Home Page Icon
Home Page
Table of Contents for
Index
Close
Index
by William R. Stanek, Derek Melber, Darren Mar-Elia, The Microsoft Group Policy Tea
Microsoft® Windows® Group Policy Guide
Microsoft® Windows® Group Policy Guide
A Note Regarding Supplemental Files
About the Authors
Foreword
Introduction
About This Book
Document Conventions
Companion CD
Support Policy
System Requirements
I. Getting Started with Group Policy
1. Overview of Group Policy
Understanding Group Policy
What It Does
How It Works
Using and Implementing Group Policy
Using Group Policy in Workgroups and Domains
Working with Group Policy Objects
Getting Started with Group Policy
Understanding Group Policy Settings and Options
Using Group Policy for Administration
Understanding the Required Infrastructure for Group Policy
DNS and Active Directory
Applying Active Directory Structure to Inheritance
Examining GPO Links and Default GPOs
Understanding GPO Links
Working with Linked GPOs and Default Policy
Working with the Default Domain Policy GPO
Working with the Default Domain Controllers Policy GPO
Summary
2. Working with Group Policy
Navigating Group Policy Objects and Settings
Connecting to and Working with GPOs
Applying Group Policy and Using Resultant Set of Policy
RSoP Walkthrough
Managing Group Policy Objects
Managing Local Group Policy
Accessing Local Group Policy on the Local Computer
Accessing Local Group Policy on a Remote Machine
Managing Active Directory–Based Group Policy
Installing the GPMC
Using the GPMC
Connecting to Additional Forests
Showing Sites in Connected Forests
Accessing Additional Domains
Setting Domain Controller Focus Options
Creating and Linking GPOs
Creating and Linking GPOs for Sites
Creating and Linking GPOs for Domains
Creating and Then Linking a GPO for a Domain
Creating and Linking a Domain GPO as a Single Operation
Creating and Linking GPOs for OUs
Creating OUs in the GPMC
Creating and Then Linking a GPO for an OU
Creating and Linking an OU GPO as a Single Operation
Delegating Privileges for Group Policy Management
Determining and Assigning GPO Creation Rights
Determining Group Policy Management Privileges
Delegating Control for Working with GPOs
Delegating Authority for Managing Links and RSoP
Removing Links and Deleting GPOs
Removing a Link to a GPO
Deleting a GPO Permanently
Summary
3. Advanced Group Policy Management
Searching and Filtering Group Policy
Filtering Policy Settings
Filtering Techniques for Policy Settings
Filtering Policy Settings by Operating System and Application Configuration
Searching Policy Objects, Links, and Settings
Search Techniques for Policy Objects, Links, and Settings
Beginning Your Policy Object, Link, or Setting Search
Filtering by Security Group, User, or Computer
Managing Group Policy Inheritance
Changing Link Order and Precedence
Overriding Inheritance
Blocking Inheritance
Enforcing Inheritance
Managing Group Policy Processing and Refresh
Changing the Refresh Interval
Enabling or Disabling GPO Processing
Changing Policy Processing Preferences
Configuring Slow Link Detection
Slow Link Detection
Configuring Slow Link Detection and Slow Link Policy Processing
Configuring Slow Link and Background Policy Processing
Refreshing Group Policy Manually
Modeling and Maintaining Group Policy
Modeling Group Policy for Planning Purposes
Copying and Importing Policy Objects
Copying Policy Objects and Their Settings
Importing Policy Objects and Their Settings
Backing Up GPOs
Restoring Policy Objects
Determining the Effective Group Policy Settings and Last Refresh
Summary
II. Group Policy Implementation and Scenarios
4. Deploying Group Policy
Group Policy Design Considerations
Active Directory Design Considerations
Active Directory Database Storage Location
Active Directory Operating System File Storage Location
Replication
Organizational Unit Design
Site Design
Physical Design Considerations
Remote Access Connection Design Considerations
GPO Application Design Considerations
Site, Domain, and OU Linking
GPOs Have Two Distinct Sections
Interaction of GPO Application When Linked to Sites, Domains, and OUs
Cross-Domain GPO Linking
Synchronous and Asynchronous Processing
Fast Logon Optimization
GPO Inheritance Modification
Additional GPO Design Considerations
Monolithic vs. Functional
Additional GPO Settings
Controlling GPO Processing Performance
Common Performance Issues
Performance Tips
Reduce the Number of Group Policy Objects
Link GPOs to Organizational Units
Disable Unused Sections of GPOs
Optimize the Background Refresh Interval
Configure a Reasonable Timeout for Scripts
Configure Asynchronous Processing
Limit Use of Loopback
Filter GPOs Based on Group Membership
Best Practices for Deploying GPOs
Choosing the Best Level to Link GPOs
GPOs Linked to Sites
GPOs Linked to Domains
GPOs Linked to OUs
Resources Used by GPOs
Software Installation
Designing GPOs Based on GPO Categories
Limit Enforced and Block Policy Inheritance Options
When to Use Security Filtering
When to Use WMI Filters
Network Topology Considerations
Limiting Administrative Privileges
Naming GPOs
Testing GPOs Before Deployment
Migrating GPOs from Test to Production
Migrating GPOs from Production to Production
Using Migration Tables
Domain-Specific GPO Settings
Migration Table Structure
Source Type
Source Name
Destination Name
Summary
5. Hardening Clients and Servers
Understanding Security Templates
Default Security Templates
Compatws.inf
DC security.inf
Iesacls.inf
Securedc.inf
Securews.inf
Hisecdc.inf
Hisecws.inf
Notssid.inf
Rootsec.inf
Setup Security.inf
Sections of the Security Template
Account Policies
Local Policies
Event Log
Restricted Groups
System Services
Registry
File System
Tools for Accessing, Creating, and Modifying Security Templates
Security Templates Snap-in
Security Configuration and Analysis Snap-in
Security Configuration Wizard
Using the Security Configuration Wizard
Accessing the Security Configuration Wizard
Sections of the Security Configuration Wizard
Role-Based Service Configuration
Network Security
Registry Settings
Audit Policy
Incorporating Security Templates into Security Policies
Best Practices for Using the Security Configuration Wizard
Deploying Security Templates
Importing Security Templates Into GPOs
Using the Security Configuration and Analysis Tool
Using the Secedit.exe Command-Line Tool
Using the Security Configuration Wizard and the scwcmd Command
General Hardening Techniques
Closing Unnecessary Ports
Disabling Unnecessary Services
Tools Used in Hardening Computers
Netstat
Portqry
Server Hardening
Member Servers
OU Design Considerations
Member Server Security Environment Levels
Security Settings for Member Servers
Ports Required for Member Servers
Domain Controllers
Domain Controller Security Environment Levels
Security Settings for Domain Controllers
Ports Required for Domain Controllers
File and Print Servers
Web Servers
Security Settings for Web Servers
Ports Required for Web Servers
Client Hardening
Ports Required for Clients
Restricted Groups for Clients
Client Computers for IT Staff and Administrators
Security Settings for IT Staff and Administrators
Local Services and Software
Local Group Configuration
Client Computers for Help Desk Staff
Security Settings for Help Desk Staff
Local Group Configuration
Troubleshooting
Security Areas and Potential Problems
Tools
Secedit
Security Configuration and Analysis
Gpresult
Resultant Set of Policy
Summary
6. Managing and Maintaining Essential Windows Components
Configuring Application Compatibility Settings
Optimizing Application Compatibility Through Group Policy
Configuring Additional Application Compatibility Settings
Configuring Attachment Manager Settings
Working with Attachment Manager
Configuring Risk Levels and Trust Logic in Group Policy
Configuring Event Viewer Information Requests
Using Event Viewer Information Requests
Customizing Event Details Through Group Policy
Controlling IIS Installation
Configuring Access to and Use of Microsoft Management Console
Blocking Author Mode for MMC
Designating Prohibited and Permitted Snap-ins
Requiring Explicit Permission for All Snap-Ins
Optimizing NetMeeting Security and Features
Configuring NetMeeting Through Group Policy
Enabling Security Center for Use in Domains
Managing Access to Scheduled Tasks and Task Scheduler
Managing File System, Drive, and Windows Explorer Access Options
Hiding Drives in Windows Explorer and Related Views
Preventing Access to Drives in Windows Explorer and Related Views
Removing CD-Burning and DVD-Burning Features in Windows Explorer and Related Views
Removing the Security Tab in Windows Explorer and Related Views
Limiting the Maximum Size of the Recycle Bin
Optimizing the Windows Installer Configuration
Controlling System Restore Checkpoints for Program Installations
Configuring Baseline File Cache Usage
Controlling Rollback File Creation
Elevating User Privileges for Installation
Controlling Per-User Installation and Program Operation
Preventing Installation from Floppy Disk, CD, DVD, and Other Removable Media
Configuring Windows Installer Logging
Optimizing Automatic Updates with Windows Update
Enabling and Configuring Automatic Updates
Controlling Auto Download and Notify for Install
Setting the Automatic Updates Detection Frequency
Optimizing Notify User Installs
Optimizing Scheduled Installs
Blocking Access to Automatic Updates
Designating an Update Server
Summary
7. Managing User Settings and Data
Understanding User Profiles and Group Policy
Configuring Roaming Profiles
Configuring the Network Share for Roaming Profiles
Configuring User Accounts to Use Roaming Profiles
Optimizing User Profile Configurations
Modifying the Way Local and Roaming Profiles Are Used
Only Allow Local User Profiles
Delete Cached Copies of Roaming Profiles
Do Not Detect Slow Network Connection
Log Users Off When Roaming Profile Fails
Prompt User When Slow Link Is Detected
Slow Network Connection Timeout for User Profiles
Timeout for Dialog Boxes
Wait for Remote User Profile
Modifying the Way Profile Data Is Updated and Changed
Modifying the Way Profile Data Can Be Accessed
Limiting Profile Size and Included Folders
Limiting Profile Size
Limiting Folders Included in Profiles
Redirecting User Profile Folders and Data
Understanding Folder Redirection
Configuring Folder Redirection
Using Basic Folder Redirection
Using Advanced Folder Redirection
Configuring Setup, Removal, and Preference Settings for Redirection
Managing Computer and User Scripts
Working with Computer and User Scripts
Configuring Computer Startup and Shutdown Scripts
Configuring User Logon and Logoff Scripts
Controlling Script Visibility
Controlling Script Timeout
Controlling Script Execution and Run Technique
Summary
8. Maintaining Internet Explorer Configurations
Customizing the Internet Explorer Interface
Customizing the Title Bar Text
Customizing Logos
Customizing Buttons and Toolbars
Customizing URLs, Favorites, and Links
Customizing Home, Search, and Support URLs
Customizing Favorites and Links
Creating Individual Favorites and Links
Importing Favorites and Links Lists
Configuring Global Default Programs
Optimizing Connection and Proxy Settings
Deploying Connection Settings Through Group Policy
Deploying Proxy Settings Through Group Policy
Enhancing Internet Explorer Security
Working with Security Zones and Settings
Restricting Security Zone Configuration
Deploying Security Zone Configurations
Configuring the Internet Security Zone
Configuring the Local Intranet Zone
Configuring the Trusted Sites Security Zone
Configuring the Restricted Sites Security Zone
Importing and Deploying the Security Zone Settings
Configuring Additional Policies for Internet Options
Summary
9. Deploying and Maintaining Software Through Group Policy
Understanding Group Policy Software Installation
How Software Installation Works
What You Need to Know to Prepare
How to Set Up the Installation Location
What Limitations Apply
Planning the Software Deployment
Creating Software Deployment GPOs
Configuring the Software Deployment
Deploying Software Through Group Policy
Deploying Software with Windows Installer Packages
Getting the Necessary Windows Installer File
Deploying the Software Using a Windows Installer File
Deploying Software with Non–Windows Installer Packages
Creating the ZAP File
Deploying the Software Using a ZAP File
Configuring Advanced and Global Software Installation Options
Viewing and Setting General Deployment Properties
Changing the Deployment Type and Installation Options
Defining Application Categories
Adding, Modifying, and Removing Application Categories
Adding an Application to a Category
Performing Upgrades
Patching or Installing an Application Service Pack
Deploying a New Version of an Application
Customizing the Installation Package with Transforms
Controlling Deployment by Security Group
Setting Global Deployment Defaults
Deploying Microsoft Office and Service Packs
Deploying Office Through Policy
Choosing a Package Distribution Technique
Using Transforms to Customize an Office Deployment
Selecting a Deployment Mode
Keeping Office Updated
Deploying Windows Service Packs Through Policy
Maintaining Deployed Applications
Removing Deployed Applications
Redeploying Applications
Configuring Software Restriction Policies
Getting Started with Software Restriction Policies
Configuring Enforcement Policy
Viewing and Configuring Designated File Types
Configuring Trust Publishers Policy
Configuring Disallowed and Unrestricted Applications
Configuring Security Rules
Using Certificate Rules
Using Hash Rules
Using Internet Zone Rules
Using Path Rules
Troubleshooting Software Installation Policy
Troubleshooting Steps
Common Software Installation Policy Problems
Summary
10. Managing Microsoft Office Configurations
Introducing Office Configuration Management
Customizing Office Configurations
Downloading and Installing the Tools
Working with the Custom Installation Wizard
Step 1: Create the Administrative Install of Office’s .msi File
Step 2: Use the Custom Installation Wizard for Office Configuration
Step 3: Deploy the Transformed Office Configuration
Working with the Custom Maintenance Wizard
Step 1: Update the Microsoft Office Configuration
Step 2: Deploy the New Configuration of Office
Preparing the Policy Environment
Deploying Office Administrative Template Files
Deploying Office Administrative Template Files for the First Time
Updating Previously Deployed Office-Related Policy Templates
Creating Office Configuration GPOs
Managing Multiple Office Configuration Versions
Managing Office-Related Policy
Working with Office-Related Policy
Examining Global and Application-Specific Settings
Configuring Office-Related Policy Settings
Preventing Users from Changing Office Configurations
Understanding How to Prevent Office Configuration Changes
Disabling Office Menu Items and Options Using Predefined Options
Disabling Office Menu Items and Options Using Custom Options
Step 1: Determining the Menu Item ID
Step 2: Using a Custom Disable Policy
Configuring Notification for Disabled Menu Items and Options
Controlling Default File and Folder Locations
Setting the Default Database Folder Location for Access 2003
Setting the Default File Location for Excel 2003
Setting Default Folder Locations for OneNote 2003
Setting Default Folder Locations for Publisher 2003
Setting Default Folder Locations for Word 2003
Configuring Outlook Security Options
Controlling Office Language Settings
Troubleshooting Office Administrative Template Policy
Summary
11. Maintaining Secure Network Communications
Understanding IPSec Policy
How IPSec Works
How IPSec Policy Is Deployed
When to Use IPSec and IPSec Policy
Managing and Maintaining IPSec Policy
Activating and Deactivating IPSec Policies
Create Additional IPSec Policies
Creating and Assigning the IPSec Policy
Defining Security Rules and Actions
Creating and Managing IP Filter Lists
Creating and Managing Filter Actions
Monitoring IPSec Policy
Deploying Public Key Policies
How Public Key Certificates Work
How Public Key Policies Are Used
Managing Public Key Policy
Understanding Windows Firewall Policy
How Windows Firewall Works
How Windows Firewall Policy Is Used
Managing Windows Firewall Policy
Configuring IPSec Bypass
Enabling and Disabling Windows Firewall with Group Policy
Managing Firewall Exceptions with Group Policy
Disabling the Use of Exceptions
Allowing File and Printer Sharing Exceptions
Allowing Remote Administration Exceptions
Allowing Remote Desktop Exceptions
Allowing UPnP Framework Exceptions
Defining Program Exceptions
Defining ICMP Exceptions
Defining Port Exceptions
Configuring Firewall Notification, Logging, and Response Requests
Prohibiting Notifications
Allowing Logging
Prohibiting Unicast Responses to Multicast or Broadcast Requests
Summary
12. Creating Custom Environments
Loopback Processing
Replace Mode
Merge Mode
Troubleshooting Loopback
Terminal Services
Controlling Terminal Services Through Group Policy on an Individual Computer
Controlling Terminal Services Through Group Policy in a Domain
Configuring Order of Precedence
Configuring Terminal Services User Properties
Best Practices
Configuring License Server Using Group Policy Settings
License Server Security Group
Prevent License Upgrade
Configuring Terminal Services Connections
Limit Number of Connections
Set Client Connection Encryption Level
Secure Server (Require Security)
Start a Program on Connection
Set Rules for Remote Control to Terminal Services User Sessions
Set Time Limit for Disconnected Sessions
Set Time Limit for Active Terminal Services Sessions
Terminate Session When Time Limits Are Reached
Allow Reconnection From Original Client Only
Managing Drive, Printer, and Device Mappings for Clients
Allow Audio Redirection
Do Not Allow COM Port Redirection
Do Not Allow Client Printer Redirection
Do Not Allow LPT Port Redirection
Do Not Allow Drive Redirection
Do Not Set Default Client Printer To Be Default Printer in a Session
Controlling Terminal Services Profiles
Set Path for TS Roaming Profiles
TS User Home Directory
Restrict Terminal Services Users To a Single Remove Session
Only Allow Local User Profiles
Delete Cached Copies of Roaming Profiles
Group Policy over Slow Links
Default Policy Application over Slow Links
Policies That Apply over Slow Links
Slow Link Behavior for RAS Connections
Slow Link Detection Group Policy Settings
Group Policy Slow Link Detection
Slow Network Connection Timeout for User Profiles
Do Not Detect Slow Network Connections
Prompt User When Slow Link Is Detected
Configure Slow Link Speed
Additional Slow Link Detection Settings for Client-Side Extensions
Summary
III. Group Policy Customization
13. Group Policy Structure and Processing
Navigating Group Policy Logical Structure
Working with Group Policy Containers
Examining Attributes of groupPolicyContainer Objects
Examining the Security of groupPolicyContainer Objects
Examining GPO Creation Permissions
Viewing and Setting Default Security for New GPOs
Viewing the defaultSecurityDescriptor Attribute
Modifying the defaultSecurityDescriptor Attribute
Navigating Group Policy Physical Structure
Working with Group Policy Templates
Understanding Group Policy Versioning
Understanding Group Policy Template Security
Navigating Group Policy Link Structure
Examining Group Policy Linking
Viewing the gPLink Attribute
Examining Inheritance Blocking on Links
Understanding Group Policy Security and Links
Understanding Group Policy Processing
Examining Client-Side Extension Processing
Examining Server-Side Extension Processing
Setting Storage for Wireless Network Policy
Setting Storage for Folder Redirection Policy
Setting Storage for Administrative Templates Policy
Setting Storage for Disk Quota Policy
Setting Storage for QoS Packet Scheduler Policy
Setting Storage for Scripts
Setting Storage for Internet Explorer Maintenance Policy
Setting Storage for Security Policy
Setting Storage for Software Installation Policy
Setting Storage for IP Security Policy
Understanding Policy Processing Events
Asynchronous vs. Synchronous Policy Processing
Tracking Policy Application
Tracking Slow Link Detection
Modifying Security Policy Processing
Group Policy History and State Data
Group Policy History Data
Group Policy State Data
Group Membership Data
Navigating Local GPO Structure
Understanding LGPO Creation and Application
Understanding LGPO Structure
Managing and Maintaining LGPOs
Controlling Access to the LGPO
Summary
14. Customizing Administrative Templates
What Is an Administrative Template?
Default .adm Files
Working with .adm Files
Default Installed .adm Files
Tips for Importing .adm Files
Adding .adm Files
Removing .adm Files
Managing .adm Files
Controlling Updated Versions of .adm Files
Turn Off Automatic Updates of ADM Files
Always Use Local ADM Files for Group Policy Editor
Tips for Working with .adm Files
Operating System and Service Pack Release Issues
Policies vs. Preferences
Creating Custom .adm Files
A Simple .adm File
Using .adm File Language
Structure of an .adm File
#if version
Syntax for Updating the Registry
Class
Keyname
Valuename
Valueoff/Valueon
Syntax for Updating the Group Policy Object Editor Interface
Strings
Category
Policy
Part
Checkbox
Clienttext
Combobox
Dropdownlist
Edittext
Listbox
Numeric
Text
Actionlist
Additional Statements in the .adm Template
Comments
Required
Maxlen
Explain
Supported
.adm File String and Tab Limits
Best Practices
Summary
15. Security Templates
Understanding the Security Template Structure
Account Policies
Local Policies
Event Log
Restricted Groups
System Services
Registry
File System
Where Security Template Settings Overlap with GPO Settings
Working with Security Templates
Security Templates Snap-In
Raw Security Template INF Files
Customizing Security Templates
Copying Templates
Creating New Security Templates
Customizing Security Options
Structure of the Sceregvl.inf File
Customizing the Sceregvl.inf File
Getting the Custom Entry to Show Up
Customizing Services in the Security Templates
Getting the Correct Service to Automatically Display
Acquiring the Service Syntax for the Security Template File
Manually Updating Services in the Security Template File
Microsoft Solutions for Security Settings
Summary
IV. Group Policy Troubleshooting
16. Troubleshooting Group Policy
Group Policy Troubleshooting Essentials
Verifying the Core Configuration
Verifying the Network Connection and Configuration
Verifying the Computer Account and Trust
Verifying Time Synchronization
Verifying the Computer and User Account Configuration
Verifying Key Infrastructure Components
Verifying the Scope of Management
Checking the GPO Status and Version
Checking the GPO on the Logon Domain Controller
Checking the GPO Link Status and Order
Checking the GPO Permissions
Checking the Loopback Processing Status of the GPO
Checking for Slow Links
Essential Troubleshooting Tools
Working with Resultant Set of Policy
Navigating the Summary Tab
Navigating the Settings Tab
Navigating the Policy Events Tab
Navigating the Advanced View
Viewing RSoP from the Command Line
Verifying Server-Side GPO Health
Checking the GPC and GPT for Errors
Checking the SYSVOL Permissions
Verifying Specific GPOs
Navigating the GPO Details
Managing RSoP Logs Centrally
Getting Started with Group Policy Monitor
Preparing the Group Policy Monitor Installation
Deploying and Configuring Group Policy Monitor
Viewing Group Policy Monitor Reports
Examining Differences Between Refresh Intervals
Managing Report Log Deletion
Group Policy Logging
Navigating the Application Event Logs
Configuring the Level of Application Logging
Understanding Group Policy Events
Managing Userenv Logging
Configuring the Level of Userenv Logging
Examining the Userenv Logs
Managing Logging for Specific CSEs
Enabling Debug Logging for Windows Installer Policy
Enabling Debug Logging for Folder Redirection Policy
Enabling Debug Logging for Security Policy
Summary
17. Resolving Common Group Policy Problems
Solving GPO Administration Problems
Domain Controller Running the PDC Emulator Is Not Available
Not All Settings Show Up in the Group Policy Editor
Custom Administrative Template Settings Are Not Visible
Administrative Templates and Settings Depend on the Operating System Version
Security Template Settings Are Not Taking Effect
New Custom Security Settings Are Not Displayed
Delegation Restrictions Within the GPMC
Creating GPOs
Linking GPOs
Managing GPOs
Editing GPOs
Viewing GPOs
Group Policy Settings Are Not Being Applied Due to Infrastructure Problems
Domain Controllers Are Not Available
Active Directory Database Is Corrupt
Local Logon vs. Active Directory Logon
SYSVOL Files Are Causing GPO Application Failure
GPO Files Manually Modified Incorrectly
SYSVOL Share Removed
Incorrect Date and Time of GPO Files
Problems with Replication and Convergence of Active Directory and SYSVOL
Syncing Group Policy GPC and GPT
Intrasite Replication
Intersite Replication
DNS Problems Causing GPO Application Problems
DHCP Servers Allocating Incorrect DNS Information
Manual Client Configuration Is Incorrect
SRV Records Have Been Deleted
Solving Implementation Problems
Tracking Down Incorrect GPO Settings
GPO Settings That Can Be Set to Enabled or Disabled
Incorrect Setting Selected
Computer Configuration vs. User Configuration Settings
GPO Links Causing GPO Application Problems
Linking GPOs to Multiple Containers
Administering GPOs that are Linked to Multiple Containers
Accounts Are Not Located in the Correct OU
Reasons That Accounts Are Placed in the Incorrect OU
Wrong Account in OU
Trying to Apply Group Policy Settings to Groups
Linking GPOs to OUs That Contain Only Groups
Setting GPO Security Filtering to Apply GPO Settings to Groups
Conflicting Settings in Two GPOs
Modifying Default GPO Inheritance
Enforcing GPOs
Block Policy Inheritance
Security Filtering
Summary
V. Appendixes
A. Group Policy Reference
Computer Configuration Reference
User Configuration Reference
B. New Features in Windows Server 2003 Service Pack 1
Adprep
Administrative Tools
Internet Explorer Feature Control Settings
Managing Feature Control Settings
Configuring Policies and Preferences
Internet Explorer Administration Kit/Internet Explorer Maintenance
Internet Explorer URL Action Security Settings
Changes to Internet Explorer URL Action Security Settings
Resultant Set of Policy
Changes to RSoP in SP1
Administering Remote RSoP with GPMC SP1
Delegating Access to Group Policy Results
Post-Setup Security Updates
Security Configuration Wizard
Windows Firewall
Changes to Windows Firewall
Changes for Audit Logging
Changes for Netsh Helper
Windows Firewall New Group Policy Support
C. GPMC Scripting
GPMC Scripting Interface Essentials
Understanding the GPMC Scripting Object Model
Creating the Initial GPM Object
Referencing the Domain to Manage
Creating and Linking GPOs
Automating Group Policy Security Management
Using the GPMC’s Prebuilt Scripts
Creating GPOs
Deleting GPOs
Finding Disabled GPOs
Finding GPOs by Security Group
Finding GPOs Without Active Links
Setting GPO Creation Permissions
Setting Other GPO Permissions
Backing Up All GPOs
Backing Up Individual GPOs
Copying GPOs
Importing GPOs
Generating RSoP Reports
Mirroring Your Production Environment
GPMC Prebuilt Script Review
D. Office 2003 Administrative Template Highlights
Microsoft Access 2003
Microsoft Excel 2003
Microsoft FrontPage 2003
Microsoft Clip Organizer 2003
Microsoft InfoPath 2003
Microsoft Office 2003
Microsoft OneNote 2003
Microsoft Outlook 2003
Microsoft PowerPoint 2003
Microsoft Project 2003
Microsoft Publisher 2003
Microsoft Visio 2003
Microsoft Word 2003
Index
About the Authors
Copyright
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Index
Next
Next Chapter
Index
D
DACL (Discretionary access control list), security descriptor,
System Services
data, folder redirection administration,
Using Group Policy for Administration
databases, Active Directory,
Group Policy Design Considerations
,
Active Directory Operating System File Storage Location
,
Active Directory Operating System File Storage Location
,
Domain Controllers Are Not Available
replication,
Active Directory Operating System File Storage Location
storage location,
Group Policy Design Considerations
troubleshooting corruption,
Domain Controllers Are Not Available
DC security.inf template, security template default,
Compatws.inf
DCGPOFIX fix,
Working with Linked GPOs and Default Policy
debugging,
Examining the Userenv Logs
,
Enabling Debug Logging for Windows Installer Policy
,
Enabling Debug Logging for Windows Installer Policy
,
Enabling Debug Logging for Folder Redirection Policy
Folder Redirection Policy,
Enabling Debug Logging for Windows Installer Policy
Security Policy logging,
Enabling Debug Logging for Folder Redirection Policy
Windows Installer Policy logging,
Examining the Userenv Logs
Default Domain Controller Policy GPO,
Working with Group Policy Objects
,
Working with Linked GPOs and Default Policy
,
Working with the Default Domain Policy GPO
Default Domain Policy GPO,
Working with Group Policy Objects
,
Working with Linked GPOs and Default Policy
Default Response Rule, IPSec policy,
Creating and Assigning the IPSec Policy
defaults,
Understanding GPO Links
,
Understanding GPO Links
,
Working with Linked GPOs and Default Policy
,
Working with the Default Domain Policy GPO
,
Compatws.inf
,
Compatws.inf
,
Compatws.inf
,
Compatws.inf
,
Securedc.inf
,
Securedc.inf
,
Securews.inf
,
Hisecws.inf
,
Hisecws.inf
,
Notssid.inf
,
Notssid.inf
,
Importing Favorites and Links Lists
,
Controlling Deployment by Security Group
,
Controlling Default File and Folder Locations
,
Examining GPO Creation Permissions
linked GPOs,
Understanding GPO Links
,
Working with Linked GPOs and Default Policy
,
Working with the Default Domain Policy GPO
Default Domain Controllers Policy GPO,
Working with the Default Domain Policy GPO
Default Domain Policy GPO,
Working with Linked GPOs and Default Policy
Office-related policy, folder and file locations,
Controlling Default File and Folder Locations
programs, Internet Explorer,
Importing Favorites and Links Lists
security settings, viewing and modifying,
Examining GPO Creation Permissions
security templates,
Compatws.inf
,
Compatws.inf
,
Compatws.inf
,
Compatws.inf
,
Securedc.inf
,
Securedc.inf
,
Securews.inf
,
Hisecws.inf
,
Hisecws.inf
,
Notssid.inf
,
Notssid.inf
Compatws.inf,
Compatws.inf
DC security.inf,
Compatws.inf
Hisecdc.inf,
Securews.inf
Hisecws.inf,
Hisecws.inf
Iesacls.inf,
Compatws.inf
Notssid.inf,
Hisecws.inf
Rootsec.inf,
Notssid.inf
Securedc.inf,
Securedc.inf
Securews.inf,
Securedc.inf
Setup Security.inf,
Notssid.inf
software deployment, global,
Controlling Deployment by Security Group
defaultSecurityDescriptor attribute,
Examining GPO Creation Permissions
,
Viewing and Setting Default Security for New GPOs
,
Viewing the defaultSecurityDescriptor Attribute
modifying,
Viewing the defaultSecurityDescriptor Attribute
viewing,
Viewing and Setting Default Security for New GPOs
delegation,
Organizational Unit Design
,
Organizational Unit Design
,
Security Template Settings Are Not Taking Effect
administration, Active Directory OU design,
Organizational Unit Design
restrictions, GPMC troubleshooting,
Security Template Settings Are Not Taking Effect
Delete Cached Copies Of Roaming Profiles settings,
Only Allow Local User Profiles
,
Slow Network Connection Timeout for User Profiles
,
Restrict Terminal Services Users To a Single Remove Session
DeleteGPO.wsf script, GPMC prebuilt scripts,
Using the GPMC’s Prebuilt Scripts
deleting,
Delegating Authority for Managing Links and RSoP
,
Delegating Authority for Managing Links and RSoP
,
Maintaining Deployed Applications
GPOs (Group Policy Objects),
Delegating Authority for Managing Links and RSoP
installed software,
Maintaining Deployed Applications
Deploy Software dialog box,
Deploying the Software Using a Windows Installer File
,
Deploying the Software Using a ZAP File
deployment,
Group Policy Design Considerations
,
Group Policy Design Considerations
,
Group Policy Design Considerations
,
Site Design
,
Physical Design Considerations
,
Remote Access Connection Design Considerations
,
Controlling GPO Processing Performance
,
Filter GPOs Based on Group Membership
,
Filter GPOs Based on Group Membership
,
Naming GPOs
,
Deploying Security Templates
,
Deploying Security Templates
,
Importing Security Templates Into GPOs
,
Importing Security Templates Into GPOs
,
Using the Security Configuration Wizard and the scwcmd Command
,
What Limitations Apply
,
Configuring the Software Deployment
,
Deploying the Software Using a Windows Installer File
,
Controlling Deployment by Security Group
,
Controlling Deployment by Security Group
,
Deploying Windows Service Packs Through Policy
,
Preparing the Policy Environment
,
Deploying Office Administrative Template Files
,
Deploying Office Administrative Template Files for the First Time
,
How IPSec Policy Is Deployed
,
Preparing the Group Policy Monitor Installation
design considerations,
Group Policy Design Considerations
,
Group Policy Design Considerations
,
Site Design
,
Physical Design Considerations
,
Remote Access Connection Design Considerations
,
Controlling GPO Processing Performance
Active Directory,
Group Policy Design Considerations
GPO application,
Remote Access Connection Design Considerations
GPO performance,
Controlling GPO Processing Performance
network topology,
Site Design
remote access connection,
Physical Design Considerations
GPMonitor.exe,
Preparing the Group Policy Monitor Installation
GPOs,
Filter GPOs Based on Group Membership
,
Filter GPOs Based on Group Membership
,
Naming GPOs
best practices,
Filter GPOs Based on Group Membership
testing,
Naming GPOs
IPSec policy,
How IPSec Policy Is Deployed
Office 2003 Administrative Templates,
Preparing the Policy Environment
,
Deploying Office Administrative Template Files
,
Deploying Office Administrative Template Files for the First Time
initial deployment steps,
Deploying Office Administrative Template Files
updates,
Deploying Office Administrative Template Files for the First Time
security templates,
Deploying Security Templates
,
Deploying Security Templates
,
Importing Security Templates Into GPOs
,
Importing Security Templates Into GPOs
,
Using the Security Configuration Wizard and the scwcmd Command
importing in GPOs,
Deploying Security Templates
secedit.exe tool,
Importing Security Templates Into GPOs
Security Configuration and Analysis tool,
Importing Security Templates Into GPOs
Security Configuration Wizard and scwcmd command,
Using the Security Configuration Wizard and the scwcmd Command
software,
What Limitations Apply
,
Configuring the Software Deployment
,
Deploying the Software Using a Windows Installer File
,
Controlling Deployment by Security Group
,
Controlling Deployment by Security Group
,
Deploying Windows Service Packs Through Policy
global defaults,
Controlling Deployment by Security Group
management,
Deploying Windows Service Packs Through Policy
non-Windows Installer package files,
Deploying the Software Using a Windows Installer File
planning,
What Limitations Apply
Windows Installer packages,
Configuring the Software Deployment
Designated File Types policy,
Viewing and Configuring Designated File Types
Designated File Types Properties dialog box,
Viewing and Configuring Designated File Types
designs,
Group Policy Design Considerations
,
Group Policy Design Considerations
,
Group Policy Design Considerations
,
Active Directory Operating System File Storage Location
,
Active Directory Operating System File Storage Location
,
Active Directory Operating System File Storage Location
,
Organizational Unit Design
,
Site Design
,
Physical Design Considerations
,
Remote Access Connection Design Considerations
,
GPO Application Design Considerations
,
Cross-Domain GPO Linking
,
Cross-Domain GPO Linking
,
Synchronous and Asynchronous Processing
,
Fast Logon Optimization
,
Additional GPO Design Considerations
,
Monolithic vs. Functional
,
Controlling GPO Processing Performance
,
Controlling GPO Processing Performance
,
Performance Tips
,
Performance Tips
,
Link GPOs to Organizational Units
,
Link GPOs to Organizational Units
,
Optimize the Background Refresh Interval
,
Optimize the Background Refresh Interval
,
Configure Asynchronous Processing
,
Configure Asynchronous Processing
Active Directory,
Group Policy Design Considerations
,
Group Policy Design Considerations
,
Active Directory Operating System File Storage Location
,
Active Directory Operating System File Storage Location
,
Active Directory Operating System File Storage Location
,
Organizational Unit Design
database storage location,
Group Policy Design Considerations
directory replication,
Active Directory Operating System File Storage Location
OUs (organizational units),
Active Directory Operating System File Storage Location
sites,
Organizational Unit Design
system file storage location,
Active Directory Operating System File Storage Location
GPO application,
Remote Access Connection Design Considerations
,
GPO Application Design Considerations
,
Cross-Domain GPO Linking
,
Cross-Domain GPO Linking
,
Synchronous and Asynchronous Processing
,
Fast Logon Optimization
,
Additional GPO Design Considerations
,
Monolithic vs. Functional
cross-domain linking,
Cross-Domain GPO Linking
custom settings,
Monolithic vs. Functional
Fast Logon Optimization policy,
Synchronous and Asynchronous Processing
inheritance modification,
Fast Logon Optimization
monolithic vs. functional,
Additional GPO Design Considerations
site, domain, OU linking,
GPO Application Design Considerations
synchronous and asynchronous processing,
Cross-Domain GPO Linking
GPO performance,
Controlling GPO Processing Performance
,
Controlling GPO Processing Performance
,
Performance Tips
,
Performance Tips
,
Link GPOs to Organizational Units
,
Link GPOs to Organizational Units
,
Optimize the Background Refresh Interval
,
Optimize the Background Refresh Interval
,
Configure Asynchronous Processing
,
Configure Asynchronous Processing
asynchronous processing configuration,
Optimize the Background Refresh Interval
common issues,
Controlling GPO Processing Performance
configuring script timeout,
Optimize the Background Refresh Interval
disabling unused sections,
Link GPOs to Organizational Units
filtering based on group membership,
Configure Asynchronous Processing
limiting loopback processing,
Configure Asynchronous Processing
linking to OUs,
Performance Tips
optimizing background refresh interval,
Link GPOs to Organizational Units
reducing settings,
Performance Tips
network topology,
Site Design
remote access connection,
Physical Design Considerations
Desktop,
Using Group Policy for Administration
,
Using Group Policy for Administration
,
Understanding User Profiles and Group Policy
,
Understanding Folder Redirection
Administrative Templates,
Using Group Policy for Administration
profile folder redirection,
Understanding Folder Redirection
user profile,
Understanding User Profiles and Group Policy
Details dialog box,
Customizing Favorites and Links
detection,
Enabling and Configuring Automatic Updates
,
Enabling and Configuring Automatic Updates
,
Policies That Apply over Slow Links
,
Slow Link Detection Group Policy Settings
,
Slow Network Connection Timeout for User Profiles
,
Slow Network Connection Timeout for User Profiles
,
Do Not Detect Slow Network Connections
,
Do Not Detect Slow Network Connections
,
Configure Slow Link Speed
frequencies, Automatic Updates,
Enabling and Configuring Automatic Updates
slow link settings,
Policies That Apply over Slow Links
,
Slow Link Detection Group Policy Settings
,
Slow Network Connection Timeout for User Profiles
,
Slow Network Connection Timeout for User Profiles
,
Do Not Detect Slow Network Connections
,
Do Not Detect Slow Network Connections
,
Configure Slow Link Speed
Configure Slow Link Speed setting,
Do Not Detect Slow Network Connections
CSE (client-side extension),
Configure Slow Link Speed
Do Not Detect Slow Network Connections setting,
Slow Network Connection Timeout for User Profiles
Group Policy Slow Link Detection setting,
Slow Link Detection Group Policy Settings
Prompt User When Slow Link Is Detected setting,
Do Not Detect Slow Network Connections
Slow Network Connection Timeout for User Profiles setting,
Slow Network Connection Timeout for User Profiles
devices, mapping using Terminal Services,
Creating Individual Favorites and Links
,
Deploying a New Version of an Application
,
Allow Reconnection From Original Client Only
,
Allow Audio Redirection
,
Allow Audio Redirection
,
Allow Audio Redirection
,
Do Not Allow LPT Port Redirection
,
Do Not Allow LPT Port Redirection
,
Do Not Allow LPT Port Redirection
,
Tips for Importing .adm Files
Allow Audio Redirection setting,
Allow Audio Redirection
dialog boxes,
Creating Individual Favorites and Links
,
Deploying a New Version of an Application
,
Tips for Importing .adm Files
Browse For A Group Policy Object,
Deploying a New Version of an Application
Browse For Folder,
Creating Individual Favorites and Links
Policy Templates,
Tips for Importing .adm Files
Do Not Allow Client Printer Redirection setting,
Allow Audio Redirection
Do Not Allow COM Port Redirection setting,
Allow Audio Redirection
Do Not Allow Drive Redirection setting,
Do Not Allow LPT Port Redirection
Do Not Allow LPT Port Redirection setting,
Do Not Allow LPT Port Redirection
Do Not Set Default Client Printer To Be Default Printer In A Session setting,
Do Not Allow LPT Port Redirection
Devices, Prevent users from installing printer drivers setting,
Local Policies
DFS (Distributed File System),
Verifying the Computer and User Account Configuration
DHCP servers, allocating incorrect DNS information,
DHCP Servers Allocating Incorrect DNS Information
dialog boxes,
Understanding Group Policy Settings and Options
,
Accessing Local Group Policy on the Local Computer
,
Accessing Local Group Policy on the Local Computer
,
Accessing Local Group Policy on the Local Computer
,
Creating and Linking GPOs for Sites
,
Creating and Linking a Domain GPO as a Single Operation
,
Determining and Assigning GPO Creation Rights
,
Delegating Control for Working with GPOs
,
Delegating Control for Working with GPOs
,
Filtering Techniques for Policy Settings
,
Search Techniques for Policy Objects, Links, and Settings
,
Filtering by Security Group, User, or Computer
,
Modeling Group Policy for Planning Purposes
,
Modeling Group Policy for Planning Purposes
,
Copying Policy Objects and Their Settings
,
Backing Up GPOs
,
Backing Up GPOs
,
Restoring Policy Objects
,
Restoring Policy Objects
,
Restoring Policy Objects
,
Determining the Effective Group Policy Settings and Last Refresh
,
Security Templates Snap-in
,
Security Configuration and Analysis
,
Preventing Access to Drives in Windows Explorer and Related Views
,
Modifying the Way Profile Data Can Be Accessed
,
Modifying the Way Profile Data Can Be Accessed
,
Modifying the Way Profile Data Can Be Accessed
,
Modifying the Way Profile Data Can Be Accessed
,
Customizing the Internet Explorer Interface
,
Customizing Logos
,
Customizing Buttons and Toolbars
,
Customizing Buttons and Toolbars
,
Customizing Buttons and Toolbars
,
Customizing Favorites and Links
,
Customizing Favorites and Links
,
Configuring Global Default Programs
,
Configuring Global Default Programs
,
Deploying Connection Settings Through Group Policy
,
Deploying Connection Settings Through Group Policy
,
Deploying Proxy Settings Through Group Policy
,
Configuring the Internet Security Zone
,
Configuring the Local Intranet Zone
,
Configuring the Local Intranet Zone
,
Configuring the Trusted Sites Security Zone
,
Configuring the Restricted Sites Security Zone
,
Deploying the Software Using a Windows Installer File
,
Deploying the Software Using a ZAP File
,
Changing the Deployment Type and Installation Options
,
Adding, Modifying, and Removing Application Categories
,
Deploying a New Version of an Application
,
Controlling Deployment by Security Group
,
Setting Global Deployment Defaults
,
Maintaining Deployed Applications
,
Viewing and Configuring Designated File Types
,
Configuring Trust Publishers Policy
,
Using Certificate Rules
,
Using Hash Rules
,
Deploying Office Administrative Template Files
,
Deploying Office Administrative Template Files
,
Updating Previously Deployed Office-Related Policy Templates
,
Step 1: Determining the Menu Item ID
,
Configuring Outlook Security Options
,
Defining Security Rules and Actions
,
Creating and Managing IP Filter Lists
,
Creating and Managing IP Filter Lists
,
Creating and Managing Filter Actions
,
Creating and Managing Filter Actions
,
Creating and Managing Filter Actions
,
Enabling and Disabling Windows Firewall with Group Policy
,
Examining Attributes of groupPolicyContainer Objects
,
Tips for Importing .adm Files
,
Raw Security Template INF Files
,
Raw Security Template INF Files
,
Administrative Tools
,
Administrative Tools
Add Group Or User,
Delegating Control for Working with GPOs
Add Item,
Configuring Outlook Security Options
Add Standalone Snap-in,
Accessing Local Group Policy on the Local Computer
,
Security Templates Snap-in
,
Creating and Managing Filter Actions
,
Examining Attributes of groupPolicyContainer Objects
Add Upgrade Package,
Deploying a New Version of an Application
Add/Remove Snap-in,
Security Configuration and Analysis
,
Creating and Managing Filter Actions
,
Raw Security Template INF Files
Add/Remove Templates,
Deploying Office Administrative Template Files
,
Tips for Importing .adm Files
Advanced Security Settings For,
Modifying the Way Profile Data Can Be Accessed
Advanced Software Deployment Options,
Changing the Deployment Type and Installation Options
Back Up Group Policy Object,
Backing Up GPOs
Backup,
Backing Up GPOs
Browse For A Group Policy Object,
Accessing Local Group Policy on the Local Computer
Browse For Folder,
Restoring Policy Objects
Browser Title,
Customizing the Internet Explorer Interface
Browser Toolbar Button Information,
Customizing Buttons and Toolbars
Browser Toolbar Customizations,
Customizing Buttons and Toolbars
Choose Computer Container,
Modeling Group Policy for Planning Purposes
Choose User Container,
Modeling Group Policy for Planning Purposes
Confirm File Replace,
Updating Previously Deployed Office-Related Policy Templates
Connection Settings,
Deploying Connection Settings Through Group Policy
Custom Logo,
Customizing Logos
Customize Toolbar,
Customizing Buttons and Toolbars
Deploy Software,
Deploying the Software Using a Windows Installer File
,
Deploying the Software Using a ZAP File
Designated File Types Properties,
Viewing and Configuring Designated File Types
Details,
Customizing Favorites and Links
Edit Rule Properties,
Defining Security Rules and Actions
,
Creating and Managing Filter Actions
Favorites And Links,
Customizing Favorites and Links
Filter Properties,
Creating and Managing IP Filter Lists
Filtering,
Filtering Techniques for Policy Settings
Find Users, Contacts, And Groups,
Administrative Tools
Internet Properties,
Configuring Global Default Programs
,
Configuring the Local Intranet Zone
IP Filter List,
Creating and Managing IP Filter Lists
Local Area Network (LAN) Settings,
Deploying Connection Settings Through Group Policy
Local Intranet,
Configuring the Local Intranet Zone
Manage Backups,
Restoring Policy Objects
New Certificate Rule,
Using Certificate Rules
New GPO,
Creating and Linking GPOs for Sites
,
Copying Policy Objects and Their Settings
New Hash Rule,
Using Hash Rules
New Organizational Unit,
Creating and Linking a Domain GPO as a Single Operation
,
Creating and Linking a Domain GPO as a Single Operation
Permissions Entry For,
Modifying the Way Profile Data Can Be Accessed
Policy Settings,
Preventing Access to Drives in Windows Explorer and Related Views
Policy Templates,
Deploying Office Administrative Template Files
Programs,
Configuring Global Default Programs
Proxy Settings,
Deploying Proxy Settings Through Group Policy
Remove Software,
Maintaining Deployed Applications
Restore,
Restoring Policy Objects
Restricted Sites,
Configuring the Restricted Sites Security Zone
Run,
Understanding Group Policy Settings and Options
,
Raw Security Template INF Files
Search For Group Policy Objects,
Search Techniques for Policy Objects, Links, and Settings
Security Settings,
Filtering by Security Group, User, or Computer
,
Modifying the Way Profile Data Can Be Accessed
,
Configuring the Internet Security Zone
Select Computer,
Accessing Local Group Policy on the Local Computer
,
Determining the Effective Group Policy Settings and Last Refresh
Select Users, Computers, Or Groups,
Determining and Assigning GPO Creation Rights
,
Modifying the Way Profile Data Can Be Accessed
,
Controlling Deployment by Security Group
,
Administrative Tools
Show Contents,
Step 1: Determining the Menu Item ID
Software Installation Properties,
Adding, Modifying, and Removing Application Categories
,
Setting Global Deployment Defaults
Trusted Publishers,
Configuring Trust Publishers Policy
Trusted Sites,
Configuring the Trusted Sites Security Zone
Windows Firewall,
Enabling and Disabling Windows Firewall with Group Policy
Directory service access setting, Local Policies,
Local Policies
directory trees,
Connecting to and Working with GPOs
disabled state, policy settings,
Understanding Group Policy Settings and Options
disabling,
Overriding Inheritance
,
Changing the Refresh Interval
,
Slow Link Detection
,
Active Directory Database Is Corrupt
,
Active Directory Database Is Corrupt
Administrator account,
Active Directory Database Is Corrupt
GPO processing,
Changing the Refresh Interval
inherited policy,
Overriding Inheritance
slow-link detection,
Slow Link Detection
Disallowed and Unrestricted modes, Software Restriction Policies,
Configuring Trust Publishers Policy
Discretionary access control list (DACL), security descriptor,
System Services
Disk Quota Policy Processing policy,
Slow Link Detection
Disk Quota policy, storage setting,
Setting Storage for Folder Redirection Policy
displayName attribute,
Examining Attributes of groupPolicyContainer Objects
,
Examining Attributes of groupPolicyContainer Objects
,
Structure of the Sceregvl.inf File
groupPolicyContainer object,
Examining Attributes of groupPolicyContainer Objects
Sceregvl.inf file,
Structure of the Sceregvl.inf File
DisplayType, Sceregvl.inf file,
Structure of the Sceregvl.inf File
DistinguishedName attribute, groupPolicyContainer object,
Examining Attributes of groupPolicyContainer Objects
Distributed File System (DFS),
Verifying the Computer and User Account Configuration
DNS (Domain Name System),
Using Group Policy for Administration
,
Using Group Policy for Administration
,
Verifying the Computer and User Account Configuration
,
Syncing Group Policy GPC and GPT
GPO application problems,
Syncing Group Policy GPC and GPT
Group Policy,
Using Group Policy for Administration
Do Not Allow Client Printer Redirection setting, Terminal Services device mapping,
Allow Audio Redirection
Do Not Allow COM Port Redirection setting, Terminal Services device mapping,
Allow Audio Redirection
Do Not Allow Drive Redirection setting, Terminal Service device mapping,
Do Not Allow LPT Port Redirection
Do Not Allow Exceptions policy, Windows Firewall,
Managing Firewall Exceptions with Group Policy
Do Not Allow LPT Port Redirection setting, Terminal Service device mapping,
Do Not Allow LPT Port Redirection
Do Not Detect Slow Network Connection settings,
Only Allow Local User Profiles
,
Slow Network Connection Timeout for User Profiles
,
Slow Network Connection Timeout for User Profiles
Do Not Set Default Client Printer To Be Default Printer In A Session setting,
Do Not Allow LPT Port Redirection
documentation, GPOs,
Naming GPOs
domain controller focus,
Accessing Additional Domains
Domain Controller Security Policy tool,
Managing Group Policy Objects
domain controllers,
Managing Group Policy Objects
,
Active Directory Operating System File Storage Location
,
Active Directory Operating System File Storage Location
,
Ports Required for Member Servers
,
Ports Required for Member Servers
,
Domain Controller Security Environment Levels
,
Ports Required for Domain Controllers
,
Checking the GPO Status and Version
,
Solving GPO Administration Problems
,
Domain Controllers Are Not Available
Active Directory, directory replication,
Active Directory Operating System File Storage Location
Domain Controller Security Policy tool,
Managing Group Policy Objects
hardening servers,
Ports Required for Member Servers
,
Ports Required for Member Servers
,
Domain Controller Security Environment Levels
,
Ports Required for Domain Controllers
required ports,
Ports Required for Domain Controllers
security environment,
Ports Required for Member Servers
security settings,
Domain Controller Security Environment Levels
logon, Group Policy,
Checking the GPO Status and Version
PDC Emulator, troubleshooting,
Solving GPO Administration Problems
troubleshooting unavailability,
Domain Controllers Are Not Available
Domain member,
Local Policies
,
Local Policies
,
Local Policies
Digitally encrypt or sign secure channel data (always) setting, Local Policies,
Local Policies
Digitally sign secure channel data (when possible) setting, Local Policies,
Local Policies
Domain Name System,
Using Group Policy for Administration
(see )
Domain Profile, Windows Firewall policy operation,
How Windows Firewall Works
domain-based Group Policy,
Using and Implementing Group Policy
,
Using and Implementing Group Policy
,
Accessing Local Group Policy on a Remote Machine
,
Managing Active Directory–Based Group Policy
,
Installing the GPMC
,
Using the GPMC
,
Connecting to Additional Forests
,
Accessing Additional Domains
,
Accessing Additional Domains
forest function level,
Using and Implementing Group Policy
management,
Accessing Local Group Policy on a Remote Machine
,
Managing Active Directory–Based Group Policy
,
Installing the GPMC
,
Using the GPMC
,
Connecting to Additional Forests
,
Accessing Additional Domains
,
Accessing Additional Domains
accessing additional domains,
Accessing Additional Domains
connecting to additional forests,
Using the GPMC
domain controller focus option setting,
Accessing Additional Domains
GPMC installation,
Managing Active Directory–Based Group Policy
running GPMC,
Installing the GPMC
showing connected forest sites,
Connecting to Additional Forests
domains,
Using and Implementing Group Policy
,
Creating and Linking GPOs for Sites
,
Creating and Linking GPOs for Sites
,
Creating and Then Linking a GPO for a Domain
,
Creating and Linking an OU GPO as a Single Operation
,
Enforcing Inheritance
,
GPO Application Design Considerations
,
GPO Application Design Considerations
,
GPOs Have Two Distinct Sections
,
GPOs Linked to Sites
,
Controlling Terminal Services Through Group Policy on an Individual Computer
enforcing inheritance,
Enforcing Inheritance
GPO linking,
Creating and Linking GPOs for Sites
,
Creating and Linking GPOs for Sites
,
Creating and Then Linking a GPO for a Domain
,
GPO Application Design Considerations
,
GPO Application Design Considerations
,
GPOs Have Two Distinct Sections
Computer Configuration and User Configuration,
GPO Application Design Considerations
creating and linking separately,
Creating and Linking GPOs for Sites
interaction,
GPOs Have Two Distinct Sections
single operation,
Creating and Then Linking a GPO for a Domain
GPOs (Group Policy Objects),
Creating and Linking an OU GPO as a Single Operation
,
Controlling Terminal Services Through Group Policy on an Individual Computer
creation rights,
Creating and Linking an OU GPO as a Single Operation
Terminal Services,
Controlling Terminal Services Through Group Policy on an Individual Computer
linking GPOs,
GPOs Linked to Sites
downloads,
Working with Security Zones and Settings
,
Working with Security Zones and Settings
,
Customizing Office Configurations
Internet security zones,
Working with Security Zones and Settings
Microsoft Office Web site,
Customizing Office Configurations
drives,
Managing File System, Drive, and Windows Explorer Access Options
,
Managing File System, Drive, and Windows Explorer Access Options
,
Hiding Drives in Windows Explorer and Related Views
,
Allow Reconnection From Original Client Only
,
Allow Reconnection From Original Client Only
mapping using Terminal Services,
Allow Reconnection From Original Client Only
Windows Explorer,
Managing File System, Drive, and Windows Explorer Access Options
,
Managing File System, Drive, and Windows Explorer Access Options
,
Hiding Drives in Windows Explorer and Related Views
hiding,
Managing File System, Drive, and Windows Explorer Access Options
preventing access,
Hiding Drives in Windows Explorer and Related Views
DROPDOWNLIST syntax, PART syntax,
Combobox
DumpGPOInfo.wsf script, GPMC prebuilt scripts,
Mirroring Your Production Environment
DumpSOMInfo.wsf script, GPMC prebuilt scripts,
Mirroring Your Production Environment
DVDs, burning feature prevention,
Preventing Access to Drives in Windows Explorer and Related Views
Dw20.adm file, Office 2003 .adm files,
Default .adm Files
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset