CTS- Chapter 10 General
WMI OS version number, Win 7, Server '08 R2,
6.1
WMI OS version number, Win 8. and Server '12
6.2
After Windows is started, the Computer Configuration node of GPOs affecting the client is refreshed every
90 minutes with random offset between 0 and 20 minutes
This occurs when you force group policy update from GPMC
A list of computers in the OU is created A list of users currently logged on to each computer is created A scheduled task that runs gpupdate /force is created on each computer for each logged-on user After the random delay period, users who are logged on see a command prompt open, and the gpupdate /force command runs
You can see s GPO's DACL in
Active Directory Users and Computers in the System\Policies folder and in the Delegation tab in the GPMC
Deny and Allow permissions is in the
Advanced Security Settings dialog box
Two main ways to change default GPO inheritance
Blocking inheritance GPO enforcement
How to change the default behavior of slow link processing
Configure the slow link detection policy
Policies aren't processed across a slow network link by default, including the following
Disk quota Folder redirection Internet Explorer maintenance Scripts, Software installation Wireless network policies Wired network policies Most preferences
GPO Management Delegation
Eight possible permissions can be applied to GPOs and the container objects. Create GPO Link GPO Perform Group Policy Modeling analyses Read Group Policy Results data Read Read (from Security Filtering) Edit settings, delete, modify security Edit Settings
Domain from a different forest
Group Policy Management node in the left pane of the GPMC
Settings for group policy processing behavior are found in
Policies\Administrative Templates\System\Group Policy under both the Computer Configuration and User Configuration nodes
A client OS, such as Windows 8 has
Product Type of 1, and a server OS
Windows Server 2012 has
ProductType of 3
Procedure restoring GPO
Restore a previous version Restore a deleted GPO Import settings
policy that installs a large application on target machines with at least 2 GB of disk space
Select * from Win32_LogicalDisk where FreeSpace > 2000000000
WMI query language Win. 8
Select * from Win32_OperatingSystem where Caption = "Microsoft Windows 8 Enterprise"
WMI query language that not for Win 8 Enterprise
Select * from Win32_OperatingSystem where Version like "6.2%"
3 main ways to change the default processing of certain types of policies
Slow link processing Background processing Process even if the Group Policy objects
What policies, however, require synchronous processing to ensure a consistent computing environment
Software Installation, Folder Redirection, Disk Quotas, and the Drive Mapping preference
For a GPO to apply
User and computer accounts must have the Read and Apply Group Policy permissions
create WMI filters in the
WMI Filters node of the GPMC
How do you configure a policy
allow Control Panel access in a GPO linked to the Engineering OU
For basic GPO filtering
use the Scope tab in the GPMC
To add or remove security principals from the GPO access list
use the Security Filtering dialog box
Loopback Policy Processing by default
users are affected by policies in the User Configuration node, and computers are affected by policies in the Computer Configuration node
When are the group policies are processed
when Windows boots and when a user logs on
When to use the loopback policy
you have an OU named ConfRoomComputers containing all computer accounts of computers in conference rooms. Perhaps you want standardized desktop settings, such as wallpaper, screen savers, Start screen, and so forth, so that these computers have a consistent look for visitors
How to use the loopback policy
enable the "Configure user Group Policy loopback processing mode"
By default, GPO inheritance is
enabled and settings linked to a parent object are applied to all child objects
How to configure slow link detection
go to Policies\Administrative Templates\System\Group Policy, and enable the "Configure Group Policy slow link detection"
Allow slow link processing for selected policies
if you want scripts to be processed even when a slow link is detected, enable the "Configure scripts policy processing" policy found in Policies\Administrative Templates\System\Group Policy
To block inheritance
in GPMC, right-click the child domain or OU and click Block Inheritance
GPO Backup and Restore is used in
large and complex network with many different policy needs for users, servers and workstations.
GPOs are applied in this order
local computer site domain OU
GPO Migration
migrate GPOs from one domain to another. ex: multidomain environment, and two domains have similar policy requirements. can be migrated across domains in the same or different forests by adding the domain to the GPMC
To manage objects
move the objects to OUs
Add a domain in the same forest
right-click the Domains node in the left pane of the GPMC
two types of GPO Filtering
security filtering and Windows Management Instrumentation (WMI) filtering.
Force policies and preferences to be processed by
select the "Process even if the Group Policy objects have not changed" check box
When to configure a Slow Link Processing
software installation policy can use quite a lot of bandwidth if a large software package is being downloaded
