This lesson covers Group Policy. Activities include creating and testing Group Policy objects.

Objectives and Skills

Objectives and skills for the Understanding Active Directory portion of Windows Server Administration Fundamentals certification include:^[1]

• Understand group policy: group policy processing; Group Policy Management Console; computer policies; user policies; local policies

Readings

1. Wikipedia: Group Policy
2. Wikipedia: Folder redirection
3. Wikipedia: Roaming user profile

Multimedia

1. YouTube: Group Policy (Part 1 of 4) - Basic Settings and Auditing
2. YouTube: Group Policy (Part 2 of 4) - Group Policy Desktop Settings
3. YouTube: Group Policy (Part 3 of 4) - Installing and Restricting Software and Applications
4. YouTube: Group Policy (Part 4 of 4) - Scripts, Roaming, Redirection, IE and CP Settings

Activities

1. Review Wikipedia: Group Policy and Microsoft: Group Policy Security Settings. Configure essential security settings, including Password Policy and Account Lockout Policy.
2. Review Microsoft: Using Folder Redirection. Configure and test folder redirection.
3. Configure and test roaming user profiles. Compare and contrast roaming user profiles with folder redirection.

Lesson Summary

• Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.^[2]

• Policy settings are defined separately for computers and for users. Computer policies are processed at computer startup. User policies are processed at user logon.^[3]

• Group Policy objects are processed in the following order: local, site, domain, then organizational unit (OU). Policy settings are inherited from one level to the next unless overridden.^[4]

• Policy inheritance can be blocked at a lower level. But higher level policies can be set as enforced, preventing both the blocking of inheritance and override.^[5]

• Group Policy objects are created and maintained using the Group Policy Management Console.^[6]

• Local policies may be set on individual computers using the Microsoft Management Console Local Security Policy snap-in.^[7]

• By default, Microsoft Windows refreshes its policy settings every 90 - 120 minutes on workstations and member servers and every five minutes on domain controllers. However, some settings are only applied during startup or user logon.^[8]

• Group Policy settings can be refreshed manually using the gpupdate command.^[9]

• The gpresult command may be used to display the Resultant Set of Policy (RSoP) settings for a given computer or user.^[10]

• Folder Redirection provides the ability to automatically reroute file operations from standard local folders (directories) to storage located elsewhere on a network.^[11]

• Folder Redirection allows the saving of user data to centralized network server locations for easier sharing, backup, and recovery.^[12]

• Folder Redirection separates user data from profile data, decreasing the amount of time required to log on when profile data is also stored on a server (roaming profile).^[13]

• Folder Redirection is most often implemented using Group Policy settings.^[14]

• The following user folders may be redirected through Folder Redirection: Application Data, Contacts, Desktop, Downloads, Favorites, Links, Music, My Documents, My Pictures, Saved Games Searches, Start Menu, and Videos.^[15]

• Active Directory supports three types of user profiles: local profiles, roaming profiles, and mandatory profiles. Local profiles are created automatically on each computer where a user logs on. Roaming profiles are copied to a server share and downloaded to the local computer when users log on. Mandatory profiles are implemented as read-only roaming profiles.^[16]

Key Terms

Windows Management Instrumentation (WMI)

A set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.^[17]

Review Questions

Click on a question to see the answer.

1. Group Policy provides _____ of _____, _____, and _____ in an Active Directory environment.

   Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.
2. Policy settings are defined separately for _____ and for _____. _____ policies are processed at computer startup. _____ policies are processed at user logon.

   Policy settings are defined separately for computers and for users. Computer policies are processed at computer startup. User policies are processed at user logon.
3. Group Policy objects are processed in the following order: _____, _____, _____, then _____. Policy settings are inherited from one level to the next unless overridden.

   Group Policy objects are processed in the following order: local, site, domain, then organizational unit (OU). Policy settings are inherited from one level to the next unless overridden.
4. Policy inheritance can be _____ at a lower level. But higher level policies can be set as _____, preventing both the _____ of inheritance and _____.

   Policy inheritance can be blocked at a lower level. But higher level policies can be set as enforced, preventing both the blocking of inheritance and override.
5. Group Policy objects are created and maintained using the _____.

   Group Policy objects are created and maintained using the Group Policy Management Console.
6. Local policies may be set on individual computers using the _____.

   Local policies may be set on individual computers using the Microsoft Management Console Local Security Policy snap-in.
7. By default, Microsoft Windows refreshes its policy settings every _____ minutes on workstations and member servers and every _____ minutes on domain controllers. However, some settings are only applied during _____ or _____.

   By default, Microsoft Windows refreshes its policy settings every 90 - 120 minutes on workstations and member servers and every five minutes on domain controllers. However, some settings are only applied during startup or user logon.
8. Group Policy settings can be refreshed manually using the _____ command.

   Group Policy settings can be refreshed manually using the gpupdate command.
9. The _____ command may be used to display the Resultant Set of Policy (RSoP) settings for a given _____ or _____.

   The gpresult command may be used to display the Resultant Set of Policy (RSoP) settings for a given computer or user.
10. Folder Redirection provides the ability to automatically _____ file operations from _____ to _____.

    Folder Redirection provides the ability to automatically reroute file operations from standard local folders (directories) to storage located elsewhere on a network.
11. Folder Redirection allows the saving of user data to _____ for easier _____, _____, and _____.

    Folder Redirection allows the saving of user data to centralized network server locations for easier sharing, backup, and recovery.
12. Folder Redirection separates _____ data from _____ data, decreasing the amount of time required to log on when _____ data is also stored on a server.

    Folder Redirection separates user data from profile data, decreasing the amount of time required to log on when profile data is also stored on a server (roaming profile).
13. Folder Redirection is most often implemented using _____.

    Folder Redirection is most often implemented using Group Policy settings.
14. The following user folders may be redirected through Folder Redirection: _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, _____, and _____.

    The following user folders may be redirected through Folder Redirection: Application Data, Contacts, Desktop, Downloads, Favorites, Links, Music, My Documents, My Pictures, Saved Games, Searches, Start Menu, and Videos.
15. Active Directory supports three types of user profiles: _____ profiles, _____ profiles, and _____ profiles. _____ profiles are created automatically on each computer where a user logs on. _____ profiles are copied to a server share and downloaded to the local computer when users log on. _____ profiles are implemented as _____ profiles.

    Active Directory supports three types of user profiles: local profiles, roaming profiles, and mandatory profiles. Local profiles are created automatically on each computer where a user logs on. Roaming profiles are copied to a server share and downloaded to the local computer when users log on. Mandatory profiles are implemented as read-only roaming profiles.

Flashcards

• Test your understanding of this lesson.
• Test your understanding of the key terms.

See Also

• Microsoft Virtual Academy: Windows Server 2012 Technical Overview

References

Subject classification: this is an information technology resource.

Type classification: this is a lesson resource.

Completion status: this resource is considered to be complete.