舉報 
會員
Mastering Windows Group Policy
ThisbookbeginswithadiscussionofthecorematerialanyadministratorneedstoknowinordertostartworkingwithGroupPolicy.Movingon,wewillalsowalkthroughtheprocessofbuildingalabenvironmenttostarttestingGroupPolicytoday.NextwewillexploretheGroupPolicyManagementConsole(GPMC)andstartusingthepowerfulfeaturesavailableforuswithinthatinterface.OnceyouarewellversedwithusingGPMC,youwilllearntoperformandmanagethetraditionalcoretasksinsideGroupPolicy.Includedinthebookaremanyexamplesandwalk-throughsofthedifferentfilteringoptionsavailablefortheapplicationofGroupPolicysettings,asthisistherealpowerthatGroupPolicyholdswithinyournetwork.YouwillalsolearnhowyoucanuseGroupPolicytosecureyourActiveDirectoryenvironment,andalsounderstandhowGroupPolicypreferencesaredifferentthanpolicies,withthehelpofreal-worldexamples.FinallywewillspendsometimeonmaintenanceandtroubleshootingcommonGroupPolicy-relatedissuessothatyou,asadirectoryadministrator,willunderstandthediagnosingprocessforpolicysettings.Bytheendofthebook,youwillbeabletojumprightinanduseGroupPolicytoitsfullpotential.
目錄(296章)
倒序
- coverpage
- Title Page
- Contributors
- About the author
- About the reviewers
- Packt is searching for authors like you
- About Packt
- Why subscribe?
- Packt.com
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Group Policy - The Basics
- Terminology
- What is Group Policy?
- Active Directory Group Policy versus Local Group Policy
- Local Group Policy
- Active Directory Group Policy
- What does Group Policy look like?
- Requirements for Group Policy
- Who can use Group Policy?
- Hierarchy of Group Policy processing
- Levels of GPO processing
- Local Policy
- Site-level policies
- Domain-level policies
- OU-level policies
- GPO workflow
- Building a lab to test Group Policy today
- Domain Controller
- Windows 10 Client
- Configuring the Windows Server 2016 Domain Controller
- Configuring the Windows 10 client
- Summary
- Group Policy Management Console (GPMC)
- Technical requirements
- Launching the console locally
- Server Manager – the most common way
- Microsoft Management Console (MMC) snap-in
- Start menu
- GPMC.MSC
- Accessing Group Policy remotely
- Installing the GPMC on another server
- RSAT on Windows 10
- Exploring the GPMC
- Summary
- Daily Tasks in Group Policy
- Default policies and permissions
- Default Domain Policy
- Authenticated users
- Default Domain Controllers Policy
- Permissions
- Modifying an existing GPO
- Using the newest GPMC
- Editing settings inside a GPO
- Quickly finding your settings
- An annoying Internet Explorer popup
- Updating the default password policy
- Not configured versus enabled versus disabled
- Example – configuring Teredo
- Creating a new GPO
- Naming your GPOs
- Creating the GPO
- Configuring the policy to apply a desktop wallpaper
- More on GPO links
- The difference between GPOs and GPO links
- The GPO link warning message
- Linking our new GPO
- Creating and linking new GPOs at the same time
- Linking at the site level
- Deleting a GPO link versus deleting a GPO
- Deleting a GPO link
- Deleting a GPO
- Disabling GPO links
- Everyday command-line tools
- GPUpdate
- Background refresh
- Foreground refresh
- GPUpdate.exe switches
- GPResult
- Sending the output to a file
- Checking GPResult data from a remote machine
- Resultant Set of Policy
- Summary
- Advanced Filtering of Group Policy Objects
- Link order precedence
- OUs trump domains
- Multiple GPOs linked at the same level
- Changing the order of link precedence
- Seeing the big picture
- Blocking GPO inheritance
- Enforcing GPOs
- Will enforcing GPOs affect GPO precedence?
- User settings versus computer settings
- Disabling half of a GPO
- Exercises with OUs and links
- Creating or deleting OUs
- OUs inside ADUC
- OUs inside GPMC
- Default containers that are not OUs
- Moving machines from one OU to another
- OUs protected from accidental deletion
- A warning on cross-domain policy linking
- Filtering GPOs with security filters
- How to filter a GPO to a particular Active Directory group
- Filtering to specific users or computers
- Security filtering – permission changes
- How to block a GPO from a particular Active Directory group
- Filtering GPOs with WMI filters
- WMI filters could cause a performance hit
- Applying a WMI filter to our GPO
- Summary
- Deploying Policy Settings
- Managed versus unmanaged policies
- Administrative Templates
- ADMX/ADML files
- Self-regulating policies
- Special registry keys
- Sticky preferences
- Unmanaged Policies versus Group Policy Preferences
- Preferences can usually be overwritten by a user
- Preferences stick around after the GPO is removed
- Creating or importing new templates
- How can you tell the difference?
- Computer configuration policies
- Idle-time lockout policy
- What about Windows 7?
- Launching an application upon login
- Configuring certificate auto-enrollment
- Startup and shutdown scripts – running scripts at the computer level
- Disabling Local Group Policy processing
- User configuration policies
- Remove the shutdown button
- Locking down display settings
- Prohibiting access to the Control Panel and Settings
- Logon and logoff scripts – running scripts at the user level
- Group Policy loopback processing
- What's really happening?
- Merge mode
- Replace mode
- How to do it?
- Summary
- Group Policy Preferences
- How is a preference different from a policy setting?
- Create Replace Update or Delete
- Green and red marks
- Green and red lines
- How to change them
- Green and red circles
- Internet Explorer tabs
- The Common tab
- Stop processing items in this extension if an error occurs
- Run in logged-on user's security context
- Remove this item when it is no longer applied
- Apply once and do not reapply
- Item-level targeting
- Implementing Preferences
- Modifying the power options
- Environment variables
- Registry keys
- Drive mappings
- Creating a printer connection
- Forcing an Internet Explorer proxy server
- Summary
- Group Policy as a Security Mechanism
- Password rules and regulations
- A plethora of security settings
- Windows Firewall with Advanced Security
- Location of WFAS policy settings
- General settings
- Inbound Rules
- Outbound Rules
- Connection Security Rules
- Forcing Windows Firewall to always be enabled
- An aside about WFAS Profiles
- Disabling Windows Firewall by policy
- Creating a rule to allow inbound traffic
- Creating a rule to block outbound traffic
- What about conflicting rules?
- Configuring GPO to clear local WFAS rules
- Manipulating Local Users and Groups
- Denying access to Command Prompt
- Prohibiting user software-installation
- Disabling IPv6 via Group Policy
- User Account Control
- Configuring UAC via GPO
- User Account Control – Behavior of the Elevation Prompt for Administrators in Admin Approval Mode
- User Account Control – Behavior of the Elevation Prompt for Standard Users
- User Account Control – Detecting Application Installations and Prompting for Elevation
- User Account Control – Running All Administrators in Admin Approval Mode
- Blocking USB Drives
- Summary
- Group Policy Maintenance
- Documenting Group Policy
- Commenting inside GPOs
- Generating a GPO report
- Searching Group Policy
- Searching for GPOs
- Filtering settings
- Filtering by keywords
- Filtering by your own comments
- Filtering by settings that have been modified
- Clearing the filter
- Starter GPOs
- Creating a Starter GPO
- Editing a Starter GPO
- Using a Starter GPO to build finalized GPOs
- Backing up and restoring GPOs
- Backing up GPOs
- Permissions needed to back up a GPO
- Backing up a single GPO
- Backing up all GPOs at once
- Restoring GPOs
- Permissions needed to restore an existing GPO
- Permissions needed to restore a deleted GPO
- Two ways to restore a GPO
- Managing backups
- Relinking restored GPOs
- Exporting and Importing WMI Filters
- Implementing ADMX/ADML files
- Importing a new ADMX file
- The location for placing ADMX files
- The location for placing ADML files
- The Central Store
- Creating the Central Store
- Verifying Central Store is working
- Importing new ADMX/ADML files into the Central Store
- Delegating permissions to manage Group Policy
- Delegation to edit GPOs
- Delegation to link GPOs
- Delegation to create new GPOs
- Additional delegation capabilities
- Summary
- Group Policy Troubleshooting
- Troubleshooting tools and procedures
- GPUpdate
- GPResult and RSOP
- RSOP
- GPResult
- User or computer results – not usually both
- GPO permissions
- Map out policy settings
- Is the GPO disabled?
- Watching for inheritance blocking
- Looking out for Enforced GPOs
- Conflicting settings
- Is your operating system supported?
- Windows Event Logs
- GPO version numbers
- Checking Domain Controller synchronization
- Version numbers triggering the client
- Checking the replication status via GPMC
- Detecting slow links
- Changing slow-link detection behavior
- The trouble with FRS
- What's wrong with FRS?
- Which one am I running?
- Group Policy results wizard
- Running the report
- Group Policy Modeling
- Summary
- PowerShell for Group Policy Administration
- Importing PowerShell Group Policy modules
- PowerShell for GPOs and Links
- Creating new GPOs
- Deleting GPOs
- Linking a GPO
- Disabling a GPO Link
- Deleting a GPO Link
- Creating a new Starter GPO
- Enforcing a GPO
- Disabling GPO enforcement
- Setting inheritance blocking on an OU
- Configuring security filtering on a GPO
- GPO information and reporting
- Viewing information about a GPO
- GPO Reports
- RSOP data via PowerShell
- GPO permissions via PowerShell
- Viewing current GPO permissions
- Setting GPO permissions
- Removing GPO permissions
- Using PowerShell to back up and restore GPOs
- Backing up a single GPO
- Backing up all of the GPOs
- Restoring a GPO
- Remotely running GPUpdate
- Using PowerShell Help
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-10 18:48:45
推薦閱讀
- Deep Learning Quick Reference
- Expert AWS Development
- 21天學通C++
- 最簡數(shù)據(jù)挖掘
- 數(shù)據(jù)庫原理與應用技術(shù)
- 中國戰(zhàn)略性新興產(chǎn)業(yè)研究與發(fā)展·智能制造
- Ceph:Designing and Implementing Scalable Storage Systems
- 邊緣智能:關(guān)鍵技術(shù)與落地實踐
- Learning Linux Shell Scripting
- SQL Server數(shù)據(jù)庫應用基礎(chǔ)(第2版)
- 21天學通Linux嵌入式開發(fā)
- Hands-On SAS for Data Analysis
- 典型Hadoop云計算
- Learning Cassandra for Administrators
- 渲染王3ds Max三維特效動畫技術(shù)
- Raspberry Pi 3 Projects for Java Programmers
- 工業(yè)機器人與自控系統(tǒng)的集成應用
- 三維動畫制作(3ds max7.0)
- 從虛擬化到云計算
- 自動控制原理
- CAD/CAE/CAM技術(shù)
- AVR單片機菜鳥進階
- 裝配式混凝土建筑:甲方管理問題分析與對策
- 撥開CCNA迷霧
- Python數(shù)據(jù)挖掘入門與實踐
- Monitoring with Opsview
- 贏在電子商務網(wǎng)站制作與營銷(B2C版)
- Microsoft Windows PowerShell 3.0 First Look
- Learning ObjectiveC by Developing iPhone Games
- 玩轉(zhuǎn)智能機器人mBot Ranger:搭建與編程
