Group Policy
What is a container?
A container is a built-in object that can't be altered without making changes to the Active Directory schema
What is Group Policy Processing?
A methos for downloading and applying froup policy settings to workstations
What is a preference item?
A single policy preference in a GPO.
What is a group policy setting?
A single setting in a GPO, applied in Policies section of GPO
What is a tattoo in terms of Group Policy?
A tattoo is when the GPO goes out of scope and the preference remains in the registry
What is Group Policy?
A way to create/apply settings to configure/control windows computers. Basically, a series of rules that can be applied to a specific "group" of users
What is needed to run Group Policy?
An Active Directory (duh), able to access the Domain Controllers (DC) on Network, be a member of Domain and have DC contain GPO copies, and use Windows 2000 to current
How many GPOs do you want?
As few as possible without sacrificing needs
What does the Domain, Domain Name, and Domain Controller of a console tree list?
Child of forest that has all domains, Container for all GP related to domain, references to all GPOs that apply to DC OU
What are some common uses for a gpo?
Disable guest account/LM/NTLMv1, set minimum password length/expiration, enable event logging/UAC, disable anonymous access
What is FTP?
File Transfer Protocol, it is the way files are sent between client and servers
How are the nodes in a Console Tree shown?
Forest Domain Domain Name Domain Controller OU Name Group Policy Object WMI Filter Starter GPO Site Group Policy Modeling Group Policy Results
What is the difference between a Group Policy Setting and a Group Policy Preference?
GP Setting will not tattoo, supercede application setting, and is recognized by the application. GP Preference will tattoo, overwrite application setting, and not be recognized by application (thus changeable)
What is a Section Policy Setting?
GPO Nodes, with the child nodes of Software Settings, Windows Settings, and Administrative templates
What is User-Inherited Policy Setting?
GPO applies to user across any login on any machine in domain. ex: my secs account on any EC computer
What is Group Policy Object?
It is a collection of settings applied to a workstation, linking the GPO to a container
Where must GPO be linked to in the settings for all users in domain? in OU?
It must be linked to Domain
What is the processing order when applying multiple GPOs to an object?
Local Group Policy, then Site GPOs, then Domain GPOs, then OU GPOs (in the hierarchy order)
Do GPO's apply to Groups?
No. Groups don't log into computers, and policy settings are applied on logon So while you can't set a group policy for only a specific group, you can set the policy for all the Users in said group
What does the Starter GPO, Site, GP Modeling, and GP results of a Console Tree list?
Node for sample GPO templates, the Forest child that contains all configured sites, Simulate GPO processing, and Reports the Results
What does an OU Name, Group Policy Object, and WMI Filter of a Console Tree list?
OU in AD and references all GPOs linked to OU, container of all GPOs in domain, Filters based on Windows Management Instrumentation
What does the Forest part of a console tree list?
The root node for the forest
Does Group Policy apply to containers?
Yes, when the GPO is linked, it applies all settings to container, and change it for specific users/computers in container
What is a computer-Inherited Policy Setting?
applies to any user logging into that specific computer
What are the possibilities for Group Policy?
it centrally control the machine in the environment, disable registry editing, disallow access to control panel, and distribute software to workstations
Which would win in a fight: container blocking inheritance, or one enforced GPO?
one enforced GPO, assumed that enforcement done by more powerful sysadmin
What is a group policy preference?
policies that are not mandatory, but optional for the user/computer. Can be changed by users to override admin preferences
What is the powershell command to get the Group Policy Feature?
ps> Import-Module GroupPolicy ps>Get-Command -Module GroupPolicy
What does it mean when a configured GPO can be enforced?
that lower-level GPOs cannot override higher-level GPOs if a conflict occurs
What are some tools used to manage group policy?
the Group Policy Management Console gpedit.mc - local group policy editor with direct access to GP Settings
What does it mean when a configured container can block inheritance?
the container will not allow any GPOs to be applied above it in hierarchy
