CHAPTER 3.5 Flashcards
Group policy is
A collection of configuration settings used to define what a system
will look like and how it will behave for a defined group of users or
computer
Group policy is
Supported on all Windows client running Windows 2000 and later.
Group policy is
used to centrally manage and control users and computer
settings.
Benefits of using group policy
Apply security settings
* Manage desktop and
application settings
* Deploy application
* Configure network
settings
Benefits of
Using Group
Policy
Minimize administration as it can be used to
enforce settings to many users and computers
centrally
* Provide a consistent method to enforce standards
in the work environment.
GPO
A container containing a collection of Group Policy
settings that can be applied to a user, computer or both
Tools to manage GPO
Group Policy Management Console
* Group Policy Management Editor
* PowerShell
Administrative
Templates
Used to configure registry based policy settings.
Group Policy settings
Enforce policy settings by
writing the settings to areas of
the registry that standard users
cannot modify
Group Policy settings
Disable the user interface for
settings that Group Policy is
managing
Group Policy settings
Settings are removed when
GPO is not applied
Group Policy Preference
Are written to the normal locations
in the registry that the application
or operating system feature uses
to store the setting
Group Policy Preferences
Do not cause the application or
operating system feature to
disable the user interface for the
settings they configure
Group Policy Preferences
Settings are not removed when
GPO is no longer applied ( by
default)
Default Domain Policy
Linked to the domain
* Affects all security principles in the domain.
Default Domain Controllers Policy
Linked to the Domain Controllers OU,
* Only affect domain controllers
Computer Configuration
policy settings are applied at system startup
* every 90 minutes (+ 30 min variable)
User Configuration
- policy settings are applied at logon
- every 90 minutes (+30 min variable)
Security settings
refresh at least every 16 hours
Perform Policies refresh manually by using
The Gpupdate command
* The Windows PowerShell cmdlet
GPO Scope
is the collection of users and
computers that will be applied with the settings in
the GPO
Methods to scope a GPO
Link the GPO to container, such as an OU
* Filter by using security settings
Precedence
LocalSiteDomainOU
GPO FILTERING
is used to apply the settings to specific users or
computer
GPO methods
Using security group filtering
* Using Windows Management Instrumentation (WMI) filtering
GPO settings are applied
to a user or computer
under the following
conditions:
Is in the container
where the GPO is
linked.
GPO settings are applied
to a user or computer
under the following
conditions:
have read and apply group policy permission to the gpo
Filtering GPO using WMI Filters
Windows Management
Instrumentation filters enables
GPOs to be applied based on
attributes of the target
computer
Copy
Transfers only the settings of a GPO not its link
Backup
Exports all GPO data saves
the GPT files
Restore
Contents of the GPO are restored
Import
Transfer settings
from a backed-up GPO to an
existing GPO.
Delegating Administration of GPO
Allows the administrative workload to be distributed
across the enterprise
Folder Redirection
A feature that allows folders to be located
on a network server, but appear as if they
are located on the local drive
Folder redirection configuration options:
Use Basic folder redirection when all users
save their files to the same parent
location
Folder redirection configuration options:
Use Advanced folder redirection for folder
location based on group membership
