舉報 
會員
Mastering Windows Group Policy
ThisbookbeginswithadiscussionofthecorematerialanyadministratorneedstoknowinordertostartworkingwithGroupPolicy.Movingon,wewillalsowalkthroughtheprocessofbuildingalabenvironmenttostarttestingGroupPolicytoday.NextwewillexploretheGroupPolicyManagementConsole(GPMC)andstartusingthepowerfulfeaturesavailableforuswithinthatinterface.OnceyouarewellversedwithusingGPMC,youwilllearntoperformandmanagethetraditionalcoretasksinsideGroupPolicy.Includedinthebookaremanyexamplesandwalk-throughsofthedifferentfilteringoptionsavailablefortheapplicationofGroupPolicysettings,asthisistherealpowerthatGroupPolicyholdswithinyournetwork.YouwillalsolearnhowyoucanuseGroupPolicytosecureyourActiveDirectoryenvironment,andalsounderstandhowGroupPolicypreferencesaredifferentthanpolicies,withthehelpofreal-worldexamples.FinallywewillspendsometimeonmaintenanceandtroubleshootingcommonGroupPolicy-relatedissuessothatyou,asadirectoryadministrator,willunderstandthediagnosingprocessforpolicysettings.Bytheendofthebook,youwillbeabletojumprightinanduseGroupPolicytoitsfullpotential.
最新章節
- Leave a review - let other readers know what you think
- Other Books You May Enjoy
- Summary
- Using PowerShell Help
- Remotely running GPUpdate
- Restoring a GPO
品牌:中圖公司
上架時間:2021-06-10 18:20:14
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Leave a review - let other readers know what you think 更新時間:2021-06-10 18:48:45
- Other Books You May Enjoy
- Summary
- Using PowerShell Help
- Remotely running GPUpdate
- Restoring a GPO
- Backing up all of the GPOs
- Backing up a single GPO
- Using PowerShell to back up and restore GPOs
- Removing GPO permissions
- Setting GPO permissions
- Viewing current GPO permissions
- GPO permissions via PowerShell
- RSOP data via PowerShell
- GPO Reports
- Viewing information about a GPO
- GPO information and reporting
- Configuring security filtering on a GPO
- Setting inheritance blocking on an OU
- Disabling GPO enforcement
- Enforcing a GPO
- Creating a new Starter GPO
- Deleting a GPO Link
- Disabling a GPO Link
- Linking a GPO
- Deleting GPOs
- Creating new GPOs
- PowerShell for GPOs and Links
- Importing PowerShell Group Policy modules
- PowerShell for Group Policy Administration
- Summary
- Group Policy Modeling
- Running the report
- Group Policy results wizard
- Which one am I running?
- What's wrong with FRS?
- The trouble with FRS
- Changing slow-link detection behavior
- Detecting slow links
- Checking the replication status via GPMC
- Version numbers triggering the client
- Checking Domain Controller synchronization
- GPO version numbers
- Windows Event Logs
- Is your operating system supported?
- Conflicting settings
- Looking out for Enforced GPOs
- Watching for inheritance blocking
- Is the GPO disabled?
- Map out policy settings
- GPO permissions
- User or computer results – not usually both
- GPResult
- RSOP
- GPResult and RSOP
- GPUpdate
- Troubleshooting tools and procedures
- Group Policy Troubleshooting
- Summary
- Additional delegation capabilities
- Delegation to create new GPOs
- Delegation to link GPOs
- Delegation to edit GPOs
- Delegating permissions to manage Group Policy
- Importing new ADMX/ADML files into the Central Store
- Verifying Central Store is working
- Creating the Central Store
- The Central Store
- The location for placing ADML files
- The location for placing ADMX files
- Importing a new ADMX file
- Implementing ADMX/ADML files
- Exporting and Importing WMI Filters
- Relinking restored GPOs
- Managing backups
- Two ways to restore a GPO
- Permissions needed to restore a deleted GPO
- Permissions needed to restore an existing GPO
- Restoring GPOs
- Backing up all GPOs at once
- Backing up a single GPO
- Permissions needed to back up a GPO
- Backing up GPOs
- Backing up and restoring GPOs
- Using a Starter GPO to build finalized GPOs
- Editing a Starter GPO
- Creating a Starter GPO
- Starter GPOs
- Clearing the filter
- Filtering by settings that have been modified
- Filtering by your own comments
- Filtering by keywords
- Filtering settings
- Searching for GPOs
- Searching Group Policy
- Generating a GPO report
- Commenting inside GPOs
- Documenting Group Policy
- Group Policy Maintenance
- Summary
- Blocking USB Drives
- User Account Control – Running All Administrators in Admin Approval Mode
- User Account Control – Detecting Application Installations and Prompting for Elevation
- User Account Control – Behavior of the Elevation Prompt for Standard Users
- User Account Control – Behavior of the Elevation Prompt for Administrators in Admin Approval Mode
- Configuring UAC via GPO
- User Account Control
- Disabling IPv6 via Group Policy
- Prohibiting user software-installation
- Denying access to Command Prompt
- Manipulating Local Users and Groups
- Configuring GPO to clear local WFAS rules
- What about conflicting rules?
- Creating a rule to block outbound traffic
- Creating a rule to allow inbound traffic
- Disabling Windows Firewall by policy
- An aside about WFAS Profiles
- Forcing Windows Firewall to always be enabled
- Connection Security Rules
- Outbound Rules
- Inbound Rules
- General settings
- Location of WFAS policy settings
- Windows Firewall with Advanced Security
- A plethora of security settings
- Password rules and regulations
- Group Policy as a Security Mechanism
- Summary
- Forcing an Internet Explorer proxy server
- Creating a printer connection
- Drive mappings
- Registry keys
- Environment variables
- Modifying the power options
- Implementing Preferences
- Item-level targeting
- Apply once and do not reapply
- Remove this item when it is no longer applied
- Run in logged-on user's security context
- Stop processing items in this extension if an error occurs
- The Common tab
- Internet Explorer tabs
- Green and red circles
- How to change them
- Green and red lines
- Green and red marks
- Create Replace Update or Delete
- How is a preference different from a policy setting?
- Group Policy Preferences
- Summary
- How to do it?
- Replace mode
- Merge mode
- What's really happening?
- Group Policy loopback processing
- Logon and logoff scripts – running scripts at the user level
- Prohibiting access to the Control Panel and Settings
- Locking down display settings
- Remove the shutdown button
- User configuration policies
- Disabling Local Group Policy processing
- Startup and shutdown scripts – running scripts at the computer level
- Configuring certificate auto-enrollment
- Launching an application upon login
- What about Windows 7?
- Idle-time lockout policy
- Computer configuration policies
- How can you tell the difference?
- Creating or importing new templates
- Preferences stick around after the GPO is removed
- Preferences can usually be overwritten by a user
- Unmanaged Policies versus Group Policy Preferences
- Sticky preferences
- Special registry keys
- Self-regulating policies
- ADMX/ADML files
- Administrative Templates
- Managed versus unmanaged policies
- Deploying Policy Settings
- Summary
- Applying a WMI filter to our GPO
- WMI filters could cause a performance hit
- Filtering GPOs with WMI filters
- How to block a GPO from a particular Active Directory group
- Security filtering – permission changes
- Filtering to specific users or computers
- How to filter a GPO to a particular Active Directory group
- Filtering GPOs with security filters
- A warning on cross-domain policy linking
- OUs protected from accidental deletion
- Moving machines from one OU to another
- Default containers that are not OUs
- OUs inside GPMC
- OUs inside ADUC
- Creating or deleting OUs
- Exercises with OUs and links
- Disabling half of a GPO
- User settings versus computer settings
- Will enforcing GPOs affect GPO precedence?
- Enforcing GPOs
- Blocking GPO inheritance
- Seeing the big picture
- Changing the order of link precedence
- Multiple GPOs linked at the same level
- OUs trump domains
- Link order precedence
- Advanced Filtering of Group Policy Objects
- Summary
- Resultant Set of Policy
- Checking GPResult data from a remote machine
- Sending the output to a file
- GPResult
- GPUpdate.exe switches
- Foreground refresh
- Background refresh
- GPUpdate
- Everyday command-line tools
- Disabling GPO links
- Deleting a GPO
- Deleting a GPO link
- Deleting a GPO link versus deleting a GPO
- Linking at the site level
- Creating and linking new GPOs at the same time
- Linking our new GPO
- The GPO link warning message
- The difference between GPOs and GPO links
- More on GPO links
- Configuring the policy to apply a desktop wallpaper
- Creating the GPO
- Naming your GPOs
- Creating a new GPO
- Example – configuring Teredo
- Not configured versus enabled versus disabled
- Updating the default password policy
- An annoying Internet Explorer popup
- Quickly finding your settings
- Editing settings inside a GPO
- Using the newest GPMC
- Modifying an existing GPO
- Permissions
- Default Domain Controllers Policy
- Authenticated users
- Default Domain Policy
- Default policies and permissions
- Daily Tasks in Group Policy
- Summary
- Exploring the GPMC
- RSAT on Windows 10
- Installing the GPMC on another server
- Accessing Group Policy remotely
- GPMC.MSC
- Start menu
- Microsoft Management Console (MMC) snap-in
- Server Manager – the most common way
- Launching the console locally
- Technical requirements
- Group Policy Management Console (GPMC)
- Summary
- Configuring the Windows 10 client
- Configuring the Windows Server 2016 Domain Controller
- Windows 10 Client
- Domain Controller
- Building a lab to test Group Policy today
- GPO workflow
- OU-level policies
- Domain-level policies
- Site-level policies
- Local Policy
- Levels of GPO processing
- Hierarchy of Group Policy processing
- Who can use Group Policy?
- Requirements for Group Policy
- What does Group Policy look like?
- Active Directory Group Policy
- Local Group Policy
- Active Directory Group Policy versus Local Group Policy
- What is Group Policy?
- Terminology
- Group Policy - The Basics
- Reviews
- Get in touch
- Conventions used
- Download the color images
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt.com
- Why subscribe?
- About Packt
- Packt is searching for authors like you
- About the reviewers
- About the author
- Contributors
- Title Page
- coverpage
- coverpage
- Title Page
- Contributors
- About the author
- About the reviewers
- Packt is searching for authors like you
- About Packt
- Why subscribe?
- Packt.com
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Group Policy - The Basics
- Terminology
- What is Group Policy?
- Active Directory Group Policy versus Local Group Policy
- Local Group Policy
- Active Directory Group Policy
- What does Group Policy look like?
- Requirements for Group Policy
- Who can use Group Policy?
- Hierarchy of Group Policy processing
- Levels of GPO processing
- Local Policy
- Site-level policies
- Domain-level policies
- OU-level policies
- GPO workflow
- Building a lab to test Group Policy today
- Domain Controller
- Windows 10 Client
- Configuring the Windows Server 2016 Domain Controller
- Configuring the Windows 10 client
- Summary
- Group Policy Management Console (GPMC)
- Technical requirements
- Launching the console locally
- Server Manager – the most common way
- Microsoft Management Console (MMC) snap-in
- Start menu
- GPMC.MSC
- Accessing Group Policy remotely
- Installing the GPMC on another server
- RSAT on Windows 10
- Exploring the GPMC
- Summary
- Daily Tasks in Group Policy
- Default policies and permissions
- Default Domain Policy
- Authenticated users
- Default Domain Controllers Policy
- Permissions
- Modifying an existing GPO
- Using the newest GPMC
- Editing settings inside a GPO
- Quickly finding your settings
- An annoying Internet Explorer popup
- Updating the default password policy
- Not configured versus enabled versus disabled
- Example – configuring Teredo
- Creating a new GPO
- Naming your GPOs
- Creating the GPO
- Configuring the policy to apply a desktop wallpaper
- More on GPO links
- The difference between GPOs and GPO links
- The GPO link warning message
- Linking our new GPO
- Creating and linking new GPOs at the same time
- Linking at the site level
- Deleting a GPO link versus deleting a GPO
- Deleting a GPO link
- Deleting a GPO
- Disabling GPO links
- Everyday command-line tools
- GPUpdate
- Background refresh
- Foreground refresh
- GPUpdate.exe switches
- GPResult
- Sending the output to a file
- Checking GPResult data from a remote machine
- Resultant Set of Policy
- Summary
- Advanced Filtering of Group Policy Objects
- Link order precedence
- OUs trump domains
- Multiple GPOs linked at the same level
- Changing the order of link precedence
- Seeing the big picture
- Blocking GPO inheritance
- Enforcing GPOs
- Will enforcing GPOs affect GPO precedence?
- User settings versus computer settings
- Disabling half of a GPO
- Exercises with OUs and links
- Creating or deleting OUs
- OUs inside ADUC
- OUs inside GPMC
- Default containers that are not OUs
- Moving machines from one OU to another
- OUs protected from accidental deletion
- A warning on cross-domain policy linking
- Filtering GPOs with security filters
- How to filter a GPO to a particular Active Directory group
- Filtering to specific users or computers
- Security filtering – permission changes
- How to block a GPO from a particular Active Directory group
- Filtering GPOs with WMI filters
- WMI filters could cause a performance hit
- Applying a WMI filter to our GPO
- Summary
- Deploying Policy Settings
- Managed versus unmanaged policies
- Administrative Templates
- ADMX/ADML files
- Self-regulating policies
- Special registry keys
- Sticky preferences
- Unmanaged Policies versus Group Policy Preferences
- Preferences can usually be overwritten by a user
- Preferences stick around after the GPO is removed
- Creating or importing new templates
- How can you tell the difference?
- Computer configuration policies
- Idle-time lockout policy
- What about Windows 7?
- Launching an application upon login
- Configuring certificate auto-enrollment
- Startup and shutdown scripts – running scripts at the computer level
- Disabling Local Group Policy processing
- User configuration policies
- Remove the shutdown button
- Locking down display settings
- Prohibiting access to the Control Panel and Settings
- Logon and logoff scripts – running scripts at the user level
- Group Policy loopback processing
- What's really happening?
- Merge mode
- Replace mode
- How to do it?
- Summary
- Group Policy Preferences
- How is a preference different from a policy setting?
- Create Replace Update or Delete
- Green and red marks
- Green and red lines
- How to change them
- Green and red circles
- Internet Explorer tabs
- The Common tab
- Stop processing items in this extension if an error occurs
- Run in logged-on user's security context
- Remove this item when it is no longer applied
- Apply once and do not reapply
- Item-level targeting
- Implementing Preferences
- Modifying the power options
- Environment variables
- Registry keys
- Drive mappings
- Creating a printer connection
- Forcing an Internet Explorer proxy server
- Summary
- Group Policy as a Security Mechanism
- Password rules and regulations
- A plethora of security settings
- Windows Firewall with Advanced Security
- Location of WFAS policy settings
- General settings
- Inbound Rules
- Outbound Rules
- Connection Security Rules
- Forcing Windows Firewall to always be enabled
- An aside about WFAS Profiles
- Disabling Windows Firewall by policy
- Creating a rule to allow inbound traffic
- Creating a rule to block outbound traffic
- What about conflicting rules?
- Configuring GPO to clear local WFAS rules
- Manipulating Local Users and Groups
- Denying access to Command Prompt
- Prohibiting user software-installation
- Disabling IPv6 via Group Policy
- User Account Control
- Configuring UAC via GPO
- User Account Control – Behavior of the Elevation Prompt for Administrators in Admin Approval Mode
- User Account Control – Behavior of the Elevation Prompt for Standard Users
- User Account Control – Detecting Application Installations and Prompting for Elevation
- User Account Control – Running All Administrators in Admin Approval Mode
- Blocking USB Drives
- Summary
- Group Policy Maintenance
- Documenting Group Policy
- Commenting inside GPOs
- Generating a GPO report
- Searching Group Policy
- Searching for GPOs
- Filtering settings
- Filtering by keywords
- Filtering by your own comments
- Filtering by settings that have been modified
- Clearing the filter
- Starter GPOs
- Creating a Starter GPO
- Editing a Starter GPO
- Using a Starter GPO to build finalized GPOs
- Backing up and restoring GPOs
- Backing up GPOs
- Permissions needed to back up a GPO
- Backing up a single GPO
- Backing up all GPOs at once
- Restoring GPOs
- Permissions needed to restore an existing GPO
- Permissions needed to restore a deleted GPO
- Two ways to restore a GPO
- Managing backups
- Relinking restored GPOs
- Exporting and Importing WMI Filters
- Implementing ADMX/ADML files
- Importing a new ADMX file
- The location for placing ADMX files
- The location for placing ADML files
- The Central Store
- Creating the Central Store
- Verifying Central Store is working
- Importing new ADMX/ADML files into the Central Store
- Delegating permissions to manage Group Policy
- Delegation to edit GPOs
- Delegation to link GPOs
- Delegation to create new GPOs
- Additional delegation capabilities
- Summary
- Group Policy Troubleshooting
- Troubleshooting tools and procedures
- GPUpdate
- GPResult and RSOP
- RSOP
- GPResult
- User or computer results – not usually both
- GPO permissions
- Map out policy settings
- Is the GPO disabled?
- Watching for inheritance blocking
- Looking out for Enforced GPOs
- Conflicting settings
- Is your operating system supported?
- Windows Event Logs
- GPO version numbers
- Checking Domain Controller synchronization
- Version numbers triggering the client
- Checking the replication status via GPMC
- Detecting slow links
- Changing slow-link detection behavior
- The trouble with FRS
- What's wrong with FRS?
- Which one am I running?
- Group Policy results wizard
- Running the report
- Group Policy Modeling
- Summary
- PowerShell for Group Policy Administration
- Importing PowerShell Group Policy modules
- PowerShell for GPOs and Links
- Creating new GPOs
- Deleting GPOs
- Linking a GPO
- Disabling a GPO Link
- Deleting a GPO Link
- Creating a new Starter GPO
- Enforcing a GPO
- Disabling GPO enforcement
- Setting inheritance blocking on an OU
- Configuring security filtering on a GPO
- GPO information and reporting
- Viewing information about a GPO
- GPO Reports
- RSOP data via PowerShell
- GPO permissions via PowerShell
- Viewing current GPO permissions
- Setting GPO permissions
- Removing GPO permissions
- Using PowerShell to back up and restore GPOs
- Backing up a single GPO
- Backing up all of the GPOs
- Restoring a GPO
- Remotely running GPUpdate
- Using PowerShell Help
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-10 18:48:45
