DOCSLIB.ORG

Group Policy Infrastructure

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Group Policy Infrastructure Group Policy Infrastructure Microsoft Corporation Published: April 2003 Updated: November 2004 Abstract Administrators use Group Policy to specify managed configurations for groups of computers and users. Group Policy includes options for registry-based policy settings, security settings, software installation, scripts, folder redirection, Remote Installation Services, and Internet Explorer maintenance. Intended for system administrators, architects, and others who need to create and manage Group Policy settings, this paper explains Group Policy infrastructure and shows how Group Policy Management Console (GPMC), a new MMC snap-in with scripting interfaces, fits into this infrastructure. The paper includes detailed information about Group Policy processing as well as many best practices useful to the Group Policy administrator. Microsoft® Windows® Server 2003 White Paper The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2003 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, IntelliMirror, Jscript, MS-DOS, Visual Basic, Visual C++, Visual Studio, Windows, Windows Media, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Microsoft® Windows® Server 2003 White Paper Contents Introduction...................................................................................................................................... 1 Administrative Requirements for Using Group Policy.................................................................. 1 GPMC System Requirements .................................................................................................. 1 Feedback on this Paper ........................................................................................................... 1 What’s New About Group Policy in Windows Server 2003 ............................................................. 2 Group Policy Management Console ............................................................................................ 2 New policy settings ...................................................................................................................... 2 Administrative Templates Changes ............................................................................................. 3 Command Line Refresh of Policy ................................................................................................ 3 WMI Filtering................................................................................................................................ 3 Tools for Best Practice Organizational Unit Design..................................................................... 3 Forest Trust.................................................................................................................................. 4 Domain Rename .......................................................................................................................... 4 Restore GPOs tool....................................................................................................................... 4 Wireless Support.......................................................................................................................... 4 Software Restriction Policy Settings ............................................................................................ 4 Internet Explorer Enhanced Security Configuration..................................................................... 5 Overview of Group Policy Infrastructure and Mechanics ................................................................ 6 Linking Group Policy Objects to Active Directory Containers...................................................... 6 Group Policy Hierarchy ................................................................................................................ 6 Managing Inheritance of Group Policy......................................................................................... 7 Filtering the Scope of the Group Policy Object............................................................................ 8 Security Filtering....................................................................................................................... 9 WMI Filtering .......................................................................................................................... 10 MMC Snap-in Extension Model ................................................................................................. 11 Group Policy Object Editor Namespace .................................................................................... 12 Computer Configuration and User Configuration................................................................... 12 Extensions to the Group Policy Object Editor ........................................................................ 12 Client-side Extensions to Group Policy .................................................................................. 13 Group Policy Storage ............................................................................................................. 13 Microsoft® Windows® Server 2003 White Paper Migrating GPOs Across Domains.................................................................................................. 15 Migration Tables ........................................................................................................................ 15 GPMC as the Solution for Migrating GPOs............................................................................ 15 Scripting Group Policy Tasks ........................................................................................................ 17 Delegating Group Policy................................................................................................................ 18 Using Security Groups to Delegate Group Policy...................................................................... 18 Managing Group Policy Links for a Site, Domain, or Organizational Unit ............................. 19 Creating GPOs ....................................................................................................................... 19 Editing Group Policy Objects.................................................................................................. 20 Delegating an individual GPO.................................................................................................... 20 Specifying Group Policy to Control the Behavior of MMC extensions....................................... 21 Restricting Access to a List of Permitted Snap-ins ................................................................ 21 Controlling Access to a Snap-in ............................................................................................. 21 Creating Custom Group Policy Object Editor Consoles......................................................... 22 Group Policy Extension Snap-ins.................................................................................................. 23 Administrative Templates........................................................................................................... 23 Handling .adm files in Group Policy Object Editor ................................................................. 24 Handling .adm files in GPMC ................................................................................................. 25 Using Administrative Templates ................................................................................................ 25 New policy settings................................................................................................................. 25 True Policy Settings Compared with Group Policy Preferences............................................ 25 Creating Custom .adm Files................................................................................................... 26 Viewing Group Policy Preferences......................................................................................... 27 Impact of GPO Replication....................................................................................................
Load more

Recommended publications
  • By Sebastiano Vigna and Todd M. Lewis Copyright C 1993-1998 Sebastiano Vigna Copyright C 1999-2021 Todd M
    ne A nice editor Version 3.3.1 by Sebastiano Vigna and Todd M. Lewis Copyright c 1993-1998 Sebastiano Vigna Copyright c 1999-2021 Todd M. Lewis and Sebastiano Vigna Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this manual into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. Chapter 1: Introduction 1 1 Introduction ne is a full screen text editor for UN*X (or, more precisely, for POSIX: see Chapter 7 [Motivations and Design], page 65). I came to the decision to write such an editor after getting completely sick of vi, both from a feature and user interface point of view. I needed an editor that I could use through a telnet connection or a phone line and that wouldn’t fire off a full-blown LITHP1 operating system just to do some editing. A concise overview of the main features follows: • three user interfaces: control keystrokes, command line, and menus; keystrokes and menus are completely configurable; • syntax highlighting; • full support for UTF-8 files, including multiple-column characters; • 64-bit
    [Show full text]
  • Add Administrator to Roaming Profile Group Policy
    Add Administrator To Roaming Profile Group Policy Imputative and unfashioned Ignacius intruded his waterproofing instigating grump expansively. Shifting and colory Vince burkes while transeunt Tedrick departmentalises her hausfrau long and estranged thenceforth. Carangoid and ex-directory Redford outsum her Gloucestershire pats or annoys disgracefully. Is done to take advantage of horizon agent redirection to administrators group on as the properties panel is created an external network computer settings roaming to profile group policy We have change. The Administrator account so by default the only direction that is enabled Mirroring. The salvage to user store location you define via policy always include AD. Computer group that profile is summoned to add you administrator groups can query and. After checking for roaming policies? By default groups in administrator to a policy is a new gpo icon or implementing new profile version is specified by this is reduce and delegation pane. Not sure if that goal possible can the GUI. System User Profiles Add the Administrators security group to roaming user profiles Enabled. This method allows you to granularly configure a users roaming profile path location however coverage is option lot more laborious process of ensure those they are handsome with your folder redirection policy period is also applied to the users. A junior administrator deleted a GPO accidentally but violet had backed it up. No changes made to statistically evaluate the local credentials from this process more efficient way it allows you to roaming. File share name of roaming. Which adds to administrators can without any policy! Allocate sufficient storage and roaming to add profile group policy provides the footprints and.
    [Show full text]
  • Pipe and Filter Architectural Style Group Number: 5 Group Members: Fan Zhao 20571694 Yu Gan 20563500 Yuxiao Yu 20594369
    Pipe and Filter Architectural Style Group Number: 5 Group Members: Fan Zhao 20571694 Yu Gan 20563500 Yuxiao Yu 20594369 1. Have its own vocabulary for its components and connectors? (define) The Pipe and Filter is an architectural pattern for stream processing. It consists of one or more components called filters. These filters will transform or filter ​ ​ data and then pass it on via connectors called pipes. These filters, which merely ​ ​ consume and produce data, can be seen as functions like sorting and counting. All of these filters can work at the same time. Also, every pipe connected to a filter has its own role in the function of the filter. When data is sent from the producer (pump), it ​ ​ goes through the pipes and filters, and arrives the destination (sink). The pump can ​ ​ be a static text file or a keyboard input. The sink can be a file, a database or a computer screen. 2. Impose specific topological constraints? (diagram) Figure 1 shows a basic structure of Pipe and Filter architecture style. In this example, there are five filters and eight pipes. Each filter will get input from one or more pipes and pass it via pipes. The combination of several filters and pipes can be regarded as a “big” filter. Figure 2 is an specific example using Pipe and Filter architecture style. This example demonstrates a simple process of making sandwiches. To begin with, the first 4 filters can work simultaneously for preparation. Once they are done, the 5th filter can get the output and combine them together. Next, a following filter will add sauce to it and pass it to customer through a pipe.
    [Show full text]
  • Digital Filter Graphical User Interface
    University of Southern Maine USM Digital Commons Thinking Matters Symposium Archive Student Scholarship Spring 2018 Digital Filter Graphical User Interface Tony Finn University of Southern Maine Follow this and additional works at: https://digitalcommons.usm.maine.edu/thinking_matters Recommended Citation Finn, Tony, "Digital Filter Graphical User Interface" (2018). Thinking Matters Symposium Archive. 135. https://digitalcommons.usm.maine.edu/thinking_matters/135 This Poster Session is brought to you for free and open access by the Student Scholarship at USM Digital Commons. It has been accepted for inclusion in Thinking Matters Symposium Archive by an authorized administrator of USM Digital Commons. For more information, please contact [email protected]. By Tony Finn Digital Filter Graphical User Interface EGN 402 Fall 2017 Problem Statements - Digital FIR (finite impulse response) filter design Results requires tedious computations, with each requiring Illustrated in Figure 3 is the final design of the user interface, truncation of an impulse response (seen in Figure 1.) one will find buttons to change design type and filter type as - In order to obtain the desired effects from a filter, one well as clickable buttons to give the user feedback or an output. may need to try multiple filters, so many computations - Play Original Audio: emits the input audio as is; unfiltered. would be necessary. - Play Filtered Audio: emits the input audio with the designed Therefore the desire to simplify the digital filter design filter applied. process is necessary to provide users an easier, more intuitive method for design. - Return Filtered Audio: returns the filtered audio. - Print Filter: returns the filter specifications.
    [Show full text]
  • MATLAB Creating Graphical User Interfaces  COPYRIGHT 2000 - 2004 by the Mathworks, Inc
    MATLAB® The Language of Technical Computing Creating Graphical User Interfaces Version 7 How to Contact The MathWorks: www.mathworks.com Web comp.soft-sys.matlab Newsgroup [email protected] Technical support [email protected] Product enhancement suggestions [email protected] Bug reports [email protected] Documentation error reports [email protected] Order status, license renewals, passcodes [email protected] Sales, pricing, and general information 508-647-7000 Phone 508-647-7001 Fax The MathWorks, Inc. Mail 3 Apple Hill Drive Natick, MA 01760-2098 For contact information about worldwide offices, see the MathWorks Web site. MATLAB Creating Graphical User Interfaces COPYRIGHT 2000 - 2004 by The MathWorks, Inc. The software described in this document is furnished under a license agreement. The software may be used or copied only under the terms of the license agreement. No part of this manual may be photocopied or repro- duced in any form without prior written consent from The MathWorks, Inc. FEDERAL ACQUISITION: This provision applies to all acquisitions of the Program and Documentation by, for, or through the federal government of the United States. By accepting delivery of the Program or Documentation, the government hereby agrees that this software or documentation qualifies as commercial computer software or commercial computer software documentation as such terms are used or defined in FAR 12.212, DFARS Part 227.72, and DFARS 252.227-7014. Accordingly, the terms and conditions of this Agreement and only those rights specified in this Agreement, shall pertain to and govern the use, modification, reproduction, release, performance, display, and disclosure of the Program and Documentation by the federal government (or other entity acquiring for or through the federal government) and shall supersede any conflicting contractual terms or conditions.
    [Show full text]
  • Page 1 of 2 KB296944
    KB296944 - HOW TO: Use File Replication Service File and Folder Filters in Windows 2000 Page 1 of 2 Knowledge Base HOW TO: Use File Replication Service File and Folder Filters in Windows 2000 PSS ID Number: 296944 Article Last Modified on 10/28/2003 The information in this article applies to: l Microsoft Windows 2000 Server l Microsoft Windows 2000 Advanced Server This article was previously published under Q296944 IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry IN THIS TASK l SUMMARY l ¡ Overview ¡ Using Dfs File and Folder Filters ¡ Setting the File and Folder Filters on an FRS Replica in Active Directory ¡ n Setting Filters for Sysvol n Setting Filters for Dfs Replicas ¡ Using Registry Entries SUMMARY This article describes how to use file and folder filters for content that is replicated by the File Replication service (FRS). FRS is a multithreaded, multiple-master replication engine that replaces the LAN Manager Replication (LMREPL) service in Microsoft Windows NT versions 3.x and 4.0. Windows 2000-based domain controllers and servers use FRS to replicate system policies and logon scripts for Windows 2000-based and earlier clients. FRS can also replicate content between Windows 2000-based servers that host the same fault-tolerant distributed file system (Dfs) roots or child node replicas.
    [Show full text]
  • Windows Poster 20-12-2013 V3
    Microsoft® Discover the Open Specifications technical documents you need for your interoperability solutions. To obtain these technical documents, go to the Open Specifications Interactive Tiles: open specifications poster © 2012-2014 Microsoft Corporation. All rights reserved. http://msdn.microsoft.com/openspecifications/jj128107 Component Object Model (COM+) Technical Documentation Technical Documentation Presentation Layer Services Technical Documentation Component Object Model Plus (COM+) Event System Protocol Active Directory Protocols Overview Open Data Protocol (OData) Transport Layer Security (TLS) Profile Windows System Overview Component Object Model Plus (COM+) Protocol Active Directory Lightweight Directory Services Schema WCF-Based Encrypted Server Administration and Notification Protocol Session Layer Services Windows Protocols Overview Component Object Model Plus (COM+) Queued Components Protocol Active Directory Schema Attributes A-L Distributed Component Object Model (DCOM) Remote Protocol Windows Overview Application Component Object Model Plus (COM+) Remote Administration Protocol Directory Active Directory Schema Attributes M General HomeGroup Protocol Supplemental Shared Abstract Data Model Elements Component Object Model Plus (COM+) Tracker Service Protocol Active Directory Schema Attributes N-Z Peer Name Resolution Protocol (PNRP) Version 4.0 Windows Data Types Services General Application Services Services Active Directory Schema Classes Services Peer-to-Peer Graphing Protocol Documents Windows Error Codes ASP.NET
    [Show full text]
  • Reference Manual
    Reference Manual Command Line Interface (CLI) HiLCOS Rel. 9.12 RM CLI HiLCOS Technical Support Release 9.12 05/16 https://hirschmann-support.belden.eu.com The naming of copyrighted trademarks in this manual, even when not specially indicated, should not be taken to mean that these names may be considered as free in the sense of the trademark and tradename protection law and hence that they may be freely used by anyone. © 2016 Hirschmann Automation and Control GmbH Manuals and software are protected by copyright. All rights reserved. The copying, reproduction, translation, conversion into any electronic medium or machine scannable form is not permitted, either in whole or in part. An exception is the preparation of a backup copy of the software for your own use. The performance features described here are binding only if they have been expressly agreed when the contract was made. This document was produced by Hirschmann Automation and Control GmbH according to the best of the company's knowledge. Hirschmann reserves the right to change the contents of this document without prior notice. Hirschmann can give no guarantee in respect of the correctness or accuracy of the information in this document. Hirschmann can accept no responsibility for damages, resulting from the use of the network components or the associated operating software. In addition, we refer to the conditions of use specified in the license contract. You can get the latest version of this manual on the Internet at the Hirschmann product site (www.hirschmann.com.) Hirschmann Automation and Control GmbH Stuttgarter Str. 45-51 Germany 72654 Neckartenzlingen Tel.: +49 1805 141538 Rel.
    [Show full text]
  • Group Policy Object (GPO) Auditing Guide
    Group Policy Object (GPO) auditing guide www.adauditplus.com Table of Contents 1. Introduction 3 1.1 Overview 3 1.2 Benefits of auditing GPO using ADAudit Plus 3 2. Supported systems 3 2.1 Supported Windows server versions 3 3. Configuring domain controllers 3 3.1 Automatic process 3 4. Configuring the audit policies 5 4.1 Automatic process 5 4.2 Manual process 5 5. Configuring object level auditing 8 5.1 Automatic process 8 5.2 Manual process 8 6. Configuring security log size and retention settings 9 6.1 Configuring security log size 9 6.2 Configuring retention settings 10 7. Installing the Group Policy Management Console (GPMC) 10 2 www.adauditplus.com 1. Introduction 1.1 Overview Group Policy is a collection of settings used to add additional controls to the working environment of both user and computer accounts. Group Policy helps enforce password policies, deploy patches, disable USB drives, disable PST file creation, and more. Group Policy helps strengthen your organizations' IT security posture by closely regulating critical policies such as password change, account lockout, and more. 1.2 Benefits of auditing Group Policy Objects using ADAudit Plus Audit, alert, and report on Group Policy Object (GPO) creation, deletion, modification, history, and more. Monitor who made what setting changes to your GPOs and from where in real time. Generate granular reports on the new and old values of all GPO setting changes. Keep a close eye on critical policy changes like changes to account lockout policy and password change policy to detect and respond to malicious activities instantly.
    [Show full text]
  • Windows Server 2008 and Windows Vista Ebook
    ● ● ● ● ● ● ● ● ● ● ● How to access your CD files The print edition of this book includes a CD. To access the CD files, go to http://aka.ms/625143/files, and look for the Downloads tab. Note: Use a desktop web browser, as files may not be accessible from all ereader devices. Questions? Please contact: [email protected] Microsoft Press PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2008 by Derek Melber All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Control Number: 2008920568 Printed and bound in the United States of America. 1 2 3 4 5 6 7 8 9 QWT 3 2 1 0 9 8 Distributed in Canada by H.B. Fenn and Company Ltd. A CIP catalogue record for this book is available from the British Library. Microsoft Press books are available through booksellers and distributors worldwide. For further infor- mation about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to [email protected]. Microsoft, Microsoft Press, Active Desktop, Active Directory, ActiveX, BitLocker, Excel, FrontPage, HotStart, InfoPath, Internet Explorer, NetMeeting, OneNote, Outlook, PowerPoint, SideShow, Visio, Visual Basic, Visual Studio, Windows, Windows Live, Windows Media, Windows NT, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
    [Show full text]
  • Great Lakes Cheat Sheet Less File Prints Content of File Page by Page Guide to General L Inux (Bash) a Nd S Lurm C Ommands Head File Print First 10 Lines of File
    Viewing and editing text files cat file Print entire content of file Great Lakes Cheat Sheet less file Prints content of file page by page Guide to general L inux (Bash) and S lurm c ommands head file Print first 10 lines of file tail file Print last 10 lines of file Accessing Great Lakes nano Simple, easy to use text editor Logging in from a terminal (Duo required) vim Minimalist yet powerful text editor ssh uniqname @greatlakes.arc-ts.umich.edu emacs Extensible and customizable text editor Transferring files between Great Lakes and your system scp input uniqname@ greatlakes-xfer.arc-ts.umich.edu: output Advanced file management scp -r i nput uniqname@ greatlakes-xfer.arc-ts.umich.edu:o utput scp uniqname@ greatlakes-xfer.arc-ts.umich.edu:i nput output chmod Change read/write/execute permissions which cmd List the full file path of a command GUI Clients PuTTY SSH client for Windows whereis cmd List all related file paths (binary, source, manual, etc.) of a command WinSCP SCP client for Windows du dir List size of directory and its subdirectories FileZilla FTP client for Windows, Mac, and Linux find Find file in a directory Basic Linux file management Aliases and system variables man command Display the manual page for command alias Create shortcut to command pwd Print out the present working directory env Lists all environment variables ls List the files in the current directory export var = val Create environment variable $ var with value ls -lh Show long, human-readable listing val ls dir List files inside directory dir echo $var Print the value of variable $var rm file Delete file .bashrc File that defines user aliases and variables mkdir dir Create empty directory called dir Input and output redirection rmdir dir Remove empty directory dir $( command) Runs command first, then inserts output to the rm -r dir Remove directory dir and all contents rest of the overall command cd dir Change working directory to dir < Standard input redirection cd .
    [Show full text]
  • Managing User Settings with Group Policy
    Module 6: Managing user settings with Group Policy Lab: Managing user settings with Group Policy (VMs: 20742B-LON-DC1, 20742B-LON-CL1) Exercise 1: Using administrative templates to manage user settings Task 1: Import administrative templates for Microsoft Office 2016 1. On LON-DC1, on the taskbar, click the File Explorer icon. 2. In File Explorer, in the navigation pane, expand Allfiles (E:), expand Labfiles, and then click Mod06. 3. Double-click admintemplates_x64_4390-1000_en-us.exe. 4. In The Microsoft Office 2016 Administrative Templates dialog box, select the Click here to accept the Microsoft Software License Terms check box, and then click Continue. 5. In the Browse for Folder dialog box, click Desktop, and then click OK. 6. In The Microsoft Office 2016 Administrative Templates dialog box, click OK. 7. In File Explorer, in the navigation pane, click Desktop, and then in the content pane, double-click admx. 8. Press Ctrl+A to select all files, right-click, and then click Copy. 9. In the navigation pane, expand Local Disk (C:), expand Windows, right-click PolicyDefinitions, and then click Paste. 10. Close File Explorer. Task 2: Configure Office 2016 settings 1. On LON-DC1, in Server Manager, click Tools, and then click Group Policy Management. 2. Switch to the Group Policy Management window. 3. In the navigation pane, expand Forest: Adatum.com, expand Domains, expand Adatum.com, and then click Group Policy Objects. 4. Right-click Group Policy Objects, and then click New. 5. In the New GPO dialog box, type Office 2016 settings and then click OK. 6. In the contents pane, right-click Office 2016 settings, and then click Edit.
    [Show full text]