Windows Server Administration/Group Policy
Appearance
This lesson covers Group Policy. Activities include creating and testing Group Policy objects.
Objectives and Skills
[edit | edit source]Objectives and skills for the Understanding Active Directory portion of Windows Server Administration Fundamentals certification include:[1]
- Understand group policy: group policy processing; Group Policy Management Console; computer policies; user policies; local policies
Readings
[edit | edit source]- Wikipedia: Group Policy
- What is Group Policy and How Does it work?
- Wikipedia: Folder redirection
- Using Folder Redirection in Group Policy
- Configure folder redirection to OneDrive
- Wikipedia: Roaming user profile
- Deploying Roaming User Profiles
Multimedia
[edit | edit source]- YouTube: Introduction to Group Policy in Windows Server 2016
- YouTube: Group Policy (Part 2 of 4) - Group Policy Desktop Settings
- YouTube: How to Deploy Software (MSI Packages) Via Group Policy (GPO) | Windows Server 2019
- YouTube: How to Enable Roaming User Profiles on Windows Server 2019
- YouTube: Deploy Folder Redirection in Windows Server 2019
- YouTube: How To Map Network Drives Using Logon Script GPO in Windows Server 2019
- YouTube: How to change screensaver and timeouts in Group Policy Windows Server 2019
Activities
[edit | edit source]- Review Wikipedia: Group Policy and Password Policy in the Default Domain Policy. Configure essential security settings, including Password Policy and Account Lockout Policy.
- Review Step by Step How to Configure Folder Redirection in Windows Server 2016. Configure and test folder redirection.
- Review How to Configure Roaming Profile in Windows Environment Step by Step Procedures Configure and test roaming user profiles. Compare and contrast roaming user profiles with folder redirection.
Lesson Summary
[edit | edit source]- Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.[2]
- Policy settings are defined separately for computers and for users. Computer policies are processed at computer startup. User policies are processed at user logon.[3]
- Group Policy objects are processed in the following order: local, site, domain, then organizational unit (OU). Policy settings are inherited from one level to the next unless overridden.[4]
- Policy inheritance can be blocked at a lower level. But higher level policies can be set as enforced, preventing both the blocking of inheritance and override.[5]
- Group Policy objects are created and maintained using the Group Policy Management Console.[6]
- Local policies may be set on individual computers using the Microsoft Management Console Local Security Policy snap-in.[7]
- By default, Microsoft Windows refreshes its policy settings every 90 - 120 minutes on workstations and member servers and every five minutes on domain controllers. However, some settings are only applied during startup or user logon.[8]
- Group Policy settings can be refreshed manually using the gpupdate command.[9]
- The gpresult command may be used to display the Resultant Set of Policy (RSoP) settings for a given computer or user.[10]
- Folder Redirection provides the ability to automatically reroute file operations from standard local folders (directories) to storage located elsewhere on a network.[11]
- Folder Redirection allows the saving of user data to centralized network server locations for easier sharing, backup, and recovery.[12]
- Folder Redirection separates user data from profile data, decreasing the amount of time required to log on when profile data is also stored on a server (roaming profile).[13]
- Folder Redirection is most often implemented using Group Policy settings.[14]
- The following user folders may be redirected through Folder Redirection: AppData/Roaming, Contacts, Desktop, Downloads, Favorites, Links, Music, Documents, Pictures, Saved Games, Searches, Start Menu, and Videos..[15]
- Active Directory supports three types of user profiles: local profiles, roaming profiles, and mandatory profiles. Local profiles are created automatically on each computer where a user logs on. Roaming profiles are copied to a server share and downloaded to the local computer when users log on. Mandatory profiles are implemented as read-only roaming profiles.[16]
Key Terms
[edit | edit source]- Windows Management Instrumentation (WMI)
- A set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.[17]
Review Questions
[edit | edit source]Click on a question to see the answer.
-
Group Policy provides _____ of _____, _____, and _____ in an Active Directory environment.Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.
-
Policy settings are defined separately for _____ and for _____. _____ policies are processed at computer startup. _____ policies are processed at user logon.Policy settings are defined separately for computers and for users. Computer policies are processed at computer startup. User policies are processed at user logon.
-
Group Policy objects are processed in the following order: _____, _____, _____, then _____. Policy settings are inherited from one level to the next unless overridden.Group Policy objects are processed in the following order: local, site, domain, then organizational unit (OU). Policy settings are inherited from one level to the next unless overridden.
-
Policy inheritance can be _____ at a lower level. But higher level policies can be set as _____, preventing both the _____ of inheritance and _____.Policy inheritance can be blocked at a lower level. But higher level policies can be set as enforced, preventing both the blocking of inheritance and override.
-
Group Policy objects are created and maintained using the _____.Group Policy objects are created and maintained using the Group Policy Management Console.
-
Local policies may be set on individual computers using the _____.Local policies may be set on individual computers using the Microsoft Management Console Local Security Policy snap-in.
-
By default, Microsoft Windows refreshes its policy settings every _____ minutes on workstations and member servers and every _____ minutes on domain controllers. However, some settings are only applied during _____ or _____.By default, Microsoft Windows refreshes its policy settings every 90 - 120 minutes on workstations and member servers and every five minutes on domain controllers. However, some settings are only applied during startup or user logon.
-
Group Policy settings can be refreshed manually using the _____ command.Group Policy settings can be refreshed manually using the gpupdate command.
-
The _____ command may be used to display the Resultant Set of Policy (RSoP) settings for a given _____ or _____.The gpresult command may be used to display the Resultant Set of Policy (RSoP) settings for a given computer or user.
-
Folder Redirection provides the ability to automatically _____ file operations from _____ to _____.Folder Redirection provides the ability to automatically reroute file operations from standard local folders (directories) to storage located elsewhere on a network.
-
Folder Redirection allows the saving of user data to _____ for easier _____, _____, and _____.Folder Redirection allows the saving of user data to centralized network server locations for easier sharing, backup, and recovery.
-
Folder Redirection separates _____ data from _____ data, decreasing the amount of time required to log on when _____ data is also stored on a server.Folder Redirection separates user data from profile data, decreasing the amount of time required to log on when profile data is also stored on a server (roaming profile).
-
Folder Redirection is most often implemented using _____.Folder Redirection is most often implemented using Group Policy settings.
-
The following user folders may be redirected through Folder Redirection: _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, and _____.The following user folders may be redirected through Folder Redirection: AppData/Roaming, Contacts, Desktop, Downloads, Favorites, Links, Music, Documents, Pictures, Saved Games, Searches, Start Menu, and Videos.
-
Active Directory supports three types of user profiles: _____ profiles, _____ profiles, and _____ profiles. _____ profiles are created automatically on each computer where a user logs on. _____ profiles are copied to a server share and downloaded to the local computer when users log on. _____ profiles are implemented as _____ profiles.Active Directory supports three types of user profiles: local profiles, roaming profiles, and mandatory profiles. Local profiles are created automatically on each computer where a user logs on. Roaming profiles are copied to a server share and downloaded to the local computer when users log on. Mandatory profiles are implemented as read-only roaming profiles.
Flashcards
[edit | edit source]References
[edit | edit source]- ↑ Microsoft: Windows Server Administration Fundamentals Exam Details
- ↑ Wikipedia: Group Policy
- ↑ Group Policy Processing and Precedence
- ↑ Wikipedia: Group Policy
- ↑ Wikipedia: Group Policy
- ↑ Wikipedia: Group Policy
- ↑ Wikipedia: Group Policy
- ↑ Wikipedia: Group Policy
- ↑ Wikipedia: Group Policy
- ↑ Wikipedia: Group Policy
- ↑ Wikipedia: Folder redirection
- ↑ Wikipedia: Folder redirection
- ↑ Wikipedia: Folder redirection
- ↑ Wikipedia: Folder redirection
- ↑ Wikipedia: Folder redirection
- ↑ Wikipedia: Roaming user profile
- ↑ Wikipedia: Windows Management Instrumentation