Windows Server Administration/Group Policy

From Wikiversity
Jump to: navigation, search

This lesson covers Group Policy. Activities include creating and testing Group Policy objects.

Objectives and Skills[edit]

Objectives and skills for the Understanding Active Directory portion of Windows Server Administration Fundamentals certification include:[1]

  • Understand group policy: group policy processing; Group Policy Management Console; computer policies; user policies; local policies

Readings[edit]

  1. Read Wikipedia: Group Policy.
  2. Read Wikipedia: Folder redirection.
  3. Read Wikipedia: Roaming user profile.

Multimedia[edit]

  1. Watch YouTube: Group Policy (Part 1 of 4) - Basic Settings and Auditing.
  2. Watch YouTube: Group Policy (Part 2 of 4) - Group Policy Desktop Settings.
  3. Watch YouTube: Group Policy (Part 3 of 4) - Installing and Restricting Software and Applications.
  4. Watch YouTube: Group Policy (Part 4 of 4) - Scripts, Roaming, Redirection, IE and CP Settings.

Activities[edit]

  1. Review Group Policy. Configure essential security settings.
  2. Review Folder Redirection. Configure and test folder redirection.
  3. Configure and test roaming user profiles. Compare and contrast roaming user profiles with folder redirection.
  4. Use the Discuss page to post comments and questions regarding this lesson.
  5. Review the lesson summary, key terms, review questions and flashcards below.

Lesson Summary[edit]

  • Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.[2]
  • Policy settings are defined separately for computers and for users. Computer policies are processed at computer startup. User policies are processed at user logon.[3]
  • Group Policy objects are processed in the following order: local, site, domain, then organizational unit (OU). Policy settings are inherited from one level to the next unless overridden.[4]
  • Policy inheritance can be blocked at a lower level. But higher level policies can be set as enforced, preventing both the blocking of inheritance and override.[5]
  • Group Policy objects are created and maintained using the Group Policy Management Console.[6]
  • Local policies may be set on individual computers using the Microsoft Management Console Local Security Policy snap-in.[7]
  • By default, Microsoft Windows refreshes its policy settings every 90 - 120 minutes on workstations and member servers and every five minutes on domain controllers. However, some settings are only applied during startup or user logon.[8]
  • Group Policy settings can be refreshed manually using the gpupdate command.[9]
  • The gpresult command may be used to display the Resultant Set of Policy (RSoP) settings for a given computer or user.[10]
  • Folder Redirection provides the ability to automatically reroute file operations from standard local folders (directories) to storage located elsewhere on a network.[11]
  • Folder Redirection allows the saving of user data to centralized network server locations for easier sharing, backup, and recovery.[12]
  • Folder Redirection separates user data from profile data, decreasing the amount of time required to log on when profile data is also stored on a server (roaming profile).[13]
  • Folder Redirection is most often implemented using Group Policy settings.[14]
  • The following user folders may be redirected through Folder Redirection: Application Data, Contacts, Desktop, Downloads, Favorites, Links, Music, My Documents, My Pictures, Saved Games Searches, Start Menu, and Videos.[15]
  • Active Directory supports three types of user profiles: local profiles, roaming profiles, and mandatory profiles. Local profiles are created automatically on each computer where a user logs on. Roaming profiles are copied to a server share and downloaded to the local computer when users log on. Mandatory profiles are implemented as read-only roaming profiles.[16]

Key Terms[edit]

Windows Management Instrumentation (WMI)
A set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.[17]

Review Questions[edit]

Enable JavaScript to hide answers.

Click on a question to see the answer.

1. Group Policy provides _____ of _____, _____, and _____ in an Active Directory environment.
Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.
2. Policy settings are defined separately for _____ and for _____. _____ policies are processed at computer startup. _____ policies are processed at user logon.
Policy settings are defined separately for computers and for users. Computer policies are processed at computer startup. User policies are processed at user logon.
3. Group Policy objects are processed in the following order: _____, _____, _____, then _____. Policy settings are inherited from one level to the next unless overridden.
Group Policy objects are processed in the following order: local, site, domain, then organizational unit (OU). Policy settings are inherited from one level to the next unless overridden.
4. Policy inheritance can be _____ at a lower level. But higher level policies can be set as _____, preventing both the _____ of inheritance and _____.
Policy inheritance can be blocked at a lower level. But higher level policies can be set as enforced, preventing both the blocking of inheritance and override.
5. Group Policy objects are created and maintained using the _____.
Group Policy objects are created and maintained using the Group Policy Management Console.
6. Local policies may be set on individual computers using the _____.
Local policies may be set on individual computers using the Microsoft Management Console Local Security Policy snap-in.
7. By default, Microsoft Windows refreshes its policy settings every _____ minutes on workstations and member servers and every _____ minutes on domain controllers. However, some settings are only applied during _____ or _____.
By default, Microsoft Windows refreshes its policy settings every 90 - 120 minutes on workstations and member servers and every five minutes on domain controllers. However, some settings are only applied during startup or user logon.
8. Group Policy settings can be refreshed manually using the _____ command.
Group Policy settings can be refreshed manually using the gpupdate command.
9. The _____ command may be used to display the Resultant Set of Policy (RSoP) settings for a given _____ or _____.
The gpresult command may be used to display the Resultant Set of Policy (RSoP) settings for a given computer or user.
10. Folder Redirection provides the ability to automatically _____ file operations from _____ to _____.
Folder Redirection provides the ability to automatically reroute file operations from standard local folders (directories) to storage located elsewhere on a network.
11. Folder Redirection allows the saving of user data to _____ for easier _____, _____, and _____.
Folder Redirection allows the saving of user data to centralized network server locations for easier sharing, backup, and recovery.
12. Folder Redirection separates _____ data from _____ data, decreasing the amount of time required to log on when _____ data is also stored on a server.
Folder Redirection separates user data from profile data, decreasing the amount of time required to log on when profile data is also stored on a server (roaming profile).
13. Folder Redirection is most often implemented using _____.
Folder Redirection is most often implemented using Group Policy settings.
14. The following user folders may be redirected through Folder Redirection: _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, and _____.
The following user folders may be redirected through Folder Redirection: Application Data, Contacts, Desktop, Downloads, Favorites, Links, Music, My Documents, My Pictures, Saved Games, Searches, Start Menu, and Videos.
15. Active Directory supports three types of user profiles: _____ profiles, _____ profiles, and _____ profiles. _____ profiles are created automatically on each computer where a user logs on. _____ profiles are copied to a server share and downloaded to the local computer when users log on. _____ profiles are implemented as _____ profiles.
Active Directory supports three types of user profiles: local profiles, roaming profiles, and mandatory profiles. Local profiles are created automatically on each computer where a user logs on. Roaming profiles are copied to a server share and downloaded to the local computer when users log on. Mandatory profiles are implemented as read-only roaming profiles.

Flashcards[edit]

See Also[edit]

References[edit]

Gnome-fs-client.svg Subject classification: this is an information technology resource .
Nuvola apps edu miscellaneous.svg Resource type: this resource is a lesson.
Progress-1000.svg Completion status: this resource is considered to be complete.