Professional Documents
Culture Documents
Chapter 6 - Group Policy
Chapter 6 - Group Policy
• Understanding GP
• Creating and editing GPO
• Examples of GPOs setting
• Software Deployment
2
Group Policy
• Group Policy (GP): Windows Server 2019 feature that applies restrictions at the
user and computer level
• Group Policy Objects (GPOs);
Administrative templates
Enable system administrators to configure what users can and cannot do on
computers, peripheral devices, and network applications across the
organization's network
Group Policy
A collection of configuration settings applied to objects in the AD DS, including:
o Software Settings
o Scripts
o Security Settings
o Administrative Templates
o Folder Redirection
The goal of GP is to allow AD DS administrators to define a set of policies
Policies targeted to users, computers, group, sites, domains, and OUs; and then
rely on the system to enforce those policies
Policies can execute scripts during logon or logoff and computer startup and
shutdown.
Group Policy
Contain settings
and configurations
applied to either
computers or users
in AD
Group Policy
Group Policy Objects (GPOs)
Group Policy
Management console
(GPMC): The utility
used to create, manage,
delegate, and link GPOs
Group Policy
Management Editor
(GPME): The utility
used to edit a GPO.
Group Policy
Creating GPOs
Group Policy
Creating GPOs
select a policy
Group Policy
Configuring GPO Links
Local group
GPO2
Site
GPO3
GPO4
Domain
GPO5
OU
OU OU
Group Policy
GPO Application order
Security Filtering: the ability to filter a GPO down to particular Active Directory
objects
Set filters so that the GPO only applies to particular users, particular computers, or
even particular groups of users or computers
Create a new Security Group inside Active Directory and add only those
computers into the group.
Once the GPO has been configured with that group listed in the filtering section,
that policy would only apply to machines that are part of that group.
Group Policy
Security Filtering
Security Filtering: set an additional security filter so that only machines belong to
the specific security group will actually receive the settings from the GPO
Group Policy
Configuring Group Policy Settings
The primary goal of Group Policy is to apply configuration settings on the client
machines. The settings used to:
o create a consistent and seamless experience for users across the domain.
o ensure that users do not have access to features and functions that could
compromise enterprise security efforts.
o control what software is installed, where folders are located on the network,
access and rights to various Windows features,…
Group Policy
Configuring Group Policy Settings
To manage GPOs, in Server Manager, Click Tools, and choose Group Policy
Management.
Group Policy
Configuring Group Policy Settings
For automated
deployment of new
software and
software upgrades
For managing
registry settings
Group Policy
Default Domain Policy
Created during
installation, and
applies to every
computer and user
who is part of the
domain
A common place to enforce global password policies or security rules that need to
apply to everyone
Group Policy
Default Domain Policy
Default Domain Policy: a very quick and easy way to get settings configured and
pushed out to everyone
Settings change to this policy affect everyone in your domain, including yourself
It is highly recommended that you stay away from the Default Domain Policy
And instead set up a brand new GPO when need applied some settings
Group Policy
Default Domain Policy
Default Domain Policy: a very quick and easy way to get settings configured and
pushed out to everyone
Settings change to this policy affect everyone in your domain, including yourself
It is highly recommended that you stay away from the Default Domain Policy
And instead set up a brand new GPO when need applied some settings
Group Policy
Examples of GPOs: Rename the administrator account
2) Publishing Software:
o Publish a program distribution to users.
o When the user logs on to the computer, the published program is displayed in
the Add or Remove Programs dialog box, and it can be installed from there.
Software Deployment
Using Group Policy
1. Create a folder in Server and share it with appropriate permission for domain
users to execute MSI files
Software Deployment
Using Group Policy
In the New GPO box, in the Name box, type GPO’s name (e.g., Software
Deployment), and then click OK.
Software Deployment
Using Group Policy
In the opened window, using the UNC path of the software select the software
MSI file you want to deploy (e.g., 7zip software) to clients.
Software Deployment
Using Group Policy
Uses existing technologies, such as Windows PE, Windows image file (.wim) and
virtual hard disk (.vhd and .vhdx) image files, and image-based deployment.
Windows Deployment Services (WDS)
Infrastructure Requirement
1) In Server Manager,
click Tools, and then
click Windows Deployment
Services.
2) On the Windows
Deployment Services
console, double
click Servers, then right-
click server name, and then
click Configure Server.
Windows Deployment Services (WDS)
Configure Windows Deployment Services
3) On the Add Image Wizard, on the Image File page, click Browse, then
in Select Windows Image File box, select the sources folder for boot image file
(i.e., boot.wim)
4) On the Image Metadata box, click Next.
5) On the Summary box, click Next.
6) On the Task Progress page, click Finish.
Windows Deployment Services(WDS)
Add Install Image
13) On the Image Selection page, click Windows Server 2016, then in the Name
list, click Windows Server 2016 SERVERDATACENTER, and then
click Next.
4) Now, return to WDS Server, In WDS, click Pending Devices, right-click the
pending request, and then click Approve.
Windows Deployment Services (WDS)
Testing
5) Next, go to the NewHelpTech Server 2016 and you should see now our New
Server 2016 is loading files from the WDS server.
Windows Deployment Services (WDS)
Testing
6) If the loading files successful, WDS Windows Setup box will appear and you can
proceed by clicking Next.
Windows Deployment Services (WDS)
Testing
8) Next, on the Select the operating system you want to install, you should notice
that Windows Server 2016 SERVERDATACENTER is listed, then click Next to
proceed with installation.
Summary