Friday, August 9, 2013

Group Policy – Active Directory

Group policy is Centralized management tool that helps us do many tasks to many computers in Active Directory Envornmant like security issues, software deployment and many more.

What is using for..?
          First we can deploy scripts to all clients- for example we can deploy script that add network folders to users when they log on to their computer.
·      
Controls what users can and can't do on a computer network – here we can specify the limits for users- let’s say that we want to create hardening on our network ,with GPO we can limits users to gain access to network resources and many more useful things.

          We can deeply software to clients computer in few single steps – let’s say you need to deploy office2007 to 100 clients, all you need to do is to create policy that install the software and save you the time to pass one by one  computer .

Note!
We can deploy policy in two different ways:
              -        We can create policy to computers.
              -        We can deploy policy to users.

How we manage group policy deployment..?
The easiest way to work with group policy is to download GPMC (“Group Policy Management Console”),
We can download it from Microsoft site at the following link:
After you download it simply install it by Microsoft directions.

What is Loopback option..?
Group policy can be applied both to users and computers the policy usually deploy by the object location in our Active Directory Infrastructure. But sometimes we want to apply to users based only on the Computer location in our environment, in other words Loopback policy will be applied on the physical computer of the user no matter what policy he takes from another AD policy.

To create Loopback policy that applied to user based on the physical computer, follow:

Note!
After we enabled Loopback, we direct the system to apply few GPO’S for the computer that user logs on.

          1        Open Group Policy Microsoft Management Console (MMC) Snap-In.
          2        Open Computer Configuration.
          3        Search for Administrative Templates.
          4        Click System.
          5        Click Group Policy.
          6        Now Enabled Loopback Policy.

Note!
To use Loopback option all the objects that we want to apply the policy for need to be in Active – Directory.

What is Wmi Filters …?
WMI Filters are a way to fine tune the application of GPOs. Evaluated at the time of a Group Policy refresh at the client. If any of these queries return a result (essentially meaning they evaluate to true) then the WMI filter is considered to evaluate to true and the GPO to which it is linked is applied. If the WQL queries do not return anything in the result set then the GPO is not applied.
In other words, we can set criteria to apply policies, let give an Example:
If you want to deploy Office 2007 and you already have clients computers installed with office2007, so you can specify the software deployment to all clients (Include the one with office2007) and crate filter that apply the policy only if the client computer doesn’t have office 2007.

What is AdmFile….?
Although the Group Policy is a wonderful tool it’s have limits, the ADM files help us to resolve that problem. For example we can download ADM file with restrictions regards only to office 2007.
So to start working with ADM files we first need to download it from the following address

Now all you need to do is to search the ADM that you want to use to apply your policies on users. 

No comments:

Post a Comment

My Presentations