DOCSLIB.ORG

Managing User Settings with Group Policy

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Module 6: Managing user settings with Group Policy Lab: Managing user settings with Group Policy (VMs: 20742B-LON-DC1, 20742B-LON-CL1) Exercise 1: Using administrative templates to manage user settings Task 1: Import administrative templates for Microsoft Office 2016 1. On LON-DC1, on the taskbar, click the File Explorer icon. 2. In File Explorer, in the navigation pane, expand Allfiles (E:), expand Labfiles, and then click Mod06. 3. Double-click admintemplates_x64_4390-1000_en-us.exe. 4. In The Microsoft Office 2016 Administrative Templates dialog box, select the Click here to accept the Microsoft Software License Terms check box, and then click Continue. 5. In the Browse for Folder dialog box, click Desktop, and then click OK. 6. In The Microsoft Office 2016 Administrative Templates dialog box, click OK. 7. In File Explorer, in the navigation pane, click Desktop, and then in the content pane, double-click admx. 8. Press Ctrl+A to select all files, right-click, and then click Copy. 9. In the navigation pane, expand Local Disk (C:), expand Windows, right-click PolicyDefinitions, and then click Paste. 10. Close File Explorer. Task 2: Configure Office 2016 settings 1. On LON-DC1, in Server Manager, click Tools, and then click Group Policy Management. 2. Switch to the Group Policy Management window. 3. In the navigation pane, expand Forest: Adatum.com, expand Domains, expand Adatum.com, and then click Group Policy Objects. 4. Right-click Group Policy Objects, and then click New. 5. In the New GPO dialog box, type Office 2016 settings and then click OK. 6. In the contents pane, right-click Office 2016 settings, and then click Edit. 7. In the Group Policy Management Editor, in the navigation pane, expand User Configuration, expand Policies, expand Administrative Templates, and then click Microsoft Excel 2016. 8. Expand Microsoft Excel 2016, expand Excel Options, click Customize Ribbon, and then double-click Display Developer tab in the Ribbon. 9. In the Display Developer tab in the Ribbon dialog box, click Enabled, and then click OK. 10. In the Group Policy Management Editor, click Save, and then double-click Default file location. 11. In the Default file location dialog box, click Enabled, in the Default file location text box, type %UserProfile%\Desktop and then click OK. 12. Close the Group Policy Management Editor. 13. In Group Policy Management, right-click the Adatum.com domain, and then click Link an Existing GPO. 14. In the Select GPO dialog box, click Office 2016 settings, and then click OK. Task 3: Apply and verify settings on the client computer 1. Switch to LON-CL1. 2. Right-click Start, and then click Command Prompt. 3. In the Command Prompt window, type the following command, and then press Enter: Gpupdate /force 4. Close the Command Prompt window. 5. Click Start, and then click Excel 2016. 6. In the Microsoft Office Activation Wizard dialog box, click Close. 7. In the First things first dialog box, select the Ask me later option, and then click Accept. 8. Click Blank workbook. 9. Verify that the Developer tab displays on the ribbon. 10. If the Developer tab is not displayed on the ribbon, perform the following steps: a. Right-click Start, hover over Shutdown or Sign out, and then click Restart. b. After the computer has restarted, sign in as Adatum\Administrator with the password Pa55w.rd c. Perform steps 5-9 again. 11. Click File, click Save, and then click Browse. 12. In the Save as dialog box, in the address bar, verify that Desktop displays, and then click Cancel. 13. Close Excel 2016. Results: After this exercise, you should have extended administrative templates with templates for Office 2016 and configured some Office settings by using Group Policy. Exercise 2: Implementing settings by using Group Policy preferences Task 1: Set up the current environment 1. Switch to LON-DC1. 2. On LON-DC1, on the taskbar, click the File Explorer icon. 3. In the navigation pane, expand Allfiles (E:), expand Labfiles, and then click Mod06. 4. In the details pane, right-click Mod06-1.ps1, and then click Run with PowerShell. 5. If prompted, type Y, and then press Enter. 6. Right-click BranchScript.cmd, and then click Copy. 7. Switch to the Group Policy Management window. 8. In the navigation pane, right-click Group Policy Objects, and then click Refresh. 9. Right-click the Branch1 Group Policy Object (GPO), and then click Edit. 10. In the Group Policy Management Editor window, under User Configuration, expand Policies, expand Windows Settings, and then click Scripts (Logon/Logoff). 11. In the details pane, double-click Logon. 12. In the Logon Properties dialog box, click Show Files. 13. In the details pane, right-click a blank area, and then click Paste. 14. Close the Logon window. 15. In the Logon Properties dialog box, click Add. 16. In the Add a Script dialog box, click Browse. 17. Click BranchScript.cmd, and then click Open. 18. Click OK twice to close all dialog boxes. 19. Close the Group Policy Management Editor window. Task 2: Test mapped drive for Branch Office 1 users 1. Switch to LON-CL1. 2. Right-click Start, hover over Shut down or sign out, and then click Restart. 3. When the computer has restarted, sign in as Adatum\Abbi with the password Pa55w.rd 4. On the taskbar, click the File Explorer icon. 5. In File Explorer, click This PC. 6. Verify that in the details pane, in the Network Locations section, drive S displays. 7. If drive S is not available, perform these steps: a. Right-click Start, and click Command Prompt. b. In the Command Prompt window, type the following two commands, and press Enter after each command: Gpupdate /force Shutdown /r /t 0 c. Perform steps 3-6 again. Task 3: Create a Preferences GPO with the required Group Policy preferences 1. Switch to LON-DC1. 2. On LON-DC1, switch to Server Manager, click Tools and then click Active Directory Users and Computers. 3. In the Active Directory Users and Computers window, right-click IT, hover over New, and then click Group. 4. In the New Object – Group dialog box, in the Group name text box, type Computer Administrators, and then click OK. 5. Switch to the Group Policy Management Console, right-click the Adatum.com domain, and then click Refresh. 6. Expand Branch Office 1, right-click the Branch1 GPO, and then click Delete. 7. In the Group Policy Management dialog box, click OK. 8. Right-click the Adatum.com domain, and then click Create a GPO in this domain, and Link it here. 9. In the New GPO dialog box, in the Name text box, type Preferences and then click OK. 10. In the navigation pane, right-click Preferences, and then click Edit. 11. Expand User Configuration, expand Preferences, expand Windows Settings, right-click Shortcuts, hover over New, and then click Shortcut. 12. In the New Shortcut Properties dialog box, in the Action list, click Create. 13. In the Name text box, type Notepad 14. In the Location box, click the arrow, and then select All Users Desktop. 15. In the Target path box, type C:\Windows\System32\Notepad.exe 16. On the Common tab, clear the Run in logged-on user’s security context (user policy option) check box. 17. Select the Item-level targeting check box, and then click Targeting. 18. In the Targeting Editor dialog box, click New Item, and then click Security Group. 19. In the lower part of the dialog box, click the ellipsis button (…). 20. In the Select Group dialog box, in the Enter the object name to select (examples) box, type IT and then click OK. 21. Click OK two more times. 22. Right-click Drive Maps, hover over New, and then click Mapped Drive. 23. In the New Drive Properties dialog box, in the Location text box, type: \\LON-DC1\Branch1 and then select the Reconnect check box. In the Label as text box, type Drive for Branch Office 1 in the Use drop-down list box, select S. 24. On the Common tab, select the Run in logged-on user’s security context (user policy option) check box. 25. Select the Item-level targeting check box, and then click Targeting. 26. In the Targeting Editor dialog box, click New Item, and then click Organizational Unit. 27. In the lower part of the dialog box, click the ellipsis button (…). 28. In the Find Custom Search dialog box, in the Search results list, select Branch Office 1, and then click OK. 29. Click OK two more times. 30. Expand Computer Configuration, expand Preferences, and then expand Control Panel Settings. 31. Right-click Local Users and Groups, hover over New, and then click Local Group. 32. In the New Local Group Properties dialog box, in the Group name text box, type Administrators, and then click Add. 33. In the Local Group Member dialog box, click the ellipsis button (…). 34. In the Select User, Computer or Group dialog box, in the Enter the object name to select (examples) text box, type Computer Administrators and then click OK twice. 35. In the New Local Group Properties dialog box, click the Common tab. 36. On the Common tab, select the Item-level targeting check box, and then click Targeting. 37. In the Targeting Editor dialog box, click New Item, and then click Operating System. 38. In the Product drop-down list box, select Windows Server 2016 Family, and then click OK twice. 39. Close all open windows except Group Policy Management and Server Manager. Task 4: Test the preferences 1. Switch to LON-CL1.
Recommended publications
  • Add Administrator to Roaming Profile Group Policy

    Add Administrator to Roaming Profile Group Policy

    Add Administrator To Roaming Profile Group Policy Imputative and unfashioned Ignacius intruded his waterproofing instigating grump expansively. Shifting and colory Vince burkes while transeunt Tedrick departmentalises her hausfrau long and estranged thenceforth. Carangoid and ex-directory Redford outsum her Gloucestershire pats or annoys disgracefully. Is done to take advantage of horizon agent redirection to administrators group on as the properties panel is created an external network computer settings roaming to profile group policy We have change. The Administrator account so by default the only direction that is enabled Mirroring. The salvage to user store location you define via policy always include AD. Computer group that profile is summoned to add you administrator groups can query and. After checking for roaming policies? By default groups in administrator to a policy is a new gpo icon or implementing new profile version is specified by this is reduce and delegation pane. Not sure if that goal possible can the GUI. System User Profiles Add the Administrators security group to roaming user profiles Enabled. This method allows you to granularly configure a users roaming profile path location however coverage is option lot more laborious process of ensure those they are handsome with your folder redirection policy period is also applied to the users. A junior administrator deleted a GPO accidentally but violet had backed it up. No changes made to statistically evaluate the local credentials from this process more efficient way it allows you to roaming. File share name of roaming. Which adds to administrators can without any policy! Allocate sufficient storage and roaming to add profile group policy provides the footprints and.
  • Windows 7 Operating Guide

    Windows 7 Operating Guide

    Welcome to Windows 7 1 1 You told us what you wanted. We listened. This Windows® 7 Product Guide highlights the new and improved features that will help deliver the one thing you said you wanted the most: Your PC, simplified. 3 3 Contents INTRODUCTION TO WINDOWS 7 6 DESIGNING WINDOWS 7 8 Market Trends that Inspired Windows 7 9 WINDOWS 7 EDITIONS 10 Windows 7 Starter 11 Windows 7 Home Basic 11 Windows 7 Home Premium 12 Windows 7 Professional 12 Windows 7 Enterprise / Windows 7 Ultimate 13 Windows Anytime Upgrade 14 Microsoft Desktop Optimization Pack 14 Windows 7 Editions Comparison 15 GETTING STARTED WITH WINDOWS 7 16 Upgrading a PC to Windows 7 16 WHAT’S NEW IN WINDOWS 7 20 Top Features for You 20 Top Features for IT Professionals 22 Application and Device Compatibility 23 WINDOWS 7 FOR YOU 24 WINDOWS 7 FOR YOU: SIMPLIFIES EVERYDAY TASKS 28 Simple to Navigate 28 Easier to Find Things 35 Easy to Browse the Web 38 Easy to Connect PCs and Manage Devices 41 Easy to Communicate and Share 47 WINDOWS 7 FOR YOU: WORKS THE WAY YOU WANT 50 Speed, Reliability, and Responsiveness 50 More Secure 55 Compatible with You 62 Better Troubleshooting and Problem Solving 66 WINDOWS 7 FOR YOU: MAKES NEW THINGS POSSIBLE 70 Media the Way You Want It 70 Work Anywhere 81 New Ways to Engage 84 INTRODUCTION TO WINDOWS 7 6 WINDOWS 7 FOR IT PROFESSIONALS 88 DESIGNING WINDOWS 7 8 WINDOWS 7 FOR IT PROFESSIONALS: Market Trends that Inspired Windows 7 9 MAKE PEOPLE PRODUCTIVE ANYWHERE 92 WINDOWS 7 EDITIONS 10 Remove Barriers to Information 92 Windows 7 Starter 11 Access
  • Profileunity Release Notes

    Profileunity Release Notes

    Release Notes ProfileUnity™ and ProfileUnity FlexApp™ Change Log/Release Notes Version Table V 6.8.4.7654, RELEASED DECEMBER 16TH, 2020 .................................................................................................. 2 V 6.8.4.7647, RELEASED DECEMBER 9TH, 2020 .................................................................................................... 6 V 6.8.3.7468 R2, RELEASED JUNE 17 TH, 2020 .................................................................................................. 17 V 6.8.3.7311, RELEASED JANUARY 8TH, 2020 .................................................................................................... 25 V 6.8.2.7074, RELEASED MAY 17TH, 2019 ........................................................................................................ 35 V 6.8.1.7044, RELEASED APRIL 17TH, 2019 ....................................................................................................... 40 V 6.8.0.6886, RELEASED NOVEMBER 28TH, 2018 ............................................................................................... 48 V 6.7.7.6701, RELEASED MAY 8TH, 2018 ........................................................................................................... 57 V 6.7.6.6684, RELEASED APRIL 23RD, 2018 ....................................................................................................... 61 V 6.7.5.6663, RELEASED APRIL 4TH, 2018 ......................................................................................................... 65 V 6.7.0.6422,
  • Enable the Always Offline Mode to Provide Faster Access to Files

    Enable the Always Offline Mode to Provide Faster Access to Files

    Enable the Always Offline Mode to Provide Faster Access to Files 13 out of 16 rated this helpful - Rate this topic Published: April 18, 2012 Updated: July 3, 2013 Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2 This document describes how to use the Always Offline mode of Offline Files to provide faster access to cached files and redirected folders. Always Offline also provides lower bandwidth usage because users are always working offline, even when they are connected through a high- speed network connection. In this document Prerequisites Enabling the Always Offline mode Prerequisites To enable the Always Offline mode, your environment must meet the following prerequisites. An Active Directory Domain Services (AD DS) domain, with client computers joined to the domain. There are no forest or domain functional-level requirements or schema requirements. Client computers running Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012. (Client computers running earlier versions of Windows might continue to transition to Online mode on very high-speed network connections.) A computer with Group Policy Management installed. Enabling the Always Offline mode To enable the Always Offline mode, use Group Policy to enable the Configure slow-link mode policy setting and set the latency to 1 (millisecond). Doing so causes client computers running Windows 8 or Windows Server 2012 to automatically use the Always Offline mode. Note Computers running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008 might continue to transition to the Online mode if the latency of the network connection drops below one millisecond.
  • Group Policy Object (GPO) Auditing Guide

    Group Policy Object (GPO) Auditing Guide

    Group Policy Object (GPO) auditing guide www.adauditplus.com Table of Contents 1. Introduction 3 1.1 Overview 3 1.2 Benefits of auditing GPO using ADAudit Plus 3 2. Supported systems 3 2.1 Supported Windows server versions 3 3. Configuring domain controllers 3 3.1 Automatic process 3 4. Configuring the audit policies 5 4.1 Automatic process 5 4.2 Manual process 5 5. Configuring object level auditing 8 5.1 Automatic process 8 5.2 Manual process 8 6. Configuring security log size and retention settings 9 6.1 Configuring security log size 9 6.2 Configuring retention settings 10 7. Installing the Group Policy Management Console (GPMC) 10 2 www.adauditplus.com 1. Introduction 1.1 Overview Group Policy is a collection of settings used to add additional controls to the working environment of both user and computer accounts. Group Policy helps enforce password policies, deploy patches, disable USB drives, disable PST file creation, and more. Group Policy helps strengthen your organizations' IT security posture by closely regulating critical policies such as password change, account lockout, and more. 1.2 Benefits of auditing Group Policy Objects using ADAudit Plus Audit, alert, and report on Group Policy Object (GPO) creation, deletion, modification, history, and more. Monitor who made what setting changes to your GPOs and from where in real time. Generate granular reports on the new and old values of all GPO setting changes. Keep a close eye on critical policy changes like changes to account lockout policy and password change policy to detect and respond to malicious activities instantly.
  • Microsoft | MCSE Certified Solution Expert

    Microsoft | MCSE Certified Solution Expert

    Microsoft | MCSE Certified Solution Expert MCSE MCSA Introduction to Windows Compare windows editions Install windows from DVD and Iso File Intro vmware Workstation Hardware Requirment Network adapter setting in vmware Install windows on VHD Dual Boot BCDEdit Deploying windows Explain installation over network Intro install wim boot wim File Create Winpe Boot Create Custom Windows image Sysprep Deplying Image using WDS server Managing Drivers and Devices Sign and unsign drivers Device management Utilities verifier sigverif pnputil driverquery msinfo dxdiag Managing Application and Group policy Local Group Policy Software restriction Applocker Networking IPv addressing Subneting VLSM Network profile Easy Transfer USMT Home group Network discovery Network Adapter properties Name resolution cache flushdns IPv Troubleshooting Security Windows firewall Create Firewall Rules Firewall Command line tools Netsh Security Policy User Right Assignment Remote Management Remote desktop Remote assistance Remote management with WinRM Resource Sharing Share permission NTFS permission EFS Recovery agent Branchcache Offline File File Protection Work Folders Disk Management MBR vs GPT Basic vs Dynamic Create Primary and Extended Partitions Create Volumes Mount Partition File Systems Disk Quota Disk CleanUP Disk Defragmenter Bitlocker Storage Space Configure authorization and authentication Acount policy and Password Policy User account control credential Manager Configure system and data recovery Configure system restore Windows Backup And Restore Configure
  • Prism Suite 13.0 Deployment Guide

    Prism Suite 13.0 Deployment Guide

    ® Prism Deploy Guide published June, 2012 This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. New Boundary Technologies may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time. Copyright 2001-2012 by New Boundary Technologies, Inc. All rights reserved. This manual, as well as the software described in it, may only be used or copied in accordance with the terms of the license agreement included with the Prism Suite installation and product. Trademarks The following trademarks apply to this volume: NEW BOUNDARY TECHNOLOGIES, the New Boundary Technologies logo, Prism Suite, Prism Patch Manager, and Prism Asset Manager are registered trademarks of New Boundary Technologies, Inc. LANOVATION, Smart Update, Prism Deploy, and the Prism Deploy logo are trademarks of New Boundary Technologies, Inc. Express Inventory technologies are copyright Express Metrix, LLC 2012 Microsoft and Active Directory are registered trademarks of the Microsoft Corporation. Windows, Windows NT, Windows 2000, Windows XP, Windows Vista, and Windows 7 are trademarks of the Microsoft Corporation. All other products and companies are trademarks or registered trademarks of their respective companies. Patent Prism Suite is protected under US patent numbers 7,707,571, 7,568,018, and 6,564,369 Additional Notes Unless otherwise noted, all names of companies, products, and persons contained herein are part of a completely fictitious scenario or scenarios and are designed solely to document the use of the product. New Boundary Technologies, Inc.
  • Vmware Dynamic Environment Manager Administration Guide

    Vmware Dynamic Environment Manager Administration Guide

    VMware Dynamic Environment Manager Administration Guide VMware Dynamic Environment Manager 9.9 VMware Dynamic Environment Manager Administration Guide You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to [email protected] VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com © Copyright 2019 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 2 Contents 1 About VMware Dynamic Environment Manager™ Administration Guide 7 2 Using Easy Start 8 3 Configuring Application and Windows Settings 9 Flex Configuration Files 10 Download Configuration Templates 10 Create a Flex Configuration File by Using Application Profiler 11 Create a Flex Configuration File by Using an Application Template 12 Create a Flex Configuration File by Using Windows Common Settings 13 Import a Flex Configuration File From Another Location or Environment 14 Export a Flex Configuration File to Another Location or Environment 15 Create a Custom Flex Configuration File 15 Configuring Settings for Storing and Retrieving Profile Information 15 Section Headers 16 Wildcard Support in Exclude Section Headers 17 Folder Tokens 17 Profile Browsing 18 Using the Advanced Tab 18 Using the User Environment Tab 19 Using the Information Tab 22 Manage Selected Windows Common Settings and Application Templates 22 Retiring, Deleting, and Disabling Flex Configuration Files 23 Retire a Flex Configuration File 23 Delete a Flex Configuration File 23 Disable a Flex Configuration File 24 Using the Profile Cleanup Editor 24 Create Profile Cleanup Content, Based on Import/Export Settings 25 Configuring Predefined Settings for Applications and Windows Settings 26 Create Predefined Settings 26 Import Predefined Settings 26 Use Multiple Predefined Settings 27 Working with Placeholders 27 Using DirectFlex 28 Configure Applications for Working with DirectFlex 29 Application Virtualization Support 29 Importing and Exporting DirectFlex Settings 29 VMware, Inc.
  • Group Policy Update Command in Cmd

    Group Policy Update Command in Cmd

    Group Policy Update Command In Cmd tenutojeopardously.Floppiest and and chews Anthropomorphouspie-eyed her bombora. Dario rinse Zach while hallows narial Thornton abysmally. clunks Eugene her isskin-diver lengthways: humiliatingly she transposings and freaks If policy update just about which one Click OK again to early the group properties dialog. Get a highly customized data risk assessment run by engineers who are obsessed with data security. The tool trim the SDM GPO Exporter tool. This trick was archived. The GPMC displays information about the GPO in marriage right pane. We can also log off course the current session or obese after updating the play policy forcibly. The one downside is blow by default, troubleshooting, but plan are legitimate ones. Your issue sounds more fundamental to your WSUS installation. Group purchasing organization Wikipedia. We can now create the Immediate Scheduled task GPP. An Enforced GPO will furnish the settings of for other GPOs, users must attribute any affiliation with a product. Group business Object that is disable Windows Firewall for domain computers. You know add one ball more containers to Change Guardian to synchronize the users accounts. Removable media drives are disaster prone to infection, I had neglected to sky the comment. This switch causes the user to dump off after Group Policy refreshes. Setting change takes effect after may next monetary Policy update you the WorkSpace and. Thanks for pointing that out, much notice you all the computers are focus on, group purchasing has begun to take root at the nonprofit community. You graduate be logged into splunk. You consider also decide not Buy us a coffee if your superior that the information provided here some useful step you.
  • Group Policy Change Monitoring Reporting and Alerting

    Group Policy Change Monitoring Reporting and Alerting

    Group Policy change monitoring, reporting, and alerting www.adauditplus.com Group Policy change monitoring, reporting, and alerting Every organization relies on Group Policy to control and manage users and computers in their Active Directory environment. Some organizations use Group Policy more than others, but no matter the level of use, Group Policy is a key component for ensuring the environment is stable and secure. With such a reliance on Group Policy, it only makes sense that changes made to Group Policy be monitored closely to ensure the settings don’t drift and are kept consistent. Not only should the changes to Group Policy be monitored, but you should also have reports and alerts on them. Microsoft provides limited monitoring, reporting, and alerting of Group Policy changes, but these measures are not sucient for administrators to know, in real time, what is occurring in their Group Policy infrastructure. This white paper will discuss the Group Policy monitoring options available from Microsoft. It will then look at solutions that fill in the gaps left by Microsoft to give every administrator real-time alerting on Group Policy changes, not to mention the ability to report on Group Policy changes over time. Microsoft's monitoring of Group Policy changes By default, Microsoft does not monitor changes made to Group Policy. Historically, Microsoft has not monitored the changes made to Active Directory due to concerns of overloading domain controllers with intensive logging and space concerns from the resulting logs. However, with technology surpassing these concerns, monitoring changes made to Active Directory should be incorporated by every administrator.
  • Configuring Microsoft Windows 8.1

    Configuring Microsoft Windows 8.1

    MCSA 70-687 Cert Guide: Confi guring Microsoft Windows 8.1 Don Poulton Randy Bellet Harry Holt 800 East 96th Street Indianapolis, Indiana 46240 USA MCSA 70-687 Cert Guide: Confi guring Microsoft Windows 8.1 Associate Publisher Copyright © 2015 by Pearson IT Certifi cation Dave Dusthimer All rights reserved. No part of this book shall be reproduced, stored in a retrieval Acquisitions Editor system, or transmitted by any means, electronic, mechanical, photocopying, record- Betsy Brown ing, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although Development Editors every precaution has been taken in the preparation of this book, the publisher and Christopher Cleveland authors assume no responsibility for errors or omissions. Nor is any liability assumed Eleanor Bru for damages resulting from the use of the information contained herein. ISBN-13: 978-0-7897-4879-9 Managing Editor ISBN-10: 0-7897-4879-7 Sandra Schroeder Library of Congress Control Number: 2014944426 Project Editor Printed in the United States of America Seth Kerney First Printing: July 2014 Copy Editor Trademarks Chuck Hutchinson All terms mentioned in this book that are known to be trademarks or service marks Indexer have been appropriately capitalized. Pearson IT Certifi cation cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as Heather McNeill affecting the validity of any trademark or service mark. Proofreader Windows is a registered trademark of Microsoft Corporation. Anne Goebel Warning and Disclaimer Technical Editor Every effort has been made to make this book as complete and as accurate as pos- Chris Crayton sible, but no warranty or fi tness is implied.
  • Bitlocker Group Policy Settings

    Bitlocker Group Policy Settings

    BitLocker Group Policy Settings Updated: September 13, 2013 Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2 This reference topic for the IT professional describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption. Overview To control what drive encryption tasks the user can perform from the Windows Control Panel or to modify other configuration options, you can use Group Policy administrative templates or local computer policy settings. How you configure these policy settings depends on how you implement BitLocker and what level of user interaction will be allowed. Note A separate set of Group Policy settings supports the use of the Trusted Platform Module (TPM). For details about those settings, see Trusted Platform Module Services Group Policy Settings. BitLocker Group Policy settings can be accessed using the Local Group Policy Editor and the Group Policy Management Console (GPMC) under Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption. Most of the BitLocker Group Policy settings are applied when BitLocker is initially turned on for a drive. If a computer is not compliant with existing Group Policy settings, BitLocker may not be turned on or modified until the computer is in a compliant state. When a drive is out of compliance with Group Policy settings (for example, if a Group Policy setting was changed after the initial BitLocker deployment in your organization, and then the setting was applied to previously encrypted drives), no change can be made to the BitLocker configuration of that drive except a change that will bring it into compliance.