Module 7:

Managing the
User
Environment by
Using Group
Policy
Overview

Configuring Group Policy Settings

Assigning Scripts with Group Policy
Restricting Group Membership and
Access to Software
Configuring Folder Redirection
Determining Applied GPOs
Lesson: Configuring Group Policy
Settings

Why Use Group Policy?

What Are Enabled and Disabled Group
Policy Settings?
Practice: Configuring Group Policy
Settings
Why Use Group Policy?

Use Group Policy to:

Manage users and computers
Deploy software
Enforce security settings
Enforce a consistent desktop
environment
Enforce loopback processing
What Are Enabled and Disabled Group
Policy Settings?

Enable / Disable Multivalued settings

Practice: Configuring Group Policy
Settings

In this practice, you will:

Create a GPO to configure
a standard user desktop
Create a GPO to reverse a
setting in the standard
desktop GPO for the Legal
department
Lesson: Assigning Scripts with
Group Policy

What Are Group Policy Script Settings?

Why Use Group Policy Scripts?
Practice: Assigning Scripts with Group
Policy
What Are Group Policy Script
Settings?

Group Policy script settings can be used

to assign:
For computers
 Startup scripts
 Shutdown scripts
For users
 Logon scripts
 Logoff scripts
Why Use Group Policy Scripts?

Group Policy scripts can:

Perform tasks that cannot be done
through other Group Policy
settings
Clean desktops and return
computers to their original state
Provide a secure environment by
clearing temp folders and page
files
Practice: Assigning Scripts with
Group Policy

In this practice, you will:

Use Group Policy to assign a
script to map a drive
Test the script
Lesson: Restricting Group
Membership and Access to
Software

Restricting Group Membership

What Is a Software Restriction
Policy?
Software Restriction Rules
Practice: Restricting Group
Membership and Access to
Software
Restricting Group Membership

Group Policy can control group

membership:
 For any group on a local computer
 For any group in Active Directory
What is a Software Restriction
Policy?

A policy-driven mechanism that

identifies and controls software
on a client computer
A mechanism restricting software
installation and viruses
A component with two parts:
 A default rule with two options:
Unrestricted
Disallowed
 Exceptions to the default rule
Software Restriction Rules

Hash Rule Certificate Rule

Use to employ MD5 or Checks for digital
SHA1 hash of a file to signature on
confirm identity application
Use to allow or Use when you want
prohibit a certain to restrict Win32
version of a file from applications and
being run ActiveX content
Path Rule Internet Zone Rule
Use when restricting Controls how Internet
the path of a file Zones can be
accessed
Use when multiple
files exist for the Use in high-security
same application environments to
control access to Web
Essential when SRPs
applications
are strict
Practice: Restricting Group
Membership and Access to
Software

In this practice, you will:

Define the membership of
the local Administrators
group for DEN-CL1
Restrict access to Outlook
Express for the domain
Lesson: Configuring Folder
Redirection

What Is Folder Redirection?

Folders That Can Be Redirected
Settings That Configure Folder
Redirection
Security Considerations for
Configuring Folder Redirection
Practice: Configuring Folder
Redirection
What Is Folder Redirection?

Folder Redirection allows:

Redirection to folders on the local
computer
or on a network drive
Folders on a server appear as if they
are located on the local drive
Folders That Can Be Redirected

My Documents
Application Data
Desktop
Start Menu
Settings That Configure Folder
Redirection

Use basic Folder Accounting

Redirection for Users

common files and

limited-access files Accounts
A-M

Accounts
With advanced Folder N-Z
Redirection, the Accounting
server hosting the Managers
folder location is te
a
based on group P riv Misty
membership
e
i v at
Pr Anne
Security Considerations for
Configuring Folder Redirection

NTFS permissions for Folder

Redirection root folder
Shared folder permissions for
Folder Redirection root folder
NTFS permissions for each user’s
redirected folder
Practice: Configuring Folder
Redirection

In this practice, you

will:
Create a shared
folder
Create a GPO to
redirect the My
Documents folder
Test the Folder
Redirection
Lesson: Determining Applied GPOs

What Are gpupdate and gpresult?

What Is Group Policy Reporting?
What Is Group Policy Modeling?
What Are Group Policy Results?
Practice: Determining Applied GPOs
What Are gpupdate and gpresult?

Use gpupdate to:

Manually refresh updated Group Policy
settings
Force the refresh of all Group Policy
settings
Force a reboot or logoff if required to
refresh
the settings

Use gpresult to:

Display the resulting set of policies for
a user
or computer
Redirect the resulting set of policies
information to a file
What Is Group Policy Reporting?
What Is Group Policy Modeling?
What Are Group Policy Results?
Practice: Determining Applied GPOs

In this practice, you will:

Refresh GPO settings with
gpupdate
Use Group Policy reporting
to view the settings in a
GPO and save the report
Create a Group Policy
Results report
Lab: Managing the User
Environment by Using Group
Policy

After completing this lab, you

will be able to:
 Create and apply a GPO to the
Graphics organizational unit
 Assign a logon script to
connect to the Graphics1
printer
 Use a GPO to configure the
membership of the Backup
Operators group
 Use the Group Policy Results
Wizard to verify the policy
settings