6.1.1 Configure a Central Store
http://technet.microsoft.com/en-us/library/cc748955%28v=ws.10%29.aspx
Without a Central Store, Group Policy Management will read ADMX template files from the local administrative workstation to configure GPO's. A central store allows all administrator workstations that update GPO's to use the same templates.
Create a PolicyDefinitions folder in the %logonserver%
\sysvol\
%userdnsdomain%
\policies
folder for each domain you want to create a central store.
(you can also just go directly to \\%userdnsdomain%\sysvol ie \\contoso.com\sysvol)
Copy all the files and subfolders from %systemroot%\policydefintions to the new PolicyDefinitions folder in sysvol.
Note that any new custom admx files should now be added to the central store, and that the group policy editor will prefer the central store admx files over any local ones. The GP tools will ignore any ADM files that have updated ADMX files, but you can use custom ADM templates still.
6.1.2 manage starter GPOs
http://technet.microsoft.com/en-us/library/cc772538.aspx
starter GPO - default template policies.
These are stored in \\%userdnsdomain%\sysvol\%userdnsdomain%\StarterGPOs
If the StarterGPO's folder doesn't exist in this domain, then Group Policy Management will ask to create it when you click on the starter gpo link under the domain. It will then create the folder and populate with the default templates called System Starter GPO's. These templates are read only by default.
You can now create/edit your own starter GPO's.
6.1.3 configure GPO links
GPO's can be linked to sites, domains, and OU's, and can use security filtering to apply to specific users/groups.
Under Domains choose either the domain or an OU, right click, Link an existing GPO. Or go under Sites and select a site, right click and Link an existing GPO. By left clicking or expanding on a domain, OU, or site, you can see GPO's that are linked to this object. You can also see what locations are linked to a specific GPO by clicking on the GPO itself under "Group Policy Objects" and selecting the Scope tab.
6.1.4 configure multiple local group policies
http://technet.microsoft.com/en-us/library/cc731758.aspx
There are four types of local policies(LGPO) available on supported systems:
Local policy: This is the legacy policy that supports both user and computer settings
Administrators policy: User settings only that applies to administrators
Non-administrators policy: user settings only that applies to all non-administrators
Specific user policies: user settings only for a specific user.
Local policies are applied in this order: Local, Administrators/non-administrators, specific user.
To edit each policy, load the mmc console, and go to a file/addremove snapin. Select Group Policy Object and click Add. Click Finish to accept the default Local Computer OR to choose others, select Browse. If this version of windows supports multiple LGPO's, you should have a "users" tab here. click Users and select either Administrators, non-administrators, or a specific user. Do this multiple times if you want to see all policies in one custom snap-in.
6.1.5 configure security filtering
Security filtering is configured per GPO in the scope tab under Security Filtering. Because it's the GPO itself, this filtering will affect all containers that link to this GPO.
GPO security filtering defaults to Authenticated Users.
No comments:
Post a Comment