Implementing Group Policy

david323
0 ℃
2020-04-18

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

ImplementingGroupPolicyOverviewIntroductiontoGroupPolicyGroupPolicyStructureWorkingwithGroupPolicyObjectsHowGroupPolicySettingsAreAppliedinActiveDirectoryModifyingGroupPolicyInheritanceDelegatingAdministrativeControlofGroupPolicyMonitoringandTroubleshootingGroupPolicyBestPracticesIntroductiontoGroupPolicyGroupPolicyEnablesYouto:SetcentralizedanddecentralizedpoliciesEnsureusershavetheirrequiredenvironmentsLowertotalcostofownershipbycontrollinguserandcomputerenvironmentsEnforcecorporatepoliciesSiteDomainOUWindows2000AppliesContinuallyUsersComputersAdministratorSetsGroupPolicyOnceGroupPolicyGroupPolicyStructureTypesofGroupPolicySettingsGroupPolicyObjectsGroupPolicySettingsforComputersandUsersGroupPolicyObjectsandActiveDirectoryContainersTypesofGroupPolicySettingsTypesofGroupPolicySettingsAdministrativeTemplatesRegistry-basedGroupPolicysettingsSecuritySettingsforlocal,domain,andnetworksecuritySoftwareInstallationSettingsforcentralmanagementofsoftwareinstallationScriptsStartup,shutdown,logon,andlogoffscriptsRemoteInstallationServicesSettingsthatcontroltheoptionsavailabletouserswhenrunningtheClientInstallationwizardusedbyRISInternetExplorerMaintenanceSettingstoadministerandcustomizeMicrosoftInternetExploreronWindows2000–basedcomputersFolderRedirectionSettingsforstoringofusers’foldersonanetworkserverGroupPolicyObjectsGroupPolicyObjectContainsGroupPolicysettingsContentstoredintwolocationsLocatedindomaincontrollersharedSysvolfolderProvidesGroupPolicysettingsthatcomputersrunningWindows2000obtainandapplyLocatedinActiveDirectoryProvidesversioninformationusedbydomaincontrollersGroupPolicyTemplate(GPT)GroupPolicyContainer(GPC)GroupPolicySettingsforComputersandUsersGroupPolicySettingsforComputers:Specifyoperatingsystembehavior,desktopbehavior,securitysettings,computerstartupandshutdownscripts,computer-assignedapplicationoptions,andapplicationsettingsApplywhentheoperatingsysteminitializesandduringtheperiodicrefreshcycleGroupPolicySettingsforUsers:Specifyoperatingsystembehavior,desktopsettings,securitysettings,assignedandpublishedapplicationoptions,applicationsettings,folderredirectionoptions,anduserlogonandlogoffscriptsApplywhenuserslogontothecomputerandduringtheperiodicrefreshcycleUsersComputersGroupPolicyObjectsandActiveDirectoryContainersGPOSettingsAffectUserandComputerObjectsWithinSites,Domains,andOUstoWhichaGPOIsLinkedYoucanlinkoneGPOtomultiplesites,domains,orOUsYoucanlinkmultipleGPOstoonesite,domain,orOUYouCannotLinkGPOstoDefaultActiveDirectoryContainersSiteDomainOUOUOUOUGPOOUGPOSiteGPODomainGPOWorkingwithGroupPolicyObjectsCreatingLinkedGroupPolicyObjectsCreatingUnlinkedGroupPolicyObjectsLinkinganExistingGroupPolicyObjectSpecifyingaDomainControllerforManagingGroupPolicyObjectsCreatingLinkedGroupPolicyObjectsToApplyGroupPolicytoaContainer,CreateaGPOLinkedtotheContainer:CreateGPOslinkedtodomainsandOUsbyusingActiveDirectoryUsersandComputersCreateGPOslinkedtositesbyusingActiveDirectorySitesandServicescontoso.msftPropertiesGeneralManagedByObjectSecurityGroupPolicyCurrentGroupPolicyObjectLinksforcontoso.msftGroupPolicyObjectLinksNoOverrideDisabledDefaultDomainPolicyAccountLockoutPolicyPasswordsPolicyGroupPolicyObjectshigherinthelisthavethehighestpriority.Thislistobtainedfrom:London.contoso.msftNewOptions...Add...Delete...EditPropertiesUpDownBlockPolicyinheritanceCloseCancelApplyTocreateaGPONameoflinkedGPOCreatingUnlinkedGroupPolicyObjectsSelectGroupPolicyObjectLocalComputerBrowse…AllowthefocusoftheGroupPolicySnap-intobechangedwhenlaunchingfromthecommandline.Thisonlyappliesifyousavetheconsole.ViewArrangeIconsLineupIconsRefreshNewTocreateanunlinkedGPOBrowseforaGroupPolicyObjectDomains/OUsSitesComputersAllLookin:contoso.msftAllGroupPolicyObjectsstoredinthisdomain:NameApplicationDeploymentDefaultDomainControllersPolicyDefaultDomainPolicyNewGroupPolicyObjectNewGroupPolicyObjectNewGroupPolicyObjectNewGroupPolicyObjectTestLinkinganExistingGroupPolicyObjectcontoso.msftPropertiesGeneralManagedByObjectSecurityGroupPolicyCurrentGroupPolicyObjectLinksforcontoso.msftGroupPolicyObjectLinksNoOverrideDisabledDefaultDomainPolicyAccountLockoutPolicyPasswordsPolicyGroupPolicyObjectshigherinthelisthavethehighestpriority.Thislistobtainedfrom:London.contoso.msftNewOptions...Add...Delete...EditPropertiesUpDownTolinkanexistingGPOAddaGroupPolicyObjectLinkDomains/OUsSitesAllLookin:GroupPolicyObjectslinkedtothiscontainer:NameDomainDomainControllers.nwtraders.msftAccounting.nwtraders.msftHumanResources.nwtraders.msftDefaultDomainPolicyRedirectMyDocumentPolicyLogonAttemptsPolicyPasswordsPolicyStartMenuPolicyOKCancelcontoso.msftSelectcontainerinwhichGPOresidesSelectGPOtolinkSelectappropriatetabSpecifyingaDomainControllerforManagingGroupPolicyObjectsWhenYouCreateaNewGPOorEditanExistingGPO,byDefault,theDomainControllerThatHoldsthePDCEmulatorRolePerformstheOperationTheOptionsAvailabletoSpecifyaDomainControllerforManagingGPOsInclude:TheonewiththeOperationsMastertokenforthePDCemulatorTheoneusedbytheActiveDirectory