Windows Server Administration/Group Policy

This lesson covers Group Policy. Activities include creating and testing Group Policy objects.

Objectives and Skills

edit

Objectives and skills for the Understanding Active Directory portion of Windows Server Administration Fundamentals certification include:[1]

  • Understand group policy: group policy processing; Group Policy Management Console; computer policies; user policies; local policies

Readings

edit
  1. Wikipedia: Group Policy
  2. What is Group Policy and How Does it work?
  3. Wikipedia: Folder redirection
  4. Using Folder Redirection in Group Policy
  5. Configure folder redirection to OneDrive
  6. Wikipedia: Roaming user profile
  7. Deploying Roaming User Profiles

Multimedia

edit
  1. YouTube: Introduction to Group Policy in Windows Server 2016
  2. YouTube: Group Policy (Part 2 of 4) - Group Policy Desktop Settings
  3. YouTube: How to Deploy Software (MSI Packages) Via Group Policy (GPO) | Windows Server 2019
  4. YouTube: How to Enable Roaming User Profiles on Windows Server 2019
  5. YouTube: Deploy Folder Redirection in Windows Server 2019
  6. YouTube: How To Map Network Drives Using Logon Script GPO in Windows Server 2019
  7. YouTube: How to change screensaver and timeouts in Group Policy Windows Server 2019

Activities

edit
  1. Review Wikipedia: Group Policy and Password Policy in the Default Domain Policy. Configure essential security settings, including Password Policy and Account Lockout Policy.
  2. Review Step by Step How to Configure Folder Redirection in Windows Server 2016. Configure and test folder redirection.
  3. Review How to Configure Roaming Profile in Windows Environment Step by Step Procedures Configure and test roaming user profiles. Compare and contrast roaming user profiles with folder redirection.

Lesson Summary

edit
  • Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.[2]
  • Policy settings are defined separately for computers and for users. Computer policies are processed at computer startup. User policies are processed at user logon.[3]
  • Group Policy objects are processed in the following order: local, site, domain, then organizational unit (OU). Policy settings are inherited from one level to the next unless overridden.[4]
  • Policy inheritance can be blocked at a lower level. But higher level policies can be set as enforced, preventing both the blocking of inheritance and override.[5]
  • Group Policy objects are created and maintained using the Group Policy Management Console.[6]
  • Local policies may be set on individual computers using the Microsoft Management Console Local Security Policy snap-in.[7]
  • By default, Microsoft Windows refreshes its policy settings every 90 - 120 minutes on workstations and member servers and every five minutes on domain controllers. However, some settings are only applied during startup or user logon.[8]
  • Group Policy settings can be refreshed manually using the gpupdate command.[9]
  • The gpresult command may be used to display the Resultant Set of Policy (RSoP) settings for a given computer or user.[10]
  • Folder Redirection provides the ability to automatically reroute file operations from standard local folders (directories) to storage located elsewhere on a network.[11]
  • Folder Redirection allows the saving of user data to centralized network server locations for easier sharing, backup, and recovery.[12]
  • Folder Redirection separates user data from profile data, decreasing the amount of time required to log on when profile data is also stored on a server (roaming profile).[13]
  • Folder Redirection is most often implemented using Group Policy settings.[14]
  • The following user folders may be redirected through Folder Redirection: AppData/Roaming, Contacts, Desktop, Downloads, Favorites, Links, Music, Documents, Pictures, Saved Games, Searches, Start Menu, and Videos..[15]
  • Active Directory supports three types of user profiles: local profiles, roaming profiles, and mandatory profiles. Local profiles are created automatically on each computer where a user logs on. Roaming profiles are copied to a server share and downloaded to the local computer when users log on. Mandatory profiles are implemented as read-only roaming profiles.[16]

Key Terms

edit
Windows Management Instrumentation (WMI)
A set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.[17]

Review Questions

edit
Enable JavaScript to hide answers.

Click on a question to see the answer.

  1. Group Policy provides _____ of _____, _____, and _____ in an Active Directory environment.
    Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.
  2. Policy settings are defined separately for _____ and for _____. _____ policies are processed at computer startup. _____ policies are processed at user logon.
    Policy settings are defined separately for computers and for users. Computer policies are processed at computer startup. User policies are processed at user logon.
  3. Group Policy objects are processed in the following order: _____, _____, _____, then _____. Policy settings are inherited from one level to the next unless overridden.
    Group Policy objects are processed in the following order: local, site, domain, then organizational unit (OU). Policy settings are inherited from one level to the next unless overridden.
  4. Policy inheritance can be _____ at a lower level. But higher level policies can be set as _____, preventing both the _____ of inheritance and _____.
    Policy inheritance can be blocked at a lower level. But higher level policies can be set as enforced, preventing both the blocking of inheritance and override.
  5. Group Policy objects are created and maintained using the _____.
    Group Policy objects are created and maintained using the Group Policy Management Console.
  6. Local policies may be set on individual computers using the _____.
    Local policies may be set on individual computers using the Microsoft Management Console Local Security Policy snap-in.
  7. By default, Microsoft Windows refreshes its policy settings every _____ minutes on workstations and member servers and every _____ minutes on domain controllers. However, some settings are only applied during _____ or _____.
    By default, Microsoft Windows refreshes its policy settings every 90 - 120 minutes on workstations and member servers and every five minutes on domain controllers. However, some settings are only applied during startup or user logon.
  8. Group Policy settings can be refreshed manually using the _____ command.
    Group Policy settings can be refreshed manually using the gpupdate command.
  9. The _____ command may be used to display the Resultant Set of Policy (RSoP) settings for a given _____ or _____.
    The gpresult command may be used to display the Resultant Set of Policy (RSoP) settings for a given computer or user.
  10. Folder Redirection provides the ability to automatically _____ file operations from _____ to _____.
    Folder Redirection provides the ability to automatically reroute file operations from standard local folders (directories) to storage located elsewhere on a network.
  11. Folder Redirection allows the saving of user data to _____ for easier _____, _____, and _____.
    Folder Redirection allows the saving of user data to centralized network server locations for easier sharing, backup, and recovery.
  12. Folder Redirection separates _____ data from _____ data, decreasing the amount of time required to log on when _____ data is also stored on a server.
    Folder Redirection separates user data from profile data, decreasing the amount of time required to log on when profile data is also stored on a server (roaming profile).
  13. Folder Redirection is most often implemented using _____.
    Folder Redirection is most often implemented using Group Policy settings.
  14. The following user folders may be redirected through Folder Redirection: _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, and _____.
    The following user folders may be redirected through Folder Redirection: AppData/Roaming, Contacts, Desktop, Downloads, Favorites, Links, Music, Documents, Pictures, Saved Games, Searches, Start Menu, and Videos.
  15. Active Directory supports three types of user profiles: _____ profiles, _____ profiles, and _____ profiles. _____ profiles are created automatically on each computer where a user logs on. _____ profiles are copied to a server share and downloaded to the local computer when users log on. _____ profiles are implemented as _____ profiles.
    Active Directory supports three types of user profiles: local profiles, roaming profiles, and mandatory profiles. Local profiles are created automatically on each computer where a user logs on. Roaming profiles are copied to a server share and downloaded to the local computer when users log on. Mandatory profiles are implemented as read-only roaming profiles.

Flashcards

edit

References

edit
  Type classification: this is a lesson resource.
  Completion status: this resource is considered to be complete.