Home Page Icon
Home Page
Table of Contents for
Mastering Windows Group Policy
Close
Mastering Windows Group Policy
by Jordan Krause
Mastering Windows Group Policy
Title Page
Copyright and Credits
Mastering Windows Group Policy
Contributors
About the author
About the reviewers
Packt is searching for authors like you
About Packt
Why subscribe?
Packt.com
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Group Policy - The Basics
Terminology
What is Group Policy?
Active Directory Group Policy versus Local Group Policy
Local Group Policy
Active Directory Group Policy
What does Group Policy look like?
Requirements for Group Policy
Who can use Group Policy?
Hierarchy of Group Policy processing
Levels of GPO processing
Local Policy
Site-level policies
Domain-level policies
OU-level policies
GPO workflow
Building a lab to test Group Policy today
Domain Controller
Windows 10 Client
Configuring the Windows Server 2016 Domain Controller
Configuring the Windows 10 client
Summary
Group Policy Management Console (GPMC)
Technical requirements
Launching the console locally
Server Manager – the most common way
Microsoft Management Console (MMC) snap-in
Start menu
GPMC.MSC
Accessing Group Policy remotely
Installing the GPMC on another server
RSAT on Windows 10
Exploring the GPMC
Summary
Daily Tasks in Group Policy
Default policies and permissions
Default Domain Policy
Authenticated users
Default Domain Controllers Policy
Permissions
Modifying an existing GPO
Using the newest GPMC
Editing settings inside a GPO
Quickly finding your settings
An annoying Internet Explorer popup
Updating the default password policy
Not configured versus enabled versus disabled
Example – configuring Teredo
Creating a new GPO
Naming your GPOs
Creating the GPO
Configuring the policy to apply a desktop wallpaper
More on GPO links
The difference between GPOs and GPO links
The GPO link warning message
Linking our new GPO
Creating and linking new GPOs at the same time
Linking at the site level
Deleting a GPO link versus deleting a GPO
Deleting a GPO link
Deleting a GPO
Disabling GPO links
Everyday command-line tools
GPUpdate
Background refresh
Foreground refresh
GPUpdate.exe switches
GPResult
Sending the output to a file
Checking GPResult data from a remote machine
Resultant Set of Policy
Summary
Advanced Filtering of Group Policy Objects
Link order precedence
OUs trump domains
Multiple GPOs linked at the same level
Changing the order of link precedence
Seeing the big picture
Blocking GPO inheritance
Enforcing GPOs
Will enforcing GPOs affect GPO precedence?
User settings versus computer settings
Disabling half of a GPO
Exercises with OUs and links
Creating or deleting OUs
OUs inside ADUC
OUs inside GPMC
Default containers that are not OUs
Moving machines from one OU to another
OUs protected from accidental deletion
A warning on cross-domain policy linking
Filtering GPOs with security filters
How to filter a GPO to a particular Active Directory group
Filtering to specific users or computers
Security filtering – permission changes
How to block a GPO from a particular Active Directory group
Filtering GPOs with WMI filters
WMI filters could cause a performance hit
Applying a WMI filter to our GPO
Summary
Deploying Policy Settings
Managed versus unmanaged policies
Administrative Templates
ADMX/ADML files
Self-regulating policies
Special registry keys
Sticky preferences
Unmanaged Policies versus Group Policy Preferences
Preferences can usually be overwritten by a user
Preferences stick around after the GPO is removed
Creating or importing new templates
How can you tell the difference?
Computer configuration policies
Idle-time lockout policy
What about Windows 7?
Launching an application upon login
Configuring certificate auto-enrollment
Startup and shutdown scripts – running scripts at the computer level
Disabling Local Group Policy processing
User configuration policies
Remove the shutdown button
Locking down display settings
Prohibiting access to the Control Panel and Settings
Logon and logoff scripts – running scripts at the user level
Group Policy loopback processing
What's really happening?
Merge mode
Replace mode
How to do it?
Summary
Group Policy Preferences
How is a preference different from a policy setting?
Create, Replace, Update, or Delete
Green and red marks
Green and red lines
How to change them
Green and red circles
Internet Explorer tabs
The Common tab
Stop processing items in this extension if an error occurs
Run in  logged-on user's security context
Remove this item when it is no longer applied
Apply once and do not reapply
Item-level targeting
Implementing Preferences
Modifying the power options
Environment variables
Registry keys
Drive mappings
Creating a printer connection
Forcing an Internet Explorer proxy server
Summary
Group Policy as a Security Mechanism
Password rules and regulations
A plethora of security settings
Windows Firewall with Advanced Security
Location of WFAS policy settings
General settings 
Inbound Rules
Outbound Rules
Connection Security Rules
Forcing Windows Firewall to always be enabled
An aside about WFAS Profiles
Disabling Windows Firewall by policy
Creating a rule to allow inbound traffic
Creating a rule to block outbound traffic
What about conflicting rules?
Configuring GPO to clear local WFAS rules
Manipulating Local Users and Groups
Denying access to Command Prompt
Prohibiting user software-installation
Disabling IPv6 via Group Policy
User Account Control
Configuring UAC via GPO
User Account Control – Behavior of the Elevation Prompt for Administrators in Admin Approval Mode
User Account Control – Behavior of the Elevation Prompt for Standard Users
User Account Control – Detecting Application Installations and Prompting for Elevation
User Account Control – Running All Administrators in Admin Approval Mode
Blocking USB Drives
Summary
Group Policy Maintenance
Documenting Group Policy
Commenting inside GPOs
Generating a GPO report
Searching Group Policy
Searching for GPOs
Filtering settings
Filtering by keywords
Filtering by your own comments
Filtering by settings that have been modified
Clearing the filter
Starter GPOs
Creating a Starter GPO
Editing a Starter GPO
Using a Starter GPO to build finalized GPOs
Backing up and restoring GPOs
Backing up GPOs
Permissions needed to back up a GPO
Backing up a single GPO
Backing up all GPOs at once
Restoring GPOs
Permissions needed to restore an existing GPO
Permissions needed to restore a deleted GPO
Two ways to restore a GPO
Managing backups
Relinking restored GPOs
Exporting and Importing WMI Filters
Implementing ADMX/ADML files
Importing a new ADMX file
The location for placing ADMX files
The location for placing ADML files
The Central Store
Creating the Central Store
Verifying Central Store is working
Importing new ADMX/ADML files into the Central Store
Delegating permissions to manage Group Policy
Delegation to edit GPOs
Delegation to link GPOs
Delegation to create new GPOs
Additional delegation capabilities
Summary
Group Policy Troubleshooting
Troubleshooting tools and procedures
GPUpdate
GPResult and RSOP
RSOP
GPResult
User or computer results – not usually both
GPO permissions
Map out policy settings
Is the GPO disabled?
Watching for inheritance blocking
Looking out for Enforced GPOs
Conflicting settings
Is your operating system supported?
Windows Event Logs
GPO version numbers
Checking Domain Controller synchronization
Version numbers triggering the client
Checking the replication status via GPMC
Detecting slow links
Changing slow-link detection behavior
The trouble with FRS
What's wrong with FRS?
Which one am I running?
Group Policy results wizard
Running the report
Group Policy Modeling
Summary
PowerShell for Group Policy Administration
Importing PowerShell Group Policy modules
PowerShell for GPOs and Links
Creating new GPOs
Deleting GPOs
Linking a GPO
Disabling a GPO Link
Deleting a GPO Link
Creating a new Starter GPO
Enforcing a GPO
Disabling GPO enforcement
Setting inheritance blocking on an OU
Configuring security filtering on a GPO
GPO information and reporting
Viewing information about a GPO
GPO Reports
RSOP data via PowerShell
GPO permissions via PowerShell
Viewing current GPO permissions
Setting GPO permissions
Removing GPO permissions
Using PowerShell to back up and restore GPOs
Backing up a single GPO
Backing up all of the GPOs
Restoring a GPO
Remotely running GPUpdate
Using PowerShell Help
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Title Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset