Group Policy: Fundamentals, Security, and the Managed Desktop

( 3 )

Overview

The ultimate Group Policy guide—now updated for Windows 7 and Server 2008 R2! IT and network administrators can streamline their Windows Server management tasks by using Group Policy tools to automate or implement rules, processes, or new security across the enterprise. In this comprehensive guide, Microsoft Group Policy MVP Jeremy Moskowitz thoroughly explores Group Policy across all Windows platforms, including the latest on Windows 7 and Server 2008 R2. If you're a Windows network administrator managing scores...

See more details below
Paperback
$35.32
BN.com price
(Save 29%)$49.99 List Price

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Paperback)
  • All (12) from $21.88   
  • New (8) from $27.34   
  • Used (4) from $21.88   

Overview

The ultimate Group Policy guide—now updated for Windows 7 and Server 2008 R2! IT and network administrators can streamline their Windows Server management tasks by using Group Policy tools to automate or implement rules, processes, or new security across the enterprise. In this comprehensive guide, Microsoft Group Policy MVP Jeremy Moskowitz thoroughly explores Group Policy across all Windows platforms, including the latest on Windows 7 and Server 2008 R2. If you're a Windows network administrator managing scores of users and computers, you need this essential reference on your desk. Covers the fundamentals and beyond of Group Policy, a collection of tools and settings that allow administrators to manage users and computers across a Windows Server enterprise Reflects the very latest Windows Server technologies: Windows Server 2008 R2 and Windows 7 Includes essential topics such as Group Policy settings, using the management console, implementing security, maintaining settings as users move from one computer to another, using Windows Steady State, and more Offers expert guidance and advice from renowned Group Policy expert and Microsoft Group Policy MVP Jeremy Moskowitz, If you're a Windows Server network or IT administrator, make your life easier with Group Policy and this must-have guide.

Read More Show Less

Product Details

  • ISBN-13: 9781118289402
  • Publisher: Wiley
  • Publication date: 1/4/2013
  • Edition number: 2
  • Pages: 912
  • Sales rank: 220,654
  • Product dimensions: 7.30 (w) x 9.10 (h) x 2.00 (d)

Meet the Author

Jeremy Moskowitz, Group Policy MVP, is the founder of GPanswers.com and PolicyPak Software. He is a nationally recognized authority on Windows Server, Active Directory, Group Policy, and other Windows management topics. Jeremy is one of fewer than a dozen Microsoft MVPs in Group Policy. He runs the GPanswers.com, ranked by ComputerWorld as a "Top 20 Resource for Microsoft IT Professionals." Jeremy is a sought-after speaker at many industry conferences and, in his training workshops, helps thousands of administrators every year do more with Group Policy. Contact Jeremy by visiting GPanswers.com.

Read More Show Less

Table of Contents

Introduction xxv

Chapter 1 Group Policy Essentials 1

Getting Ready to Use This Book 2

Getting Started with Group Policy 7

Group Policy Entities and Policy Settings 7

The Categories of Group Policy 9

Active Directory and Local Group Policy 13

Understanding Local Group Policy 14

Group Policy and Active Directory 17

Linking Group Policy Objects 20

Final Thoughts on Local GPOs 25

An Example of Group Policy Application 26

Examining the Resultant Set of Policy 27

At the Site Level 28

At the Domain Level 29

At the OU Level 29

Bringing It All Together 29

Group Policy, Active Directory, and the GPMC 31

Implementing the GPMC on Your Management Station 32

Creating a One-Stop-Shop MMC 36

Group Policy 101 and Active Directory 38

Active Directory Users and Computers vs. GPMC 38

Adjusting the View within the GPMC 39

The GPMC-centric View 41

Our Own Group Policy Examples 43

More about Linking and the Group Policy Objects Container 44

Applying a Group Policy Object to the Site Level 47

Applying Group Policy Objects to the Domain Level 50

Applying Group Policy Objects to the OU Level 52

Testing Your Delegation of Group Policy Management 58

Understanding Group Policy Object Linking Delegation 59

Granting OU Admins Access to Create New Group Policy Objects61

Creating and Linking Group Policy Objects at the OU Level 61

Creating a New Group Policy Object Affecting Computers in an OU66

Moving Computers into the Human Resources Computers OU 67

Verifying Your Cumulative Changes 69

Final Thoughts 71

Chapter 2 Managing Group Policy with the GPMC 73

Common Procedures with the GPMC 74

Raising or Lowering the Precedence of Multiple Group PolicyObjects 78

Understanding GPMC’s Link Warning 79

Stopping Group Policy Objects from Applying 80

Block Inheritance 87

The Enforced Function 88

Security Filtering and Delegation with the GPMC 90

Filtering the Scope of Group Policy Objects with Security 91

User Permissions on Group Policy Objects 100

Granting Group Policy Object Creation Rights in the Domain102

Special Group Policy Operation Delegations 103

Who Can Create and Use WMI Filters? 104

Performing RSoP Calculations with the GPMC 106

What’s-Going-On Calculations with Group Policy Results107

What-If Calculations with Group Policy Modeling 113

Searching and Commenting Group Policy Objects and PolicySettings 116

Searching for GPO Characteristics 116

Filtering Inside a GPO for Policy Settings 118

Comments for GPOs and Policy Settings 129

Starter GPOs 135

Creating a Starter GPO 136

Editing a Starter GPO 136

Leveraging a Starter GPO 137

Delegating Control of Starter GPOs 139

Wrapping Up and Sending Starter GPOs 140

Should You Use Microsoft’s Pre-created Starter GPOs41

Back Up and Restore for Group Policy 142

Backing Up Group Policy Objects 143

Restoring Group Policy Objects 146

Backing Up and Restoring Starter GPOs 148

Backing Up and Restoring WMI Filters 148

Backing Up and Restoring IPsec Filters 149

Migrating Group Policy Objects between Domains 150

Basic Interdomain Copy and Import 150

Copy and Import with Migration Tables 157

GPMC At-a-Glance Icon View 160

Final Thoughts 160

Chapter 3 Group Policy Processing Behavior Essentials 163

Group Policy Processing Principles 164

Don’t Get Lost 165

Initial Policy Processing 166

Background Refresh Policy Processing 168

Security Background Refresh Processing 182

Special Case: Moving a User or a Computer Object 187

Windows 8 and Group Policy: Subtle Differences 188

Policy Application via Remote Access, Slow Links, and afterHibernation 189

Windows XP Group Policy over Slow Network Connections 190

Windows 8 Group Policy over Slow Network Connections 190

What Is Processed over a Slow Network Connection? 192

Using Group Policy to Affect Group Policy 197

Affecting the User Settings of Group Policy 197

Affecting the Computer Settings of Group Policy 199

The Missing Group Policy Preferences’ Policy Settings211

Final Thoughts 212

Chapter 4 Advanced Group Policy Processing 215

WMI Filters: Fine-Tuning When and Where Group Policy Applies215

Tools (and References) of the WMI Trade 217

WMI Filter Syntax 218

Creating and Using a WMI Filter 219

WMI Performance Impact 220

Group Policy Loopback Processing 221

Reviewing Normal Group Policy Processing 222

Group Policy Loopback—Merge Mode 223

Group Policy Loopback—Replace Mode 223

Group Policy with Cross-Forest Trusts 229

What Happens When Logging onto Different Clients across aCross-Forest Trust? 229

Disabling Loopback Processing When Using Cross-Forest Trusts232

Understanding Cross-Forest Trust Permissions 232

Final Thoughts 234

Chapter 5 Group Policy Preferences 235

Powers of the Group Policy Preferences 237

Computer Configuration a Preferences 238

User Configuration a Preferences 249

Group Policy Preferences Concepts 258

Preference vs. Policy 259

The Overlap of Group Policy vs. Group Policy

Preferences and Associated Issues 261

The Lines and Circles and the CRUD Action Modes 275

Common Tab 282

Group Policy Preferences Tips, Tricks, and Troubleshooting294

Quick Copy, Drag and Drop, Cut and Paste, and Sharing ofSettings 294

Multiple Preference Items at a Level 296

Temporarily Disabling a Single Preference Item or Extension Root298

Environment Variables 298

Managing Group Policy Preferences: Hiding Extensions from Use301

Troubleshooting: Reporting, Logging, and Tracing 302

Final Thoughts 310

Chapter 6 Managing Applications and Settings Using Group Policy311

Administrative Templates: A History and Policy vs. Preferences312

Administrative Templates: Then and Now 312

Policy vs. Preference 313

ADM vs. ADMX and ADML Files 318

ADM File Introduction 318

Updated GPMC’s ADMX and ADML Files 318

ADM vs. ADMX Files—At a Glance 320

ADMX and ADML Files: What They Do and the Problems They Solve321

Problem and Solution 1: Tackling SYSVOL Bloat 321

Problem 2: How Do We Deal with Multiple Languages? 321

Problem 3: How Do We Deal with “Write Overlaps”-323

Problem 4: How Do We Distribute Updated Definitions to All OurAdministrators? 324

The Central Store 325

The Windows ADMX/ADML Central Store 327

Creating and Editing GPOs in a Mixed Environment 331

Scenario 1: Start by Creating and Editing a GPO Using the OlderGPMC. Edit Using Another Older GPMC

Management Station. 331

Scenario 2: Start by Creating and Editing a GPO with the OlderGPMC. Edit Using the Updated GPMC. 332

Scenario 3: Start by Creating and Editing a GPO Using theUpdated GPMC. Edit Using Another Updated GPMC Management Station.334

Scenario 4: Start by Creating and Editing a GPO Using an UpdatedGPMC Management Station. Edit

Using an Older GPMC Management Station. 334

ADM and ADMX Templates from Other Sources 334

Using ADM Templates with the Updated GPMC 335

Using ADMX Templates from Other Sources 337

ADMX Migrator and ADMX Editor Tools 338

ADMX Migrator 339

ADMX Creation and Editor Tools 341

PolicyPak Community Edition and PolicyPak Professional 341

PolicyPak Concepts and Installation 344

PolicyPak Pregame Setup 344

PolicyPak Quick Installation 345

Getting Started Immediately with PolicyPak’s PreconfiguredPaks 346

PolicyPak Final Thoughts and Wrap-Up 352

Final Thoughts 353

Chapter 7 Troubleshooting Group Policy 355

Under the Hood of Group Policy 357

Inside Local Group Policy 357

Inside Active Directory Group Policy Objects 360

The Birth, Life, and Death of a GPO 362

How Group Policy Objects Are “Born” 362

How a GPO “Lives” 364

Death of a GPO 391

How Client Systems Get Group Policy Objects 392

The Steps to Group Policy Processing 392

Client-Side Extensions 395

Where Are Administrative Templates Registry Settings Stored 3

Why Isn’t Group Policy Applying? 405

Reviewing the Basics 406

Advanced Inspection 408

Client-Side Troubleshooting 418

RSoP for Windows Clients 419

Advanced Group Policy Troubleshooting with Log Files 428

Using the Event Viewer 428

Turning On Verbose Logging 429

Group Policy Processing Performance 443

Final Thoughts 444

Chapter 8 Implementing Security with Group Policy 447

The Two Default Group Policy Objects 448

GPOs Linked at the Domain Level 449

Group Policy Objects Linked to the Domain Controllers OU 453

Oops, the “Default Domain Policy” GPO and/or“Default Domain Controllers Policy” GPO Got Screwed Up!455

The Strange Life of Password Policy 456

What Happens When You Set Password Settings at an OU Level457

Fine-Grained Password Policy 458

Inside Auditing with and without Group Policy 463

Auditable Events Using Group Policy 464

Auditing File Access 470

Auditing Group Policy Object Changes 470

Advanced Audit Policy Configuration 475

Restricted Groups 480

Strictly Controlling Active Directory Groups 481

Strictly Applying Group Nesting 484

Which Groups Can Go into Which Other Groups via RestrictedGroups? 484

Restrict Software: Software Restriction Policy and AppLocker485

Inside Software Restriction Policies 486

Software Restriction Policies’ “Philosophies”487

Software Restriction Policies’ Rules 488

Restricting Software Using AppLocker 495

Controlling User Account Control with Group Policy 514

Just Who Will See the UAC Prompts, Anyway? 517

Understanding the Group Policy Controls for UAC 521

UAC Policy Setting Suggestions 530

Wireless (802.3) and Wired Network (802.11) Policies 534

802.11 Wireless Policy for Windows XP 534

802.11 Wireless Policy and 802.3 Wired Policy for Windows 8536

Configuring Windows Firewall with Group Policy 537

Manipulating the Windows XP Firewall 539

Windows Firewall with Advanced Security (for Windows8)—WFAS 542

IPsec (Now in Windows Firewall with Advanced Security) 551

How Windows Firewall Rules Are Ultimately Calculated 556

Final Thoughts 560

Chapter 9 Profiles: Local, Roaming, and Mandatory 561

What Is a User Profile? 562

The NTUSER.DAT File 562

Profile Folders for Type 1 Computers (Windows XP and Windows2003 Server) 563

Profile Folders for Type 2 Computers (Windows Vista and Later)565

The Default Local User Profile 570

The Default Network User Profile 573

Roaming Profiles 578

Setting Up Roaming Profiles 579

Testing Roaming Profiles 583

Roaming and Nonroaming Folders 586

Managing Roaming Profiles 590

Manipulating Roaming Profiles with Computer Group PolicySettings 592

Manipulating Roaming Profiles with User Group Policy Settings604

Mandatory Profiles 609

Establishing Mandatory Profiles for Windows XP 610

Establishing Mandatory Profiles for Windows 8 612

Mandatory Profiles—Finishing Touches 612

Forced Mandatory Profiles (Super-Mandatory) 613

Final Thoughts 615

Chapter 10 Implementing a Managed Desktop, Part 1: RedirectedFolders, Offline Files, and the Synchronization Manager 617

Overview of Change and Configuration Management 618

Redirected Folders 620

Available Folders to Redirect 620

Redirected Documents/My Documents 621

Redirecting the Start Menu and the Desktop 639

Redirecting the Application Data Folder 641

Group Policy Setting for Folder Redirection 641

Troubleshooting Redirected Folders 644

Offline Files and Synchronization 646

Making Offline Files Available 647

Inside Windows 8 File Synchronization 650

Handling Conflicts 658

Client Configuration of Offline Files 659

Using Folder Redirection and Offline Files over Slow Links668

Synchronizing over Slow Links with Redirected My Documents669

Synchronizing over Slow Links with Regular Shares 670

Teaching Windows 7 and Windows 8 How to React to Slow Links671

Using Group Policy to Configure Offline Files (User and ComputerNode) 675

Troubleshooting Sync Center 683

Turning Off Folder Redirection’s Automatic Offline Cachingfor Desktops 685

Final Thoughts 695

Chapter 11 The Managed Desktop, Part 2: Software Deployment viaGroup Policy 697

Group Policy Software Installation (GPSI) Overview 697

The Windows Installer Service 699

Understanding .MSI Packages 700

Utilizing an Existing .MSI Package 700

Assigning and Publishing Applications 705

Assigning Applications 705

Publishing Applications 706

Rules of Deployment 707

Package-Targeting Strategy 708

Advanced Published or Assigned 717

The General Tab 717

The Deployment Tab 718

The Upgrades Tab 722

The Categories Tab 724

The Modifications Tab 724

The Security Tab 725

Default Group Policy Software Installation Properties 726

The General Tab 726

The Advanced Tab 727

The File Extensions Tab 728

The Categories Tab 728

Removing Applications 729

Users Can Manually Change or Remove Applications 729

Automatically Removing Assigned or Published .MSI Applications729

Forcibly Removing Assigned or Published .MSI Applications730

Using Group Policy Software Installation over Slow Links 732

MSI, the Windows Installer and Group Policy 735

Inside the MSIEXEC Tool 735

Patching a Distribution Point 736

Affecting Windows Installer with Group Policy 738

Deploying Office 2010 and Office 2013 Using Group Policy 741

Steps to Office 2010/2013 Deployment Using Group Policy 742

Result of Your Office Deploying Using Group Policy 751

Systems Center Configuration Manager vs. Group Policy 753

GPSI and Configuration Manager Coexistence 755

Final Thoughts 756

Chapter 12 Finishing Touches with Group Policy: Scripts,Internet Explorer, Hardware Control, and Printer Deployment 757

Scripts: Logon, Logoff, Startup, and Shutdown 757

Non-PowerShell-Based Scripts 758

Deploying PowerShell Scripts to Windows 7 and Later Clients761

Managing Internet Explorer with Group Policy 762

Internet Explorer Maintenance—Where Is It? 763

Managing Internet Explorer with Group Policy Preferences 765

Internet Explorer’s Group Policy Settings 765

Managing Internet Explorer using the IEAK 766

Restricting Access to Hardware via Group Policy 768

Group Policy Preferences Devices Extension 769

Restricting Driver Access with Policy Settings for Windows Vistaand Later 773

Getting a Handle on Classes and IDs 774

Restricting or Allowing Your Hardware via Group Policy 777

Understanding the Remaining Policy Settings for HardwareRestrictions 778

Assigning Printers via Group Policy 780

Zapping Down Printers to Users and Computers (a Refresher)780

Final Thoughts for This Chapter and for the Book 789

Appendix A Group Policy and VDI 791

Why Is VDI Different? 792

Tuning Your Images for VDI 793

Specific Functions to Turn Off for VDI Machines 794

Group Policy Settings to Set and Avoid for Maximum VDIPerformance 795

Group Policy Tweaks for Fast VDI Video 796

Tweaking RDP Using Group Policy for VDI 797

Tweaking RemoteFX using Group Policy for VDI 798

Managing and Locking Down Desktop UI Tweaks 799

Final Thoughts for VDI and Group Policy 801

Appendix B Security Configuration Manager 803

SCM: Installation 805

SCM: Getting Around 806

SCM: Usual Use Case 807

Importing Existing GPOs 814

Comparing and Merging Baselines 814

LocalGPO Tool 816

Installing SCM’s LocalGPO Tool 817

Using SCM’s LocalGPO 817

Final Thoughts on LocalGPO and SCM 823

Appendix C Windows Intune (And What It Means to

Group Policy Admins) 825

Getting Started with Windows Intune 826

Using Windows Intune 829

Setting Up Windows Intune Groups 829

Setting Up Policies Using Windows Intune 830

Windows Intune and Group Policy Conflicts 831

Final Thoughts on Windows Intune 832

Index 835

Read More Show Less

Customer Reviews

Average Rating 5
( 3 )
Rating Distribution

5 Star

(3)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 3 Customer Reviews
  • Anonymous

    Posted August 19, 2013

    Kate

    Walks in and dumps her bags on the floor and jumps on the top bunk and listens to music

    0 out of 4 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted August 18, 2013

    Destinee and whitnei

    LaY on their bed

    0 out of 4 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted June 28, 2011

    No text was provided for this review.

Sort by: Showing all of 3 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)