Server Technology Chapter 8

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Group Policy Objects

A GPO, the main component of group policies, contains policy settings for managing many aspects of domain controllers, member servers, member computers, and users.

Using Starter GPOs

A Starter GPO is a GPO template, for lack of a better word, not to be confused with the GPTs. An administrator creates a starter GPO to be used as a baseline for new GPOs, much like the user account templates. to use a starter GPO to create a new GPO, select one in the source starter GPO list box in the New GPO Wizard, or right-click a starter GPO in the starter GPOs folder and click new.

Group Policy Replication

Because the two components of a GPO is stored in difference places on the domain controller, different methods are required to replicate GPOs to all domain controllers. GPC, which are active directory objects are replicated during normal active directory replication.

Naming Structure

Each GPO is assigned a globally unique Identifier, a 128 Bit-value represented by 32 hexadecimal digits that Windows uses to ensure unique object IDs. The GPT and GPC associated with a GPO are stored in a folder with the same name as the GPOs GUID.

File Replication Service

FRS is used if you have DCs in your domain that are running versions of Window server earlier than Windows server 2008

Site linked GPOs

GPOs Linked to a site object affect all users and computers physically located at the site. Because sites are based on IP addresses, GPO processing determines from where a user is logging on and from what computer based on that computer's IP address. So when users who logged on to a computer at a different site might have different policies applied to their accounts.

Domain Linked GPOs

GPOs that are set at the domain level should contain settings that you want to apply to all objects in the domain. The default Domain Policy is configured and linked to the domain object by default and mostly defines user account policies.

Group Policy template

Isn't stored in Active Directory but rather in a folder named SYSVOL shared on the domain controller. It contains all the policy settings that make up the GPO as well as related files, such as scripts. Every GPO has a GPT associated with it.

Replication

Replication of Active Directory-based GPOs ensures that all domain controllers DCs have a current copy of each GPO. Changes to GPOs can be made on any DC and are replicated to all other DCs.

Local GPOs

Stored on local computers and can be edited with the Group Policy Editor snap-in. To use this tool, you add the Group Policy Editor snap-in to a custom MMC or enter gpedit.msc at the command line to open an already configured MMC called Local Group Policy Editor. These tools edit local GPOs on workgroup computers manually. The policy settings on domain member computers can be affected by domain GPOs linked to the site, domain, or OU in the active directory. The settings in your local GPOs that are inherited from GPOs can't be changed on the local computer, only settings that are undefined or not configured by domain GPOs can be edited locally.

Machine (GPO)

This folder contains subfolders that store policy settings related to the computer config node.

Enforcing GPO Inheritance

When GPO inheritance is enforced by setting the Enforced option, the GPO's settings are applied to all child objects, even if a GPO with conflicting settings is linked to a container at a deeper level. Other words, a GPO that's enforced has the strongest precedence of all GPOs in its scope. If multiple were enforced, the GPO that's highest in the active directory hierarchy has the strongest precedence.

WMI Filtering

Windows technology for gathering management information about computers, such as the hardware platform, the OS version, available disk space, and so on. it uses queries to select a group of computers based on certain attributes, and then applies or doesn't apply policies based on the query's results.

Blocking GPO Inheritance

default inheritance behavior is suitable for most situations, as with NTFS permission inheritance, sometimes you need an exception to the default. One method is blocking GPO inheritance, which prevents GPOs linked to parent containers from affecting child containers. If you wanted to block a GPO inheritance, in the GPMC, right-click the child domain or OU and click block inheritance.

Folder Structure

each GPT and GPC has two subfolders: machine and user. The machine folder stores information related to a GPOs computer configuration node, and the User Folder stores information about the User Config node.

OU-Linked GPOs

fine tuning of group policies, particularly user policies, should be done at the OU level. OU linked policies are applied last, they take precedence over site and domain policies (with the exception of account policies, which can be applied only at the domain level).

Group Policy Scope

the scope of the group policy defines which objects in active directory are affected by settings in the policy. A GPO can be linked to sites, domains, and OUs and are applied to objects (users or computers) in this order. When a conflict exists, the last policy setting applied takes precedence. when OUs are nested, the GPO applied to the OU nested the deepest takes precedence over all other GPOs.

GPO Filtering

there is two types of GPO filtering. Security Filtering and Windows Management Instrumentation filtering. With Security filtering it uses permissions to restrict objects from accessing a GPO. Like any object in an Active Directory, a GPO has a discretionary access control list (DACL) in which lists of security principals are granted permission to access the GPO. the users and computer accounts must have the "Read and Apply Group Policy permissions to every GPO"

Domain GPOs

they are stored in Active Directory on domain controllers. They are linked to a site, domain, or an OU and affect users and computers whose accounts are stored in these containers. A Domain GPO is represented by an Active Directory object, but it's composed of two separate parts: a Group Policy Template and a Group Policy Container.

Group Policy Containers

this is an active directory object that is stored in the System/Policies folder and can be viewed in Active Directory Users and Computers with the Advanced Features option enabled. A GPC will store GPO properties and status information but no actual policy settings. Like a GPT, the folder name of each GPC is the same as the GPO's GUID. The GPC is composed of several attributes you can view in the attribute editor tab of its properties dialog box.

Distributed File System Replication

this is used when all DCs are running Windows server 2008 or later.


Set pelajaran terkait

Unit 14: Fiscal Policy and Trade

View Set

CHAPTER; FORTY-FOUR; NETWORKING AND THE LIAISON FUNCTION

View Set

Respiratory/Endocrine - Morcombe Dynamic Quiz

View Set

Computer Science mid-term (multiple choice)

View Set

Voice Disorders- Laryngeal Cancer

View Set