Wednesday, October 13, 2010

Group Policy

It is a feature of 2000&03 with which an administrator can have full control on users and computers. Using group policy we can implement security, policies, software deployment, folder redirection, Internet explorer maintenance.
 Group policies enable the users either to access or to be denied of an object. Group policy can be implemented on computers &users.
 Group Policy Object (GPO) :
 GPO defines polices implemental for the objects. One group policy object can be linked with multiple objects like site, domains, DCs, OUs, etc… The order in which the group policy is applied. When user logs in
 Computer policy
 Eg: no shut down, no time setting
User profile
Eg. Local, roaming, mandatory
 User policy (local computer) 
 Site
Domain
OU
 Implementing group policy on OU: 
Aim: Deny accessing Control Panel

On DC
Open ADUC
Create an OU
Create user within the OU
Right click >properties
Group policy> new>
Specify GPO name
Edit
Expand user configuration
Select administrative templates
Control panel
Double click “prohibit access to control panel”
Select enable
Apply – ok
 Policy inheritance:

If we implement policy on sites it applies to all the domains and OUs within that site. All the domains & OUs within that site inherit policy from its parent.
 Block policy inheritance:

Block policy inheritance is useful for blocking the inheritance of the policy from its parent object
 Note:

1. Useful when we have to perform shorter administrative tasks.
2. When there is conflict between two policies applied to the same object. Implementing block policy inheritance:
 On DC
Open ADUCcreate an OU and a child OU within it.
Create a user a/c in child OU
On the parent OU deny control panel
Select child OU > properties
Group policy
Check the box block policy inheritance
 Verification 
 Move client machine log in as user, we have created in child OU.
We should notice control panel.
 No override: 
It is an option available from group policy useful when we want to override all the policies implemented on the child objects
 Implementing override 
 On DC
Open ADUC
Select the parent OU
We have created
Properties
Group policy
Options select no over ride
Note: No over ride is opposite to block policy inheritance; Important group policies
 User configuration
Administration templates
Windows components
Windows explorer

-Prevent access to drive
-No entire network
-Remove map drive

Under user configuration
Administrative templates
Expand system
-Run only allowed windows applications
-Do not run specified applications Group policies are of two types. 
 1. Computer configuration 
 1 Software settings
2 Windows settings
3 Security settings
 2. User configuration 
 4 Software setting
5 Windows setting
6 Administrative templates
Posted by Saikiran at 4:09 AM

1 comment:

  1. AnonymousJuly 4, 2012 at 3:50 AM

    It's easy to understan... thanku.........

    ReplyDelete

Subscribe to: Post Comments (Atom)