GPT - Group Policy Templates - The GPT is where the GPO stores the actual settings.

The GPT is located within the Netlogon share on the DCs. Netlogon share - A share located only on Domain Controllers and contains GPOs, scriptsand .POL files for policy of Windows NT/98. The Netlogon share replicates among all DCsin the Domain, and is accessible for read only for the Everyone group, and Full Controlfor the Domain Admins group. The Netlogon's real location is: C:\WINDOWS\SYSVOL\sysvol\domain.com\SCRIPTS When a domain member computer boots up, it finds the DC and looks for the Netlogonshare in it.To see what DC the computer used when it booted, you can go to the Run command andtype % logonserver%\Netlogon . The content of the Netlogon share should be the same onall DCs in the domain. GPO behavior Group Policy is processed in the following order: Local Policy > Site GPO > Domain GPO > OU GPO > Child OU GPO and so on.GPOs inherited from the Active Directory are always stronger than local policy. When youconfigure a Site policy it is being overridden by Domain policy, and Domain policy isbeing overridden by OU policy. If there is an OU under the previous OU, its GPO isstronger the previous one.The rule is simple, as more you get closer to the object that is being configured, the GPOis stronger.What does it mean "stronger"? If you configure a GPO and linke it to "Organization" OU,and in it you configure Printer installation allowed and then at the "Dallas" OU youconfigured other GPO but do not allow printer installation, then the Dallas GPO is morepowerful and the computers in it will not allow installation of printers. The example above is true when you have different GPOs that have similar configuration,configured with opposite settings. When you apply couple of GPOs at different levels andevery GPO

has its own settings, all settings from all GPOs are merged and inherited bythe computers or users. Group Policy sections Each GPO is built from 2 sections: Computer configuration contains the settings that configure the computer priorto the user logon combo-box. User configuration contains the settings that configure the user after the logon.You cannot choose to apply the setting on a single user, all users, includingadministrator, are affected by the settings. Within these two section you can find more sub-folders: Software settings and Windows settings both of computer and user aresettings that configure local DLL files on the machine. Administrative templates are settings that configure the local registry of themachine. You can add more options to administrative templates by right clicking itand choose .ADM files. Many programs that are installed on the computer addtheir .ADM files to %systemroot%\inf folder so you can add them to theAdministrative Templates. You candownload .ADM filesfor the Microsoft operating systems Tools used to configure GPO You can configure GPOs with these set of tools from Microsoft (other 3rd-party tools existbut we will discuss these in a different article): 1. Group Policy Object Editor snap-in in MMC - or - use

gpedit.msc from the Runcommand. 2. Active Directory Users and Computers snap in - or dsa.msc to invoke the GroupPolicy tab on every OU or on the Domain. 3. Active Directory Sites and Services - or dssite.msc to invoke the Group Policytab on a site. 4. Group Policy Management Console - or gpmc.msc - this utility is NOT included inWindows 2003 server and needs to be separately installed. You can download itfromHERE Note that if you'd like to use the GPMC tool on Windows XP, you need to install it oncomputers running Windows XP SP2. Installing it on computers without SP2 will generateerrors due to unsupported and newer .ADM files. GPMC utility - Creating a GPO When you create a GPO it is stored in the GPO container. After creation you should linkthe GPO to an OU that you choose. Linking a GPO To link a GPO simply right click an OU and choose Link an existing GPO or you can createand link a GPO in the same time. You can also drag and drop a GPO from the GroupPolicy Objects folder to the appropriate Site, Domain or OU.When you right-click a link you can: Edit a GPO - This will open the GPO window so you can configure settings. Link/Unlink a GPO - This setting allows you to temporarily disable a link if you need toadd settings to it or if you will activate it later. Enabling/disabling computer or user settings

GPO has computer and user settings but if you create a GPO that contains only computersettings, you might want to disable the user settings in that GPO, this will reduce theamount of settings replicated and can also be used for testing.To disable one of the configurations simply choose the GPO link and go to Details tab: How do I know what are the settings in a GPO? Prior to the use of GPMC, an administrator who wanted to find out which one of thehundreds of settings of a GPO were actually configured - had to open each GPO andmanually comb through each and every node of the GPO sections. Now, with GPMC, youcan simply see what the configurations of any GPO are if you point on that GPO and go tothe Settings tab. There you can use the drop-down menus to see computer or usersettings. Block/Enforce inheritance You can block policy inheritance to an OU if you dont want the settings from upper GPOsto configure your OU.To block GPO inheritance, simply right click your OU and choose "Block Inheritance".Blocking inheritance will block all upper GPOs.In case you need one of the upper GPOs to configure all downstream OUs and overcomeBlock inheritance, use the Enforce option of a link. Enforcing a GPO is a powerful optionand rarely should be used.You can see in this example that when you look at Computers OU, three different GPOsare inherited to it. In this example you can see that choosing "Block inheritance" will reject all upper GPOs. Now, if we configure the "Default domain policy" with the Enforce option, it will overcomethe inheritance blocking. Link order When linking more than one GPO to an OU, there could be a problem when two or moreGPOs have the same settings but with opposite configuration, like, GPO1 have Allowprinter installation among other settings but GPO2 is configured to prevent printerinstallation among other settings. Because the two

GPOs are at the same level, there is alink order which can be changed.The GPO with the lowest link order is processed last, and therefore has the highestprecedence. Security Filtering Filtering let you choose the user, group or computer that the GPO will apply onto. If youconfigured "Computers" OU with a GPO but you only want to configure Win XP stationswith that GPO and exclude Win 2000 stations, you can easily create a group of Win XPcomputers and apply the GPO only to that group.This option save you from creating complicated OU tree with each type of computer in it.A user or a group that you configure in the filtering field have by default the "Read" and"Apply" permission. By default when you create a GPO link, you can see that"Authenticated users" are listed. In the above example, Office 2K3 will be installed on all computers that are part of thetwo listed groups. If we still were using Authenticated users, the installation of the Office suite could havefollowed the user to any computer that he logs onto, like servers or other machines.Using filtering narrows the installation options.If you want to configure these permissions with higher resolution, you can go toDelegation tab and see the permissions. Going to the Advanced Tab will let you configurethe ACL permission with the highest resolution. How the GPO is updated on the computers GPO inherited from AD is refreshed on the computers by several ways: 1. Logon to computer (If the settings are of "user settings" in GPO) 2. Restart of the computer (If the settings are of "computer settings" in GPO) 3. Every 60 to 90 minutes, the computers query their DC for updates. 4.

Manually by using gpupdate command. You can add the /force switch to force allsettings and not only the delta. Note : Windows 2000 doesn't support the Gpupdate command so you need run adifferent command instead: for computer settings. for user settings.In both commands you can use the /enforce that is similar to the /force in gpupdate.If any configuration change requires a logoff or a restart message will appear: You can force logoff or reboot using gpupdate switches. How to check that the GPO was deployed To be sure that GPO was deployed correctly, you can use several ways. The term for theresults is called RSoP Resultant Sets of Policies. 1. Use gpresult command in the command prompt. The default result is for the logged on user on that machine. You can also choose tocheck what is the results for other users on to that machine. If you use /v or /z switchesyou will get very detailed information.You can see what GPOs were applied and what GPOs were filtered out and the reason fornot being deployed. 2. Resultant Set of Policy snap-in in MMC. The snap-in has two modes: Logging mode which tells you what are the real settings that were deployed on themachine

Planning mode which tells you what will be the results if you choose some options. This option is not so compatible because you need to browse in the RSoP data to find thesettings. 1. Group Policy Results in GPMC. This is the most comfortable option that let you check the RSoP data on every computeror user from a central location. This option also displays the summary of the RSoP andDetailed RSoP data in HTML format. In the example above example you can see the summary of applied or non applied GPOsboth of computer and user settings.When looking at the Settings tab we can see what settings did applied on the computerand see which is the "Winning GPO" that actually configured the computer with theparticular setting

Active directory management, NTFS security, disk quota management Deployment of OS via RIS Working knowledge of IIS Server, DHCP Server, DNS Server , Proxy Server on Linux and windows Configure Exchange server 2003 in Small office environment

Managing technical support team which is responsible for infrastructure services on Microsoft Windows technology Creating standard server build Updating servers with latest service packs and hot fixes. Troubleshooting Active Directory replication problems. Creating standard process for group policy deployment Active Directory users and groups management. Implementation and administration of DNS, DHCP and WINS Distribute packages via Group policy across all the desktops and servers Review and remediate software distribution failures and to eliminate the problems that causes those failures. Design and implement a mechanism for handing on-off technical issues to other technical teams for resolution. Creating standard Net-backup policies and taking back-up of the servers. Restoring the data as per the customer request Remote administration of servers for any problem across Fidelity offices related to Microsoft Windows operating system. Technical support of Operating System (Windows NT/2000/2003/2008) Implementation of Windows 2003 domain. Migrating User accounts from windows NT to windows 2008 domain

 Installation and maintenance of Windows NT and 2000/2003/2008 DNS, DDNS, DHCP and WINS Servers for the DOMAIN. Implementing and administration Active Directory services, replication, Trust Relationship and enforcing Domain wide GroupPolicies. Remote Administration using terminal service, VNC, PCAnywhere and Damware Troubleshoot Windows 2003 Servers and streamlining the user policy Managing User accounts using Active Directory Implementation of TCP/IP and related SevicesDHCP/DNS/WINS Responsible for designing, implementing and troubleshooting temporary infrastructures for Live Webcasting Events Configuring Windows 2003 as File, Print and WEB servers. Implementation of name Resolution using WINS and DNS in TCP/IP environment Installing and configuring RAS (Remote Access Services) on Windows 2003 Performance tuning using performance monitor and event viewer to identify and resolve performance bottleneck. Additional Computer Networking Skills

Programming Language: Pascal, Turbo Pascal, C, C++, Java, Java Swing, Python Hardware Tools: Vax, Intel Touchstone Delta, Unix Workstations with numbers of DSP chips with array processors. Operating Systems: Windows9X, Windows2000, Windows ME, Windows XP, Windows Vista, Linux, Unix, MS DOS HTML Editing Tools: Macromedia Dreamweaver, Microsoft FrontPage, Adobe GoLive Graphics Tools: Macromedia Flash, Macromedia Fireworks, Adobe Photoshop, Adobe PageMaker, Adobe Illustrator, 3D Max, Bryce 3D Office Package: Microsoft Word, Microsoft Excel, Microsoft Access, Microsoft PowerPoint, Microsoft Outlook Express Extensive knowledge of operating systems like Microsoft Office XP/2007/ NT/ Vista and Linux Familiar with Applications like MS Project, Abode, MS Office Suite, Photoshop, Illustrator and MS Live Meeting Knowledge of programming languages like C++,C, UNIX, HTML and XML Key Skills for computer hardware and networking resume Analytical thinking, planning. Strong verbal and personal communication skills. Accuracy and Attention to details. Organization and prioritization skills.

Problem analysis, use of judgment and ability to solve problems efficiently. Self motivated, initiative, high level of energy. Verbal communication skills. Decision making, critical thinking, organizing and planning. Tolerant and flexible to different situations. Self motivated Initiative with a high level of energy. Strong verbal and personal communication skills. Decision making, critical thinking, organizing and planning Tolerant and flexible to different situations. Strong communication skills Problem analysis and problem solving Organizational skills and customer service orientation Adaptability and ability to work under pressure Initiator Professional strengths Possess extensive knowledge of course development, instructional design and recourse coordination

Expertise in developing web-based instructional materials and teaching aids Proficient in delivering effective classroom training sessions Highly skilled in creating user guides and troubleshooting technical manuals Possess excellent presentation and teaching skills Ability to develop and lead technical training program sessions Ability to generate technical concepts in a clear and precise manner Excellent organizational skills and ability to prioritize workload Attention to detail and precision, solid work ethics concerning meeting deadlines and reliability. Excellent communication and interpersonal skills How will you set up this workgroup network? Determine your requirements Choose between wired and wireless media Map your physical network Map your logical network Create a utilization plan

A method for providing fault tolerance by using multiple hard disk drives. What is NETBIOS and NETBEUI? NETBIOS is a programming interface that allows I/O requests to be sent to and received from aremote computer and it hides the networking hardware from applications. NETBEUI is NetBIOS extended user interface. A transport protocol designed by Microsoft andIBM for the use on small subnets. What is redirector? Redirector is software that intercepts file or prints I/O requests and translates them into network requests. This comes under presentation layer. What is Beaconing? The process that allows a network to self-repair networks problems. The stations on the network notify the other stations on the ring when they are not receiving the transmissions. Beaconing isused in Token ring and FDDI networks. What is terminal emulation, in which layer it comes? Telnet is also called as terminal emulation. It belongs to application layer. What is frame relay, in which layer it comes? Frame relay is a packet switching technology. It will operate in the data link layer. What do you meant by "triple X" in Networks? The function of PAD (Packet Assembler Disassembler) is described in a document known asX.3. The standard protocol has been defined between the terminal and the PAD, called X.28;another standard protocol exists between hte PAD and the network, called X.29. Together, thesethree recommendations are often called "triple X". What is SAP? Series of interface points that allow other computers to communicate with the other layers of network protocol stack. What is subnet? A generic term for section of a large networks usually separated by a bridge or router. What is subnet mask? It is a term that makes distinguish between network address and host address in IP address.Subnet mask value 0 defines host partition in IP address and value 1 255 defines Network address.

Describe 802.3 standards IEEE 802 LAN/MAN IEEE 802.1- Standards for LAN/MAN bridging and management and remote mediaaccess control bridging. IEEE 802.2 Standards for Logical Link Control (LLC) standards for connectivity. IEEE 802.3 Ethernet Standards for Carrier Sense Multiple Access with CollisionDetection (CSMA/CD). IEEE 802.4 Standards for token passing bus access. IEEE 802.5 Standards for token ring access and for communications between LANsand MANs IEEE 802.6 Standards for information exchange between systems. IEEE 802.7 Standards for broadband LAN cabling. IEEE 802.8 Fiber optic connection. IEEE 802.9 Standards for integrated services, like voice and data. IEEE 802.10 Standards for LAN/MAN security implementations. IEEE 802.11 Wireless Networking "WiFi". IEEE 802.12 Standards for demand priority access method. IEEE 802.14 Standards for cable television broadband communications. IEEE 802.15.1 Bluetooth IEEE 802.15.4 Wireless Sensor/Control Networks "ZigBee" IEEE 802.16 Wireless Networking "WiMAX" What is meshing?

Meshing generically describes how devices are connected together. It is also the part of topology. There are two types of meshed topologies: partial and full.In a partially meshed environment , every device is not connected to every other device.In a fully meshed environment, every device is connected to every other device.Wireless is the good example of meshing. Wan ( internet is also a good example of meshingwhere a computer have connectivity with all internet network.) Describe Various Network Type Local Area Networks Local area networks (LANs) are used to connect networking devices thatare in a very close geographic area, such as a floor of a building, a building itself, or a campusenvironment. Wide Area Networks Wide area networks (WANs) are used to connect LANs together.Typically, WANs are used when the LANs that must be connected are separated by a largedistance. Metropolitan Area Networks A metropolitan area network (MAN) is a hybrid between a LANand a WAN. Content Networks Content networks (CNs) were developed to ease users access to Internetresources. Companies deploy basically two types of CNs:1.Caching downloaded Internet information2.Distributing Internet traffic loads across multiple servers Storage Area Networks Storage area networks (SANs) provide a high-speed infrastructure tomove data between storage devices and file servers.AdvantagePerformance is fast.Availability is high because of the redundancy features available.Distances can span up to 10 kilometers.Management is easy because of the centralization of data resources.Overhead is low (uses a thin protocol).Disadvantage of SANs is their cost. Intranet An intranet is basically a network that is local to a company. In other words, users fromwithin this company can find all of their resources without having to go outside of the company.An intranet can include LANs, private WANs and MANs, Extranet An extranet is an extended intranet, where certain internal services are made availableto known external users or external business partners at remote locations. Internet

An internet is used when unknown external users need to access internal resources inyour network. In other words, your company might have a web site that sells various products,and you want any external user to be able to access this service. VPN A virtual private network (VPN) is a special type of secured network. A VPN is used toprovide a secure connection across a public network, such as an internet. Extranets typically usea VPN to provide a secure connection between a company and its known external users or offices. Authentication is provided to validate the identities of the two peers. Confidentiality provides encryption of the data to keep it private from prying eyes. Integrity is used to ensurethat the data sent between the two devices or sites has not been tampered with.