Beruflich Dokumente
Kultur Dokumente
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Module Overview
Implement Administrative Templates Configure Group Policy Preferences Manage Software with GPSI
.ADMX
.ADML
Registry
HKCU\Software\Microsoft\
Windows\CurrentVersion\ Policies\System
DisableRegeditMode
User interface (UI) is locked; user cannot make a change to the setting Changes are made in one of four reserved registry keys Change and UI lock are "released" when the user/computer falls out of scope UI not locked Makes a change that is persistent; "tattoos" the registry
Only managed setting shown by default Set Filter Options to view unmanaged settings Effects vary
Preferences
Central Store
.ADM files Stored in the GPT Leads to version control and GPO bloat problems
.ADMX/.ADML files Retrieved from the client Problematic if the client doesn't have the appropriate files
Central Store
Copy .ADMX files from your %SystemRoot%\PolicyDefinitions Copy .ADML file from language-specific subfolders (such as en-us)
templates
Add comments to a policy setting Add comments to a GPO Create a new GPO from a starter GPO Create a new GPO by copying an existing GPO Create a new GPO by importing settings that were
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Logon information
Lab Scenario
You were recently hired as the domain administrator for
Contoso, Ltd, replacing the previous administrator, who retired. You are not certain what policy settings have been configured, so you decide to locate and document GPOs and policy settings. You also discover that the company has not leveraged either the functionality or the manageability of administrative templates.
Lab Review
Describe the relationship between administrative template
files (both .ADMX and .ADML files) and the GPME. benefits does it provide?
When does an enterprise get a central store? What What are the advantages of managing Group Policy from a
client running the latest version of Windows? Do settings you manage apply to previous versions of Windows?
Settings
operating system and application settings that were not manageable by using Group Policy
Are written to the normal locations in Strictly enforce policy settings by the registry that the application or writing the settings to areas of the operating system feature uses to registry that standard users cannot store the setting modify Do not cause the application or operating system feature to disable the user interface for the settings they configure Refresh preferences by using the same interval as Group Policy settings by default Typically disable the user interface for settings that Group Policy is managing Refresh policy settings at a regular interval
Are not available on local computers Are available through local Group Policy
Logon information
Lab Scenario
You were recently hired as the domain administrator for
Contoso, Ltd. To simplify Group Policy management, which includes eliminating the need for logon scripts to map drives, you need to deploy several Group Policy Preferences settings that will allow for more flexibility for corporate users..
Lab Review
What is the alternate way to provide drive mapping to
Understand GPSI
Client-side extension (CSE) Installs supported packages
Optionally modified by Transform (.mst) or patches (.msp) GPSI automatically installs with elevated privileges
System Center Configuration Manager and other deployment tools can support a wider variety of installation and configuration packages
No feedback
Assign to computers
Install at startup
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.
Right-click New Package Browse to .msi file through network path (\\server\share) Choose deployment option (Recommended: Advanced)
After successful install, client will not attempt to reinstall app You might make a change to the package Package All Tasks Redeploy Application
Upgrade application
Create new package in same or different GPO Advanced Upgrades Select package to upgrade Uninstall old version first; or install over old version
Remove application
Package All Tasks Remove Uninstall immediately (forced removal) or Prevent new installations (optional removal) Dont delete or unlink GPO until all clients have applied setting
whether to process
Logon information
Lab Scenario
You are an administrator at Contoso, Ltd. Your developers
require XML Notepad to edit XML files, and you want to automate the deployment and life cycle management of the application. You decide to use Group Policy Software Installation. Most applications are licensed per computer, so you will deploy XML Notepad to the developers' computers, rather than associating the application with their user accounts.
Lab Review
Consider the NTFS permissions you applied to the
Software and XML Notepad folders on NYC-SVR1. Explain why these least privilege permissions are preferred to the default permissions. XML Notepad: Assigning the application to computers, filtering the GPO to apply to the APP_XML Notepad group that contains only computers, and linking the GPO to the Client Computers OU. Why is this approach advantageous for deploying most software? What would be the disadvantage of scoping software deployment to users rather than to computers?
Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.