs with WMI filters
Summary
5
Deploying Policy Settings
Deploying Policy Settings
Managed versus unmanaged policies
Administrative Templates
Computer configuration policies
User configuration policies
Group Policy loopback processing
Summary
6
Group Policy Preferences
Group Policy Preferences
How is a preference different from a policy setting?
Create, Replace, Update, or Delete
Green and red marks
The Common tab
Implementing Preferences
Summary
7
Group Policy as a Security Mechanism
Group Policy as a Security Mechanism
Password rules and regulations
A plethora of security settings
Windows Firewall with Advanced Security
Manipulating Local Users and Groups
Denying access to Command Prompt
Prohibiting user software-installation
Disabling IPv6 via Group Policy
User Account Control
Blocking USB Drives
Summary
8
Group Policy Maintenance
Group Policy Maintenance
Documenting Group Policy
Searching Group Policy
Starter GPOs
Backing up and restoring GPOs
Implementing ADMX/ADML files
Delegating permissions to manage Group Policy
Summary
9
Group Policy Troubleshooting
Group Policy Troubleshooting
Troubleshooting tools and procedures
GPO version numbers
Checking the replication status via GPMC
Detecting slow links
The trouble with FRS
Group Policy results wizard
Group Policy Modeling
Summary
10
PowerShell for Group Policy Administration
PowerShell for Group Policy Administration
Importing PowerShell Group Policy modules
PowerShell for GPOs and Links
GPO information and reporting
GPO permissions via PowerShell
Using PowerShell to back up and restore GPOs
Remotely running GPUpdate
Using PowerShell Help
Summary
11
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Terminology

Let's back the train up a little. Some of you know all of this, and may in fact know everything that we discuss in this first chapter. But some will not, and we need to cover our bases. We have already thrown around some terms that are uber important to know and understand as we progress, and there will be more, so let's take a minute to spell out some of the things we are going to be referencing throughout this book:

  • Active Directory Domain Services (ADDS): More commonly referred to as simply AD, this is a directory or a listing of all the users and computers that are part of your organization. It's sort of like a really important Rolodex.
  • Domain Controller (DC): A server that is running the ADDS role, and therefore stores the information about your organization's directory, is known as a Domain Controller. Most environments have multiple DCs, each of which stores a copy of the directory data because this Active Directory data is so important, you definitely don't want to lose it!
  • Active Directory Users and Computers: One of the tools (probably the most common one) that is used to interact with the data that is stored inside AD. Active Directory Users and Computers is a great place to stop for information about, surprise surprise, any user or computer that is joined to your domain.
  • Active Directory Sites and Services: Businesses like to grow and make money, and often this means that a company will eventually span multiple geographic locations and network subnets. AD Sites and Services is a tool that helps to organize your physical sites as they pertain to the information stored inside Active Directory.
  • Group Policy: Gives centralized management capabilities of both user and computer settings for the machines and user accounts that are part of your Active Directory domain environment.
  • Group Policy Object (GPO): These are objects created and stored inside Active Directory that contain the settings that you are applying to users and computers.
  • Group Policy Management Console (GPMC): The primary interface that administrators use to interact with Group Policy settings.
  • Group Policy Management Editor (GPME): The interface opened when editing a Group Policy Object. GPME is what you use to place settings into GPOs.
  • Organizational Unit (OU): Inside Active Directory, you organize your domain hierarchy by placing device and user objects inside containers known as OUs. Each domain object can only be a member of one OU at any given time. This will be important to remember later.
Previous Section
End of Section 2
Next Section