Home Page Icon
Home Page
Table of Contents for
Index
Close
Index
by William R. Stanek, Derek Melber, Darren Mar-Elia, The Microsoft Group Policy Tea
Microsoft® Windows® Group Policy Guide
Microsoft® Windows® Group Policy Guide
A Note Regarding Supplemental Files
About the Authors
Foreword
Introduction
About This Book
Document Conventions
Companion CD
Support Policy
System Requirements
I. Getting Started with Group Policy
1. Overview of Group Policy
Understanding Group Policy
What It Does
How It Works
Using and Implementing Group Policy
Using Group Policy in Workgroups and Domains
Working with Group Policy Objects
Getting Started with Group Policy
Understanding Group Policy Settings and Options
Using Group Policy for Administration
Understanding the Required Infrastructure for Group Policy
DNS and Active Directory
Applying Active Directory Structure to Inheritance
Examining GPO Links and Default GPOs
Understanding GPO Links
Working with Linked GPOs and Default Policy
Working with the Default Domain Policy GPO
Working with the Default Domain Controllers Policy GPO
Summary
2. Working with Group Policy
Navigating Group Policy Objects and Settings
Connecting to and Working with GPOs
Applying Group Policy and Using Resultant Set of Policy
RSoP Walkthrough
Managing Group Policy Objects
Managing Local Group Policy
Accessing Local Group Policy on the Local Computer
Accessing Local Group Policy on a Remote Machine
Managing Active Directory–Based Group Policy
Installing the GPMC
Using the GPMC
Connecting to Additional Forests
Showing Sites in Connected Forests
Accessing Additional Domains
Setting Domain Controller Focus Options
Creating and Linking GPOs
Creating and Linking GPOs for Sites
Creating and Linking GPOs for Domains
Creating and Then Linking a GPO for a Domain
Creating and Linking a Domain GPO as a Single Operation
Creating and Linking GPOs for OUs
Creating OUs in the GPMC
Creating and Then Linking a GPO for an OU
Creating and Linking an OU GPO as a Single Operation
Delegating Privileges for Group Policy Management
Determining and Assigning GPO Creation Rights
Determining Group Policy Management Privileges
Delegating Control for Working with GPOs
Delegating Authority for Managing Links and RSoP
Removing Links and Deleting GPOs
Removing a Link to a GPO
Deleting a GPO Permanently
Summary
3. Advanced Group Policy Management
Searching and Filtering Group Policy
Filtering Policy Settings
Filtering Techniques for Policy Settings
Filtering Policy Settings by Operating System and Application Configuration
Searching Policy Objects, Links, and Settings
Search Techniques for Policy Objects, Links, and Settings
Beginning Your Policy Object, Link, or Setting Search
Filtering by Security Group, User, or Computer
Managing Group Policy Inheritance
Changing Link Order and Precedence
Overriding Inheritance
Blocking Inheritance
Enforcing Inheritance
Managing Group Policy Processing and Refresh
Changing the Refresh Interval
Enabling or Disabling GPO Processing
Changing Policy Processing Preferences
Configuring Slow Link Detection
Slow Link Detection
Configuring Slow Link Detection and Slow Link Policy Processing
Configuring Slow Link and Background Policy Processing
Refreshing Group Policy Manually
Modeling and Maintaining Group Policy
Modeling Group Policy for Planning Purposes
Copying and Importing Policy Objects
Copying Policy Objects and Their Settings
Importing Policy Objects and Their Settings
Backing Up GPOs
Restoring Policy Objects
Determining the Effective Group Policy Settings and Last Refresh
Summary
II. Group Policy Implementation and Scenarios
4. Deploying Group Policy
Group Policy Design Considerations
Active Directory Design Considerations
Active Directory Database Storage Location
Active Directory Operating System File Storage Location
Replication
Organizational Unit Design
Site Design
Physical Design Considerations
Remote Access Connection Design Considerations
GPO Application Design Considerations
Site, Domain, and OU Linking
GPOs Have Two Distinct Sections
Interaction of GPO Application When Linked to Sites, Domains, and OUs
Cross-Domain GPO Linking
Synchronous and Asynchronous Processing
Fast Logon Optimization
GPO Inheritance Modification
Additional GPO Design Considerations
Monolithic vs. Functional
Additional GPO Settings
Controlling GPO Processing Performance
Common Performance Issues
Performance Tips
Reduce the Number of Group Policy Objects
Link GPOs to Organizational Units
Disable Unused Sections of GPOs
Optimize the Background Refresh Interval
Configure a Reasonable Timeout for Scripts
Configure Asynchronous Processing
Limit Use of Loopback
Filter GPOs Based on Group Membership
Best Practices for Deploying GPOs
Choosing the Best Level to Link GPOs
GPOs Linked to Sites
GPOs Linked to Domains
GPOs Linked to OUs
Resources Used by GPOs
Software Installation
Designing GPOs Based on GPO Categories
Limit Enforced and Block Policy Inheritance Options
When to Use Security Filtering
When to Use WMI Filters
Network Topology Considerations
Limiting Administrative Privileges
Naming GPOs
Testing GPOs Before Deployment
Migrating GPOs from Test to Production
Migrating GPOs from Production to Production
Using Migration Tables
Domain-Specific GPO Settings
Migration Table Structure
Source Type
Source Name
Destination Name
Summary
5. Hardening Clients and Servers
Understanding Security Templates
Default Security Templates
Compatws.inf
DC security.inf
Iesacls.inf
Securedc.inf
Securews.inf
Hisecdc.inf
Hisecws.inf
Notssid.inf
Rootsec.inf
Setup Security.inf
Sections of the Security Template
Account Policies
Local Policies
Event Log
Restricted Groups
System Services
Registry
File System
Tools for Accessing, Creating, and Modifying Security Templates
Security Templates Snap-in
Security Configuration and Analysis Snap-in
Security Configuration Wizard
Using the Security Configuration Wizard
Accessing the Security Configuration Wizard
Sections of the Security Configuration Wizard
Role-Based Service Configuration
Network Security
Registry Settings
Audit Policy
Incorporating Security Templates into Security Policies
Best Practices for Using the Security Configuration Wizard
Deploying Security Templates
Importing Security Templates Into GPOs
Using the Security Configuration and Analysis Tool
Using the Secedit.exe Command-Line Tool
Using the Security Configuration Wizard and the scwcmd Command
General Hardening Techniques
Closing Unnecessary Ports
Disabling Unnecessary Services
Tools Used in Hardening Computers
Netstat
Portqry
Server Hardening
Member Servers
OU Design Considerations
Member Server Security Environment Levels
Security Settings for Member Servers
Ports Required for Member Servers
Domain Controllers
Domain Controller Security Environment Levels
Security Settings for Domain Controllers
Ports Required for Domain Controllers
File and Print Servers
Web Servers
Security Settings for Web Servers
Ports Required for Web Servers
Client Hardening
Ports Required for Clients
Restricted Groups for Clients
Client Computers for IT Staff and Administrators
Security Settings for IT Staff and Administrators
Local Services and Software
Local Group Configuration
Client Computers for Help Desk Staff
Security Settings for Help Desk Staff
Local Group Configuration
Troubleshooting
Security Areas and Potential Problems
Tools
Secedit
Security Configuration and Analysis
Gpresult
Resultant Set of Policy
Summary
6. Managing and Maintaining Essential Windows Components
Configuring Application Compatibility Settings
Optimizing Application Compatibility Through Group Policy
Configuring Additional Application Compatibility Settings
Configuring Attachment Manager Settings
Working with Attachment Manager
Configuring Risk Levels and Trust Logic in Group Policy
Configuring Event Viewer Information Requests
Using Event Viewer Information Requests
Customizing Event Details Through Group Policy
Controlling IIS Installation
Configuring Access to and Use of Microsoft Management Console
Blocking Author Mode for MMC
Designating Prohibited and Permitted Snap-ins
Requiring Explicit Permission for All Snap-Ins
Optimizing NetMeeting Security and Features
Configuring NetMeeting Through Group Policy
Enabling Security Center for Use in Domains
Managing Access to Scheduled Tasks and Task Scheduler
Managing File System, Drive, and Windows Explorer Access Options
Hiding Drives in Windows Explorer and Related Views
Preventing Access to Drives in Windows Explorer and Related Views
Removing CD-Burning and DVD-Burning Features in Windows Explorer and Related Views
Removing the Security Tab in Windows Explorer and Related Views
Limiting the Maximum Size of the Recycle Bin
Optimizing the Windows Installer Configuration
Controlling System Restore Checkpoints for Program Installations
Configuring Baseline File Cache Usage
Controlling Rollback File Creation
Elevating User Privileges for Installation
Controlling Per-User Installation and Program Operation
Preventing Installation from Floppy Disk, CD, DVD, and Other Removable Media
Configuring Windows Installer Logging
Optimizing Automatic Updates with Windows Update
Enabling and Configuring Automatic Updates
Controlling Auto Download and Notify for Install
Setting the Automatic Updates Detection Frequency
Optimizing Notify User Installs
Optimizing Scheduled Installs
Blocking Access to Automatic Updates
Designating an Update Server
Summary
7. Managing User Settings and Data
Understanding User Profiles and Group Policy
Configuring Roaming Profiles
Configuring the Network Share for Roaming Profiles
Configuring User Accounts to Use Roaming Profiles
Optimizing User Profile Configurations
Modifying the Way Local and Roaming Profiles Are Used
Only Allow Local User Profiles
Delete Cached Copies of Roaming Profiles
Do Not Detect Slow Network Connection
Log Users Off When Roaming Profile Fails
Prompt User When Slow Link Is Detected
Slow Network Connection Timeout for User Profiles
Timeout for Dialog Boxes
Wait for Remote User Profile
Modifying the Way Profile Data Is Updated and Changed
Modifying the Way Profile Data Can Be Accessed
Limiting Profile Size and Included Folders
Limiting Profile Size
Limiting Folders Included in Profiles
Redirecting User Profile Folders and Data
Understanding Folder Redirection
Configuring Folder Redirection
Using Basic Folder Redirection
Using Advanced Folder Redirection
Configuring Setup, Removal, and Preference Settings for Redirection
Managing Computer and User Scripts
Working with Computer and User Scripts
Configuring Computer Startup and Shutdown Scripts
Configuring User Logon and Logoff Scripts
Controlling Script Visibility
Controlling Script Timeout
Controlling Script Execution and Run Technique
Summary
8. Maintaining Internet Explorer Configurations
Customizing the Internet Explorer Interface
Customizing the Title Bar Text
Customizing Logos
Customizing Buttons and Toolbars
Customizing URLs, Favorites, and Links
Customizing Home, Search, and Support URLs
Customizing Favorites and Links
Creating Individual Favorites and Links
Importing Favorites and Links Lists
Configuring Global Default Programs
Optimizing Connection and Proxy Settings
Deploying Connection Settings Through Group Policy
Deploying Proxy Settings Through Group Policy
Enhancing Internet Explorer Security
Working with Security Zones and Settings
Restricting Security Zone Configuration
Deploying Security Zone Configurations
Configuring the Internet Security Zone
Configuring the Local Intranet Zone
Configuring the Trusted Sites Security Zone
Configuring the Restricted Sites Security Zone
Importing and Deploying the Security Zone Settings
Configuring Additional Policies for Internet Options
Summary
9. Deploying and Maintaining Software Through Group Policy
Understanding Group Policy Software Installation
How Software Installation Works
What You Need to Know to Prepare
How to Set Up the Installation Location
What Limitations Apply
Planning the Software Deployment
Creating Software Deployment GPOs
Configuring the Software Deployment
Deploying Software Through Group Policy
Deploying Software with Windows Installer Packages
Getting the Necessary Windows Installer File
Deploying the Software Using a Windows Installer File
Deploying Software with Non–Windows Installer Packages
Creating the ZAP File
Deploying the Software Using a ZAP File
Configuring Advanced and Global Software Installation Options
Viewing and Setting General Deployment Properties
Changing the Deployment Type and Installation Options
Defining Application Categories
Adding, Modifying, and Removing Application Categories
Adding an Application to a Category
Performing Upgrades
Patching or Installing an Application Service Pack
Deploying a New Version of an Application
Customizing the Installation Package with Transforms
Controlling Deployment by Security Group
Setting Global Deployment Defaults
Deploying Microsoft Office and Service Packs
Deploying Office Through Policy
Choosing a Package Distribution Technique
Using Transforms to Customize an Office Deployment
Selecting a Deployment Mode
Keeping Office Updated
Deploying Windows Service Packs Through Policy
Maintaining Deployed Applications
Removing Deployed Applications
Redeploying Applications
Configuring Software Restriction Policies
Getting Started with Software Restriction Policies
Configuring Enforcement Policy
Viewing and Configuring Designated File Types
Configuring Trust Publishers Policy
Configuring Disallowed and Unrestricted Applications
Configuring Security Rules
Using Certificate Rules
Using Hash Rules
Using Internet Zone Rules
Using Path Rules
Troubleshooting Software Installation Policy
Troubleshooting Steps
Common Software Installation Policy Problems
Summary
10. Managing Microsoft Office Configurations
Introducing Office Configuration Management
Customizing Office Configurations
Downloading and Installing the Tools
Working with the Custom Installation Wizard
Step 1: Create the Administrative Install of Office’s .msi File
Step 2: Use the Custom Installation Wizard for Office Configuration
Step 3: Deploy the Transformed Office Configuration
Working with the Custom Maintenance Wizard
Step 1: Update the Microsoft Office Configuration
Step 2: Deploy the New Configuration of Office
Preparing the Policy Environment
Deploying Office Administrative Template Files
Deploying Office Administrative Template Files for the First Time
Updating Previously Deployed Office-Related Policy Templates
Creating Office Configuration GPOs
Managing Multiple Office Configuration Versions
Managing Office-Related Policy
Working with Office-Related Policy
Examining Global and Application-Specific Settings
Configuring Office-Related Policy Settings
Preventing Users from Changing Office Configurations
Understanding How to Prevent Office Configuration Changes
Disabling Office Menu Items and Options Using Predefined Options
Disabling Office Menu Items and Options Using Custom Options
Step 1: Determining the Menu Item ID
Step 2: Using a Custom Disable Policy
Configuring Notification for Disabled Menu Items and Options
Controlling Default File and Folder Locations
Setting the Default Database Folder Location for Access 2003
Setting the Default File Location for Excel 2003
Setting Default Folder Locations for OneNote 2003
Setting Default Folder Locations for Publisher 2003
Setting Default Folder Locations for Word 2003
Configuring Outlook Security Options
Controlling Office Language Settings
Troubleshooting Office Administrative Template Policy
Summary
11. Maintaining Secure Network Communications
Understanding IPSec Policy
How IPSec Works
How IPSec Policy Is Deployed
When to Use IPSec and IPSec Policy
Managing and Maintaining IPSec Policy
Activating and Deactivating IPSec Policies
Create Additional IPSec Policies
Creating and Assigning the IPSec Policy
Defining Security Rules and Actions
Creating and Managing IP Filter Lists
Creating and Managing Filter Actions
Monitoring IPSec Policy
Deploying Public Key Policies
How Public Key Certificates Work
How Public Key Policies Are Used
Managing Public Key Policy
Understanding Windows Firewall Policy
How Windows Firewall Works
How Windows Firewall Policy Is Used
Managing Windows Firewall Policy
Configuring IPSec Bypass
Enabling and Disabling Windows Firewall with Group Policy
Managing Firewall Exceptions with Group Policy
Disabling the Use of Exceptions
Allowing File and Printer Sharing Exceptions
Allowing Remote Administration Exceptions
Allowing Remote Desktop Exceptions
Allowing UPnP Framework Exceptions
Defining Program Exceptions
Defining ICMP Exceptions
Defining Port Exceptions
Configuring Firewall Notification, Logging, and Response Requests
Prohibiting Notifications
Allowing Logging
Prohibiting Unicast Responses to Multicast or Broadcast Requests
Summary
12. Creating Custom Environments
Loopback Processing
Replace Mode
Merge Mode
Troubleshooting Loopback
Terminal Services
Controlling Terminal Services Through Group Policy on an Individual Computer
Controlling Terminal Services Through Group Policy in a Domain
Configuring Order of Precedence
Configuring Terminal Services User Properties
Best Practices
Configuring License Server Using Group Policy Settings
License Server Security Group
Prevent License Upgrade
Configuring Terminal Services Connections
Limit Number of Connections
Set Client Connection Encryption Level
Secure Server (Require Security)
Start a Program on Connection
Set Rules for Remote Control to Terminal Services User Sessions
Set Time Limit for Disconnected Sessions
Set Time Limit for Active Terminal Services Sessions
Terminate Session When Time Limits Are Reached
Allow Reconnection From Original Client Only
Managing Drive, Printer, and Device Mappings for Clients
Allow Audio Redirection
Do Not Allow COM Port Redirection
Do Not Allow Client Printer Redirection
Do Not Allow LPT Port Redirection
Do Not Allow Drive Redirection
Do Not Set Default Client Printer To Be Default Printer in a Session
Controlling Terminal Services Profiles
Set Path for TS Roaming Profiles
TS User Home Directory
Restrict Terminal Services Users To a Single Remove Session
Only Allow Local User Profiles
Delete Cached Copies of Roaming Profiles
Group Policy over Slow Links
Default Policy Application over Slow Links
Policies That Apply over Slow Links
Slow Link Behavior for RAS Connections
Slow Link Detection Group Policy Settings
Group Policy Slow Link Detection
Slow Network Connection Timeout for User Profiles
Do Not Detect Slow Network Connections
Prompt User When Slow Link Is Detected
Configure Slow Link Speed
Additional Slow Link Detection Settings for Client-Side Extensions
Summary
III. Group Policy Customization
13. Group Policy Structure and Processing
Navigating Group Policy Logical Structure
Working with Group Policy Containers
Examining Attributes of groupPolicyContainer Objects
Examining the Security of groupPolicyContainer Objects
Examining GPO Creation Permissions
Viewing and Setting Default Security for New GPOs
Viewing the defaultSecurityDescriptor Attribute
Modifying the defaultSecurityDescriptor Attribute
Navigating Group Policy Physical Structure
Working with Group Policy Templates
Understanding Group Policy Versioning
Understanding Group Policy Template Security
Navigating Group Policy Link Structure
Examining Group Policy Linking
Viewing the gPLink Attribute
Examining Inheritance Blocking on Links
Understanding Group Policy Security and Links
Understanding Group Policy Processing
Examining Client-Side Extension Processing
Examining Server-Side Extension Processing
Setting Storage for Wireless Network Policy
Setting Storage for Folder Redirection Policy
Setting Storage for Administrative Templates Policy
Setting Storage for Disk Quota Policy
Setting Storage for QoS Packet Scheduler Policy
Setting Storage for Scripts
Setting Storage for Internet Explorer Maintenance Policy
Setting Storage for Security Policy
Setting Storage for Software Installation Policy
Setting Storage for IP Security Policy
Understanding Policy Processing Events
Asynchronous vs. Synchronous Policy Processing
Tracking Policy Application
Tracking Slow Link Detection
Modifying Security Policy Processing
Group Policy History and State Data
Group Policy History Data
Group Policy State Data
Group Membership Data
Navigating Local GPO Structure
Understanding LGPO Creation and Application
Understanding LGPO Structure
Managing and Maintaining LGPOs
Controlling Access to the LGPO
Summary
14. Customizing Administrative Templates
What Is an Administrative Template?
Default .adm Files
Working with .adm Files
Default Installed .adm Files
Tips for Importing .adm Files
Adding .adm Files
Removing .adm Files
Managing .adm Files
Controlling Updated Versions of .adm Files
Turn Off Automatic Updates of ADM Files
Always Use Local ADM Files for Group Policy Editor
Tips for Working with .adm Files
Operating System and Service Pack Release Issues
Policies vs. Preferences
Creating Custom .adm Files
A Simple .adm File
Using .adm File Language
Structure of an .adm File
#if version
Syntax for Updating the Registry
Class
Keyname
Valuename
Valueoff/Valueon
Syntax for Updating the Group Policy Object Editor Interface
Strings
Category
Policy
Part
Checkbox
Clienttext
Combobox
Dropdownlist
Edittext
Listbox
Numeric
Text
Actionlist
Additional Statements in the .adm Template
Comments
Required
Maxlen
Explain
Supported
.adm File String and Tab Limits
Best Practices
Summary
15. Security Templates
Understanding the Security Template Structure
Account Policies
Local Policies
Event Log
Restricted Groups
System Services
Registry
File System
Where Security Template Settings Overlap with GPO Settings
Working with Security Templates
Security Templates Snap-In
Raw Security Template INF Files
Customizing Security Templates
Copying Templates
Creating New Security Templates
Customizing Security Options
Structure of the Sceregvl.inf File
Customizing the Sceregvl.inf File
Getting the Custom Entry to Show Up
Customizing Services in the Security Templates
Getting the Correct Service to Automatically Display
Acquiring the Service Syntax for the Security Template File
Manually Updating Services in the Security Template File
Microsoft Solutions for Security Settings
Summary
IV. Group Policy Troubleshooting
16. Troubleshooting Group Policy
Group Policy Troubleshooting Essentials
Verifying the Core Configuration
Verifying the Network Connection and Configuration
Verifying the Computer Account and Trust
Verifying Time Synchronization
Verifying the Computer and User Account Configuration
Verifying Key Infrastructure Components
Verifying the Scope of Management
Checking the GPO Status and Version
Checking the GPO on the Logon Domain Controller
Checking the GPO Link Status and Order
Checking the GPO Permissions
Checking the Loopback Processing Status of the GPO
Checking for Slow Links
Essential Troubleshooting Tools
Working with Resultant Set of Policy
Navigating the Summary Tab
Navigating the Settings Tab
Navigating the Policy Events Tab
Navigating the Advanced View
Viewing RSoP from the Command Line
Verifying Server-Side GPO Health
Checking the GPC and GPT for Errors
Checking the SYSVOL Permissions
Verifying Specific GPOs
Navigating the GPO Details
Managing RSoP Logs Centrally
Getting Started with Group Policy Monitor
Preparing the Group Policy Monitor Installation
Deploying and Configuring Group Policy Monitor
Viewing Group Policy Monitor Reports
Examining Differences Between Refresh Intervals
Managing Report Log Deletion
Group Policy Logging
Navigating the Application Event Logs
Configuring the Level of Application Logging
Understanding Group Policy Events
Managing Userenv Logging
Configuring the Level of Userenv Logging
Examining the Userenv Logs
Managing Logging for Specific CSEs
Enabling Debug Logging for Windows Installer Policy
Enabling Debug Logging for Folder Redirection Policy
Enabling Debug Logging for Security Policy
Summary
17. Resolving Common Group Policy Problems
Solving GPO Administration Problems
Domain Controller Running the PDC Emulator Is Not Available
Not All Settings Show Up in the Group Policy Editor
Custom Administrative Template Settings Are Not Visible
Administrative Templates and Settings Depend on the Operating System Version
Security Template Settings Are Not Taking Effect
New Custom Security Settings Are Not Displayed
Delegation Restrictions Within the GPMC
Creating GPOs
Linking GPOs
Managing GPOs
Editing GPOs
Viewing GPOs
Group Policy Settings Are Not Being Applied Due to Infrastructure Problems
Domain Controllers Are Not Available
Active Directory Database Is Corrupt
Local Logon vs. Active Directory Logon
SYSVOL Files Are Causing GPO Application Failure
GPO Files Manually Modified Incorrectly
SYSVOL Share Removed
Incorrect Date and Time of GPO Files
Problems with Replication and Convergence of Active Directory and SYSVOL
Syncing Group Policy GPC and GPT
Intrasite Replication
Intersite Replication
DNS Problems Causing GPO Application Problems
DHCP Servers Allocating Incorrect DNS Information
Manual Client Configuration Is Incorrect
SRV Records Have Been Deleted
Solving Implementation Problems
Tracking Down Incorrect GPO Settings
GPO Settings That Can Be Set to Enabled or Disabled
Incorrect Setting Selected
Computer Configuration vs. User Configuration Settings
GPO Links Causing GPO Application Problems
Linking GPOs to Multiple Containers
Administering GPOs that are Linked to Multiple Containers
Accounts Are Not Located in the Correct OU
Reasons That Accounts Are Placed in the Incorrect OU
Wrong Account in OU
Trying to Apply Group Policy Settings to Groups
Linking GPOs to OUs That Contain Only Groups
Setting GPO Security Filtering to Apply GPO Settings to Groups
Conflicting Settings in Two GPOs
Modifying Default GPO Inheritance
Enforcing GPOs
Block Policy Inheritance
Security Filtering
Summary
V. Appendixes
A. Group Policy Reference
Computer Configuration Reference
User Configuration Reference
B. New Features in Windows Server 2003 Service Pack 1
Adprep
Administrative Tools
Internet Explorer Feature Control Settings
Managing Feature Control Settings
Configuring Policies and Preferences
Internet Explorer Administration Kit/Internet Explorer Maintenance
Internet Explorer URL Action Security Settings
Changes to Internet Explorer URL Action Security Settings
Resultant Set of Policy
Changes to RSoP in SP1
Administering Remote RSoP with GPMC SP1
Delegating Access to Group Policy Results
Post-Setup Security Updates
Security Configuration Wizard
Windows Firewall
Changes to Windows Firewall
Changes for Audit Logging
Changes for Netsh Helper
Windows Firewall New Group Policy Support
C. GPMC Scripting
GPMC Scripting Interface Essentials
Understanding the GPMC Scripting Object Model
Creating the Initial GPM Object
Referencing the Domain to Manage
Creating and Linking GPOs
Automating Group Policy Security Management
Using the GPMC’s Prebuilt Scripts
Creating GPOs
Deleting GPOs
Finding Disabled GPOs
Finding GPOs by Security Group
Finding GPOs Without Active Links
Setting GPO Creation Permissions
Setting Other GPO Permissions
Backing Up All GPOs
Backing Up Individual GPOs
Copying GPOs
Importing GPOs
Generating RSoP Reports
Mirroring Your Production Environment
GPMC Prebuilt Script Review
D. Office 2003 Administrative Template Highlights
Microsoft Access 2003
Microsoft Excel 2003
Microsoft FrontPage 2003
Microsoft Clip Organizer 2003
Microsoft InfoPath 2003
Microsoft Office 2003
Microsoft OneNote 2003
Microsoft Outlook 2003
Microsoft PowerPoint 2003
Microsoft Project 2003
Microsoft Publisher 2003
Microsoft Visio 2003
Microsoft Word 2003
Index
About the Authors
Copyright
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Index
Next
Next Chapter
Index
S
SACL (System access control list), security descriptor,
System Services
SAM (Security Accounts Manager),
Using Group Policy for Administration
Save Report option (RSoP),
Working with Resultant Set of Policy
Sceregvl.inf file,
Copying Templates
,
Structure of the Sceregvl.inf File
,
Customizing the Sceregvl.inf File
,
Customizing the Sceregvl.inf File
computer registering,
Customizing the Sceregvl.inf File
customizing,
Structure of the Sceregvl.inf File
structure,
Copying Templates
Scheduled Tasks Wizard,
Configuring NetMeeting Through Group Policy
schedules, Task Scheduler,
Configuring NetMeeting Through Group Policy
scope of management (SOM),
Group Policy History and State Data
screen savers, linking GPOs at domain level,
GPOs Linked to Sites
scripts,
Optimize the Background Refresh Interval
,
GPOs Linked to Domains
,
Managing Computer and User Scripts
,
Managing Computer and User Scripts
,
Managing Computer and User Scripts
,
Configuring Computer Startup and Shutdown Scripts
,
Configuring Computer Startup and Shutdown Scripts
,
Configuring User Logon and Logoff Scripts
,
Configuring User Logon and Logoff Scripts
,
Controlling Script Visibility
,
Controlling Script Visibility
,
Controlling Script Timeout
,
Controlling Script Timeout
,
Customizing Buttons and Toolbars
,
Working with Security Zones and Settings
,
GPMC Scripting
,
GPMC Scripting
,
Creating the Initial GPM Object
,
Creating the Initial GPM Object
,
Creating the Initial GPM Object
,
Creating the Initial GPM Object
,
Creating and Linking GPOs
,
Automating Group Policy Security Management
,
GPMC Prebuilt Script Review
computer,
Managing Computer and User Scripts
,
Configuring Computer Startup and Shutdown Scripts
,
Configuring User Logon and Logoff Scripts
,
Controlling Script Visibility
,
Controlling Script Timeout
controlling visibility,
Configuring User Logon and Logoff Scripts
execution,
Controlling Script Timeout
startup and shutdown,
Configuring Computer Startup and Shutdown Scripts
timeout,
Controlling Script Visibility
configuring timeout,
Optimize the Background Refresh Interval
GPMC,
GPMC Scripting
,
GPMC Scripting
,
Creating the Initial GPM Object
,
Creating the Initial GPM Object
,
Creating the Initial GPM Object
,
Creating the Initial GPM Object
,
Creating and Linking GPOs
,
Automating Group Policy Security Management
,
GPMC Prebuilt Script Review
automating security management,
Creating and Linking GPOs
creating GPOs,
Creating the Initial GPM Object
creating initial GPM object,
Creating the Initial GPM Object
linking GPOs,
Creating the Initial GPM Object
prebuilts,
Automating Group Policy Security Management
,
GPMC Prebuilt Script Review
referencing domain to manage,
Creating the Initial GPM Object
scripting object model,
GPMC Scripting
Internet Explorer, customizing,
Customizing Buttons and Toolbars
Internet security zones,
Working with Security Zones and Settings
linking GPOs at domain level,
GPOs Linked to Domains
users,
Managing Computer and User Scripts
,
Configuring Computer Startup and Shutdown Scripts
,
Configuring User Logon and Logoff Scripts
,
Controlling Script Visibility
,
Controlling Script Timeout
controlling visibility,
Configuring User Logon and Logoff Scripts
execution,
Controlling Script Timeout
logon and logoff,
Configuring Computer Startup and Shutdown Scripts
timeout,
Controlling Script Visibility
Scripts Policy Processing policy,
Slow Link Detection
Scripts policy, storage setting,
Setting Storage for Disk Quota Policy
scwcmd command, security template deployment,
Using the Security Configuration Wizard and the scwcmd Command
Search For Group Policy Objects dialog box,
Search Techniques for Policy Objects, Links, and Settings
search URLs, customizing,
Customizing URLs, Favorites, and Links
searches, policy objects,
Filtering Policy Settings by Operating System and Application Configuration
,
Searching Policy Objects, Links, and Settings
,
Search Techniques for Policy Objects, Links, and Settings
beginning,
Search Techniques for Policy Objects, Links, and Settings
techniques,
Searching Policy Objects, Links, and Settings
secedit.exe tool,
Importing Security Templates Into GPOs
,
Importing Security Templates Into GPOs
,
Security Areas and Potential Problems
security template deployment,
Importing Security Templates Into GPOs
troubleshooting security settings,
Security Areas and Potential Problems
Securdc.inf template, security template default,
Securedc.inf
Secure Server (Require Security) setting, Terminal Services connections,
Set Client Connection Encryption Level
Securews.inf template, security template default,
Securedc.inf
security,
Using Group Policy for Administration
,
Using Group Policy for Administration
,
Creating and Linking an OU GPO as a Single Operation
,
Searching Policy Objects, Links, and Settings
,
Beginning Your Policy Object, Link, or Setting Search
,
Beginning Your Policy Object, Link, or Setting Search
,
Configuring Slow Link Detection and Slow Link Policy Processing
,
GPOs Linked to Domains
,
Limit Enforced and Block Policy Inheritance Options
,
Hardening Clients and Servers
,
Compatws.inf
,
Compatws.inf
,
Compatws.inf
,
Securedc.inf
,
Securedc.inf
,
Securews.inf
,
Hisecws.inf
,
Hisecws.inf
,
Notssid.inf
,
Notssid.inf
,
Sections of the Security Template
,
Account Policies
,
Event Log
,
Restricted Groups
,
System Services
,
System Services
,
Registry
,
Security Templates Snap-in
,
Security Templates Snap-in
,
Security Configuration and Analysis Snap-in
,
Deploying Security Templates
,
Using the Security Configuration Wizard and the scwcmd Command
,
Using the Security Configuration Wizard and the scwcmd Command
,
Closing Unnecessary Ports
,
Disabling Unnecessary Services
,
Server Hardening
,
Server Hardening
,
Ports Required for Member Servers
,
Ports Required for Domain Controllers
,
Ports Required for Domain Controllers
,
Web Servers
,
Ports Required for Web Servers
,
Client Hardening
,
Ports Required for Clients
,
Ports Required for Clients
,
Local Services and Software
,
Local Group Configuration
,
Local Group Configuration
,
Security Areas and Potential Problems
,
Security Areas and Potential Problems
,
Configuring Additional Application Compatibility Settings
,
Deploying Proxy Settings Through Group Policy
,
Deploying Proxy Settings Through Group Policy
,
Working with Security Zones and Settings
,
Restricting Security Zone Configuration
,
Configuring the Restricted Sites Security Zone
,
Deploying a New Version of an Application
,
Maintaining Secure Network Communications
,
Maintaining Secure Network Communications
,
Managing and Maintaining IPSec Policy
,
Monitoring IPSec Policy
,
Managing Public Key Policy
,
How Windows Firewall Policy Is Used
,
How Windows Firewall Policy Is Used
,
Examining Attributes of groupPolicyContainer Objects
,
Examining the Security of groupPolicyContainer Objects
,
Examining the Security of groupPolicyContainer Objects
,
Examining GPO Creation Permissions
,
Viewing and Setting Default Security for New GPOs
,
Viewing the defaultSecurityDescriptor Attribute
,
Understanding Group Policy Versioning
,
Viewing the gPLink Attribute
,
Understanding the Security Template Structure
,
Where Security Template Settings Overlap with GPO Settings
,
Where Security Template Settings Overlap with GPO Settings
,
Raw Security Template INF Files
,
Raw Security Template INF Files
,
Copying Templates
,
Copying Templates
,
Getting the Custom Entry to Show Up
,
Manually Updating Services in the Security Template File
,
Administrative Templates and Settings Depend on the Operating System Version
,
Block Policy Inheritance
,
Creating and Linking GPOs
administration,
Using Group Policy for Administration
client hardening,
Ports Required for Web Servers
,
Client Hardening
,
Ports Required for Clients
,
Ports Required for Clients
,
Local Services and Software
Help Desk staff,
Local Services and Software
IT staff and administrator computers,
Ports Required for Clients
required ports,
Client Hardening
restricted groups,
Ports Required for Clients
computer hardening,
Using the Security Configuration Wizard and the scwcmd Command
,
Using the Security Configuration Wizard and the scwcmd Command
,
Closing Unnecessary Ports
,
Disabling Unnecessary Services
closing unnecessary ports,
Using the Security Configuration Wizard and the scwcmd Command
disabling unnecessary services,
Closing Unnecessary Ports
tools used,
Disabling Unnecessary Services
defaultSecurityDescriptor attribute,
Examining GPO Creation Permissions
,
Viewing and Setting Default Security for New GPOs
,
Viewing the defaultSecurityDescriptor Attribute
modifying,
Viewing the defaultSecurityDescriptor Attribute
viewing,
Viewing and Setting Default Security for New GPOs
file attachments, Windows Attachment Manager,
Configuring Additional Application Compatibility Settings
filtering,
Limit Enforced and Block Policy Inheritance Options
,
Block Policy Inheritance
GPOs,
Examining the Security of groupPolicyContainer Objects
,
Examining the Security of groupPolicyContainer Objects
,
Viewing the gPLink Attribute
creation permissions,
Examining the Security of groupPolicyContainer Objects
linking,
Viewing the gPLink Attribute
GPT permissions,
Understanding Group Policy Versioning
groupPolicyContainer object,
Examining Attributes of groupPolicyContainer Objects
groups,
Searching Policy Objects, Links, and Settings
,
Beginning Your Policy Object, Link, or Setting Search
,
Beginning Your Policy Object, Link, or Setting Search
filtering,
Beginning Your Policy Object, Link, or Setting Search
searching policy objects,
Searching Policy Objects, Links, and Settings
Internet Explorer,
Deploying Proxy Settings Through Group Policy
,
Deploying Proxy Settings Through Group Policy
,
Working with Security Zones and Settings
,
Restricting Security Zone Configuration
,
Configuring the Restricted Sites Security Zone
deploying configuration,
Restricting Security Zone Configuration
importing zone settings,
Configuring the Restricted Sites Security Zone
restricting setting changes,
Working with Security Zones and Settings
security zone settings,
Deploying Proxy Settings Through Group Policy
management, GPMC automation,
Creating and Linking GPOs
network communications,
Maintaining Secure Network Communications
,
Maintaining Secure Network Communications
,
Managing and Maintaining IPSec Policy
,
Monitoring IPSec Policy
,
Managing Public Key Policy
,
How Windows Firewall Policy Is Used
,
How Windows Firewall Policy Is Used
IPSec policy,
Maintaining Secure Network Communications
managing IPSec policy,
Managing and Maintaining IPSec Policy
managing Windows Firewall policy,
How Windows Firewall Policy Is Used
public key certificates,
Monitoring IPSec Policy
Windows Firewall policy,
Managing Public Key Policy
,
How Windows Firewall Policy Is Used
options, troubleshooting,
Security Areas and Potential Problems
policy refresh,
Configuring Slow Link Detection and Slow Link Policy Processing
privileges, Group Policy management,
Creating and Linking an OU GPO as a Single Operation
server hardening,
Server Hardening
,
Server Hardening
,
Ports Required for Member Servers
,
Ports Required for Domain Controllers
,
Ports Required for Domain Controllers
,
Web Servers
domain controllers,
Ports Required for Member Servers
file server,
Ports Required for Domain Controllers
member servers,
Server Hardening
printer server,
Ports Required for Domain Controllers
Web server,
Web Servers
settings, linking GPOs at domain level,
GPOs Linked to Domains
software installation, modifying on installer file,
Deploying a New Version of an Application
templates,
Hardening Clients and Servers
,
Compatws.inf
,
Compatws.inf
,
Compatws.inf
,
Securedc.inf
,
Securedc.inf
,
Securews.inf
,
Hisecws.inf
,
Hisecws.inf
,
Notssid.inf
,
Notssid.inf
,
Sections of the Security Template
,
Account Policies
,
Event Log
,
Restricted Groups
,
System Services
,
System Services
,
Registry
,
Security Templates Snap-in
,
Security Templates Snap-in
,
Security Configuration and Analysis Snap-in
,
Deploying Security Templates
,
Understanding the Security Template Structure
,
Where Security Template Settings Overlap with GPO Settings
,
Where Security Template Settings Overlap with GPO Settings
,
Raw Security Template INF Files
,
Raw Security Template INF Files
,
Copying Templates
,
Copying Templates
,
Getting the Custom Entry to Show Up
,
Manually Updating Services in the Security Template File
,
Administrative Templates and Settings Depend on the Operating System Version
Account Policies section,
Sections of the Security Template
Compatws.inf,
Compatws.inf
copying,
Raw Security Template INF Files
creating new,
Copying Templates
customizing services,
Getting the Custom Entry to Show Up
DC security.inf,
Compatws.inf
deployment,
Deploying Security Templates
Event Log security area,
Event Log
File System section,
Registry
Hisecdc.inf,
Securews.inf
Hisecws.inf,
Hisecws.inf
Iesacls.inf,
Compatws.inf
Local Policies section,
Account Policies
Microsoft settings,
Manually Updating Services in the Security Template File
Notssid.inf,
Hisecws.inf
overlap with GPOs,
Where Security Template Settings Overlap with GPO Settings
raw security .inf files,
Raw Security Template INF Files
Registry section,
System Services
Restricted Groups security,
Restricted Groups
Rootsec.inf,
Notssid.inf
Sceregvl.inf file,
Copying Templates
Securedc.inf,
Securedc.inf
Securews.inf,
Securedc.inf
Security Configuration and Analysis snap-in,
Security Templates Snap-in
Security Configuration Wizard,
Security Configuration and Analysis Snap-in
Security Templates snap-in,
Security Templates Snap-in
,
Where Security Template Settings Overlap with GPO Settings
Setup Security.inf,
Notssid.inf
structure,
Understanding the Security Template Structure
System Services section,
System Services
troubleshooting,
Administrative Templates and Settings Depend on the Operating System Version
troubleshooting,
Local Group Configuration
,
Local Group Configuration
,
Security Areas and Potential Problems
areas of potential problems,
Local Group Configuration
tools,
Security Areas and Potential Problems
Security Accounts Manager (SAM),
Using Group Policy for Administration
Security Configuration and Analysis snap-in,
Security Templates Snap-in
,
Security Configuration and Analysis
Security Configuration and Analysis tool, security template deployment,
Importing Security Templates Into GPOs
Security Configuration Wizard,
Security Configuration and Analysis Snap-in
,
Security Configuration and Analysis Snap-in
,
Sections of the Security Configuration Wizard
,
Incorporating Security Templates into Security Policies
,
Best Practices for Using the Security Configuration Wizard
,
Using the Security Configuration Wizard and the scwcmd Command
,
Post-Setup Security Updates
accessing,
Security Configuration and Analysis Snap-in
best practices,
Best Practices for Using the Security Configuration Wizard
incorporating templates into policies,
Incorporating Security Templates into Security Policies
sections,
Sections of the Security Configuration Wizard
security templates, deployment,
Using the Security Configuration Wizard and the scwcmd Command
Windows Server 2003,
Post-Setup Security Updates
Security Group Membership When Group Policy Was Applied option (RSoP Summary tab),
Navigating the Summary Tab
Security Options,
Working with the Default Domain Controllers Policy GPO
,
Working with the Default Domain Controllers Policy GPO
,
Account Policies
,
Local Policies
Default Domain Controllers Policy GPO,
Working with the Default Domain Controllers Policy GPO
Local Policies,
Account Policies
,
Local Policies
Security Policy,
Setting Storage for Security Policy
,
Modifying Security Policy Processing
,
Enabling Debug Logging for Folder Redirection Policy
,
Enabling Debug Logging for Folder Redirection Policy
debugging logging,
Enabling Debug Logging for Folder Redirection Policy
processing modification,
Modifying Security Policy Processing
storage setting,
Setting Storage for Security Policy
Security Policy Processing policy,
Slow Link Detection
Security Rule Wizard,
Defining Security Rules and Actions
Security Settings dialog box,
Filtering by Security Group, User, or Computer
,
Modifying the Way Profile Data Can Be Accessed
,
Configuring the Internet Security Zone
Security tab, Windows Explorer,
Removing the Security Tab in Windows Explorer and Related Views
Security Templates snap-in,
Security Templates Snap-in
,
Understanding the Security Template Structure
,
Where Security Template Settings Overlap with GPO Settings
Security Zones And Content Ratings policy,
Configuring the Restricted Sites Security Zone
Select Computer dialog box,
Accessing Local Group Policy on the Local Computer
,
Determining the Effective Group Policy Settings and Last Refresh
Select Users, Computers, Or Groups dialog box,
Determining and Assigning GPO Creation Rights
,
Modifying the Way Profile Data Can Be Accessed
,
Controlling Deployment by Security Group
,
Administrative Tools
SendTo folder, user profile,
Understanding User Profiles and Group Policy
server-side extensions, processing architecture,
Examining Client-Side Extension Processing
,
Examining Server-Side Extension Processing
,
Setting Storage for Folder Redirection Policy
,
Setting Storage for Folder Redirection Policy
,
Setting Storage for Folder Redirection Policy
,
Setting Storage for Disk Quota Policy
,
Setting Storage for Disk Quota Policy
,
Setting Storage for Disk Quota Policy
,
Setting Storage for Security Policy
,
Setting Storage for Security Policy
,
Setting Storage for Software Installation Policy
Administrative Templates policy,
Setting Storage for Folder Redirection Policy
Disk Quota policy,
Setting Storage for Folder Redirection Policy
Folder Redirection policy,
Setting Storage for Folder Redirection Policy
Internet Explorer Maintenance policy,
Setting Storage for Disk Quota Policy
IP Security policy,
Setting Storage for Software Installation Policy
QoS Packet Scheduler policy,
Setting Storage for Disk Quota Policy
Scripts policy,
Setting Storage for Disk Quota Policy
Security policy,
Setting Storage for Security Policy
Software Installation policy,
Setting Storage for Security Policy
Wireless Network policy,
Examining Server-Side Extension Processing
server-to-client communications, IPSec,
When to Use IPSec and IPSec Policy
server-to-server communications, IPSec,
How IPSec Policy Is Deployed
servers,
Sections of the Security Configuration Wizard
,
Server Hardening
,
Server Hardening
,
Ports Required for Member Servers
,
Ports Required for Domain Controllers
,
Web Servers
,
Optimizing Scheduled Installs
,
Optimizing Scheduled Installs
Automatic Updates,
Optimizing Scheduled Installs
hardening,
Server Hardening
,
Server Hardening
,
Ports Required for Member Servers
,
Ports Required for Domain Controllers
,
Web Servers
domain controllers,
Ports Required for Member Servers
file server,
Ports Required for Domain Controllers
member servers,
Server Hardening
Web server,
Web Servers
Security Configuration Wizard,
Sections of the Security Configuration Wizard
service packs,
Performing Upgrades
,
Keeping Office Updated
,
Deploying Windows Service Packs Through Policy
,
Deploying Office Administrative Template Files for the First Time
,
Always Use Local ADM Files for Group Policy Editor
,
Always Use Local ADM Files for Group Policy Editor
,
New Features in Windows Server 2003 Service Pack 1
,
Administrative Tools
,
Administrative Tools
,
Configuring Policies and Preferences
,
Changes to Internet Explorer URL Action Security Settings
,
Administering Remote RSoP with GPMC SP1
,
Post-Setup Security Updates
,
Windows Firewall
.adm files,
Always Use Local ADM Files for Group Policy Editor
Microsoft Office deployment,
Keeping Office Updated
Office 2003, Administrative Templates,
Deploying Office Administrative Template Files for the First Time
software upgrades,
Performing Upgrades
Windows,
Deploying Windows Service Packs Through Policy
Windows Server 2003,
New Features in Windows Server 2003 Service Pack 1
,
Administrative Tools
,
Administrative Tools
,
Configuring Policies and Preferences
,
Changes to Internet Explorer URL Action Security Settings
,
Administering Remote RSoP with GPMC SP1
,
Post-Setup Security Updates
,
Windows Firewall
administrative tools,
Administrative Tools
Adprep.exe,
New Features in Windows Server 2003 Service Pack 1
Internet Explorer security settings,
Administrative Tools
Internet Explorer URL Action settings,
Configuring Policies and Preferences
Post-Setup Security Updates,
Administering Remote RSoP with GPMC SP1
RSoP (Resultant Set of Policy),
Changes to Internet Explorer URL Action Security Settings
Security Configuration Wizard,
Post-Setup Security Updates
Windows Firewall,
Windows Firewall
services,
Closing Unnecessary Ports
,
Closing Unnecessary Ports
,
Security Areas and Potential Problems
,
Getting the Custom Entry to Show Up
,
Getting the Custom Entry to Show Up
,
Getting the Custom Entry to Show Up
,
Acquiring the Service Syntax for the Security Template File
disabling, hardening computers,
Closing Unnecessary Ports
security templates,
Getting the Custom Entry to Show Up
,
Getting the Custom Entry to Show Up
,
Getting the Custom Entry to Show Up
,
Acquiring the Service Syntax for the Security Template File
acquiring syntax,
Getting the Custom Entry to Show Up
displaying correct services,
Getting the Custom Entry to Show Up
manually updating,
Acquiring the Service Syntax for the Security Template File
system troubleshooting,
Security Areas and Potential Problems
Set Call Security Options policy, NetMeeting configuration,
Optimizing NetMeeting Security and Features
Set Client Connection Encryption Level setting, Terminal Services connections,
Limit Number of Connections
Set Path For TS Roaming Profiles setting, Terminal Services user profiles,
Controlling Terminal Services Profiles
Set Rules For Remote Control To Terminal Services User Sessions setting,
Start a Program on Connection
Set The Intranet Support Web Page policy, NetMeeting configuration,
Optimizing NetMeeting Security and Features
Set Time Limit For Active Terminal Services Sessions setting,
Set Time Limit for Disconnected Sessions
Set Time Limit For Disconnected Sessions setting, Terminal Services connection,
Set Time Limit for Disconnected Sessions
SetGPOCreationPermissions.wsf script, GPMC prebuilt scripts,
Finding GPOs by Security Group
SetGPOPermissions.wsf script, GPMC prebuilt scripts,
Setting Other GPO Permissions
SetGPOPermissionsBySOM.wsf script, GPMC prebuilt scripts,
GPMC Prebuilt Script Review
SetSOMPermissions.wsf script, GPMC prebuilt scripts,
GPMC Prebuilt Script Review
settings,
Working with Group Policy Objects
,
Searching and Filtering Group Policy
,
Filtering Techniques for Policy Settings
,
Filtering Techniques for Policy Settings
,
Filtering Techniques for Policy Settings
,
Filtering Policy Settings by Operating System and Application Configuration
,
Searching Policy Objects, Links, and Settings
,
Search Techniques for Policy Objects, Links, and Settings
,
Configuring Slow Link Detection and Slow Link Policy Processing
,
Domain Controller Running the PDC Emulator Is Not Available
,
Solving Implementation Problems
,
Reasons That Accounts Are Placed in the Incorrect OU
,
Reasons That Accounts Are Placed in the Incorrect OU
,
Linking GPOs to OUs That Contain Only Groups
filtering,
Searching and Filtering Group Policy
,
Filtering Techniques for Policy Settings
,
Filtering Techniques for Policy Settings
operating system and application configuration,
Filtering Techniques for Policy Settings
techniques,
Searching and Filtering Group Policy
GPOs,
Solving Implementation Problems
,
Reasons That Accounts Are Placed in the Incorrect OU
,
Reasons That Accounts Are Placed in the Incorrect OU
,
Linking GPOs to OUs That Contain Only Groups
applying to groups,
Reasons That Accounts Are Placed in the Incorrect OU
conflicting settings,
Linking GPOs to OUs That Contain Only Groups
troubleshooting,
Solving Implementation Problems
Group Policy,
Working with Group Policy Objects
Group Policy Editor, troubleshooting,
Domain Controller Running the PDC Emulator Is Not Available
policies, forced refresh,
Configuring Slow Link Detection and Slow Link Policy Processing
searching,
Filtering Policy Settings by Operating System and Application Configuration
,
Searching Policy Objects, Links, and Settings
,
Search Techniques for Policy Objects, Links, and Settings
beginning,
Search Techniques for Policy Objects, Links, and Settings
techniques,
Searching Policy Objects, Links, and Settings
Settings tab (RSoP),
Navigating the Summary Tab
Setup Security.inf template, security template default,
Notssid.inf
SetupCommand key,
Creating the ZAP File
shadow copies, redirected folders,
Understanding Folder Redirection
shared folders, Administrative Templates,
Using Group Policy for Administration
Show Contents dialog box,
Step 1: Determining the Menu Item ID
Shut down the system setting, Local Policies,
Local Policies
shutdown scripts,
Understanding Group Policy Settings and Options
,
Configuring Computer Startup and Shutdown Scripts
sites,
Creating and Linking GPOs
,
Organizational Unit Design
,
Organizational Unit Design
,
GPO Application Design Considerations
,
GPO Application Design Considerations
,
GPOs Have Two Distinct Sections
Active Directory design,
Organizational Unit Design
GPO linking,
GPO Application Design Considerations
,
GPO Application Design Considerations
,
GPOs Have Two Distinct Sections
Computer Configuration and User Configuration,
GPO Application Design Considerations
interaction,
GPOs Have Two Distinct Sections
GPO links,
Creating and Linking GPOs
slow link detection,
How It Works
,
Changing Policy Processing Preferences
,
Slow Link Detection
,
Configuring Slow Link Detection and Slow Link Policy Processing
,
Configuring Slow Link Detection and Slow Link Policy Processing
,
Configuring Slow Link Detection and Slow Link Policy Processing
,
Do Not Detect Slow Network Connection
,
Tracking Policy Application
configuration,
Changing Policy Processing Preferences
,
Slow Link Detection
,
Configuring Slow Link Detection and Slow Link Policy Processing
,
Configuring Slow Link Detection and Slow Link Policy Processing
background policy processing,
Configuring Slow Link Detection and Slow Link Policy Processing
basics,
Changing Policy Processing Preferences
policy processing,
Slow Link Detection
disabling,
Do Not Detect Slow Network Connection
Group Policy refresh,
How It Works
processing behavior,
Tracking Policy Application
Slow Network Connection Timeout For User Profiles settings,
Slow Network Connection Timeout for User Profiles
,
Slow Network Connection Timeout for User Profiles
snap-ins, MMC,
Blocking Author Mode for MMC
,
Blocking Author Mode for MMC
,
Designating Prohibited and Permitted Snap-ins
prohibition or permitted designation,
Blocking Author Mode for MMC
requiring permissions,
Designating Prohibited and Permitted Snap-ins
software,
Using Group Policy for Administration
,
Using Group Policy for Administration
,
GPOs Linked to Domains
,
Resources Used by GPOs
,
Understanding Group Policy Software Installation
,
Understanding Group Policy Software Installation
,
How Software Installation Works
,
What You Need to Know to Prepare
,
How to Set Up the Installation Location
,
What Limitations Apply
,
Configuring the Software Deployment
,
Deploying the Software Using a Windows Installer File
,
Deploying the Software Using a Windows Installer File
,
Deploying the Software Using a Windows Installer File
,
Deploying the Software Using a ZAP File
,
Deploying Microsoft Office and Service Packs
,
Deploying Microsoft Office and Service Packs
,
Choosing a Package Distribution Technique
,
Using Transforms to Customize an Office Deployment
,
Keeping Office Updated
,
Deploying Windows Service Packs Through Policy
,
Deploying Windows Service Packs Through Policy
,
Maintaining Deployed Applications
,
Removing Deployed Applications
,
Removing Deployed Applications
,
Using Path Rules
,
Step 2: Use the Custom Installation Wizard for Office Configuration
(see also )
deployment,
What Limitations Apply
,
Configuring the Software Deployment
,
Deploying the Software Using a Windows Installer File
,
Deploying the Software Using a Windows Installer File
non-Windows Installer package files,
Deploying the Software Using a Windows Installer File
planning,
What Limitations Apply
Windows Installer packages,
Configuring the Software Deployment
installation,
Using Group Policy for Administration
,
GPOs Linked to Domains
,
Resources Used by GPOs
,
Understanding Group Policy Software Installation
,
Understanding Group Policy Software Installation
,
How Software Installation Works
,
What You Need to Know to Prepare
,
How to Set Up the Installation Location
,
Deploying the Software Using a ZAP File
administration,
Using Group Policy for Administration
advanced options,
Deploying the Software Using a ZAP File
basics,
Understanding Group Policy Software Installation
customizing installation package,
How Software Installation Works
GPO deployment best practices,
Resources Used by GPOs
limitations,
How to Set Up the Installation Location
linking GPOs at domain level,
GPOs Linked to Domains
location setup,
What You Need to Know to Prepare
management,
Deploying Windows Service Packs Through Policy
,
Maintaining Deployed Applications
,
Removing Deployed Applications
,
Removing Deployed Applications
,
Using Path Rules
redeploy an application,
Removing Deployed Applications
Software Restriction Policies,
Removing Deployed Applications
troubleshooting Software Installation policy,
Using Path Rules
uninstall deployed applications,
Maintaining Deployed Applications
Microsoft Office configuration,
Step 2: Use the Custom Installation Wizard for Office Configuration
Microsoft Office deployment,
Deploying Microsoft Office and Service Packs
,
Deploying Microsoft Office and Service Packs
,
Choosing a Package Distribution Technique
,
Using Transforms to Customize an Office Deployment
,
Keeping Office Updated
administrative vs. nonadministrative installation,
Deploying Microsoft Office and Service Packs
computer assignment method,
Using Transforms to Customize an Office Deployment
service packs and patches,
Keeping Office Updated
transform files,
Choosing a Package Distribution Technique
restriction,
Using Group Policy for Administration
Windows service packs,
Deploying Windows Service Packs Through Policy
Software Installation policy,
Understanding Group Policy Software Installation
,
Understanding Group Policy Software Installation
,
How Software Installation Works
,
What You Need to Know to Prepare
,
How to Set Up the Installation Location
,
Deploying Microsoft Office and Service Packs
,
Deploying Microsoft Office and Service Packs
,
Choosing a Package Distribution Technique
,
Using Transforms to Customize an Office Deployment
,
Keeping Office Updated
,
Deploying Windows Service Packs Through Policy
,
Deploying Windows Service Packs Through Policy
,
Maintaining Deployed Applications
,
Removing Deployed Applications
,
Removing Deployed Applications
,
Using Path Rules
,
Setting Storage for Security Policy
basics,
Understanding Group Policy Software Installation
customizing installation package,
How Software Installation Works
limitations,
How to Set Up the Installation Location
location setup,
What You Need to Know to Prepare
managing installed software,
Deploying Windows Service Packs Through Policy
,
Maintaining Deployed Applications
,
Removing Deployed Applications
,
Removing Deployed Applications
,
Using Path Rules
redeploy an application,
Removing Deployed Applications
Software Restriction Policies,
Removing Deployed Applications
troubleshooting,
Using Path Rules
uninstall deployed applications,
Maintaining Deployed Applications
Microsoft Office deployment,
Deploying Microsoft Office and Service Packs
,
Deploying Microsoft Office and Service Packs
,
Choosing a Package Distribution Technique
,
Using Transforms to Customize an Office Deployment
,
Keeping Office Updated
administrative vs. nonadministrative installation,
Deploying Microsoft Office and Service Packs
computer assignment method,
Using Transforms to Customize an Office Deployment
service packs and patches,
Keeping Office Updated
transform files,
Choosing a Package Distribution Technique
storage setting,
Setting Storage for Security Policy
Windows service packs,
Deploying Windows Service Packs Through Policy
Software Installation Policy Processing policy,
Slow Link Detection
Software Installation Properties dialog box,
Adding, Modifying, and Removing Application Categories
,
Setting Global Deployment Defaults
Software Restriction Policies,
Removing Deployed Applications
,
Configuring Software Restriction Policies
,
Configuring Enforcement Policy
,
Viewing and Configuring Designated File Types
,
Viewing and Configuring Designated File Types
,
Configuring Trust Publishers Policy
,
Configuring Disallowed and Unrestricted Applications
,
Configuring Disallowed and Unrestricted Applications
,
Using Certificate Rules
,
Using Hash Rules
,
Using Internet Zone Rules
Additional Rules policy,
Configuring Disallowed and Unrestricted Applications
,
Configuring Disallowed and Unrestricted Applications
,
Using Certificate Rules
,
Using Hash Rules
,
Using Internet Zone Rules
Certificate rules,
Configuring Disallowed and Unrestricted Applications
hash rules,
Using Certificate Rules
Path rules,
Using Internet Zone Rules
Trusted Zones rule,
Using Hash Rules
configuration,
Configuring Software Restriction Policies
Designated File Types policy,
Viewing and Configuring Designated File Types
Disallowed and Unrestricted modes,
Configuring Trust Publishers Policy
Enforcement policy,
Configuring Enforcement Policy
Trusted Publishers policy,
Viewing and Configuring Designated File Types
Software settings, GPOs (Group Policy Objects),
RSoP Walkthrough
Software Update Services (SUS), linking GPOs to Active Directory sites,
GPOs Linked to Sites
SOM (scope of management),
Group Policy Troubleshooting Essentials
Sp1shell.adm file, Internet Explorer .adm files,
Default .adm Files
SRV records, troubleshooting,
DHCP Servers Allocating Incorrect DNS Information
Standard Profile, Windows Firewall policy operation,
How Windows Firewall Works
Start A Program On Connection setting, Terminal Services connections,
Set Client Connection Encryption Level
Start Menu folder,
Using Group Policy for Administration
,
Using Group Policy for Administration
,
Understanding User Profiles and Group Policy
,
Understanding Folder Redirection
Administrative Templates,
Using Group Policy for Administration
profile folder redirection,
Understanding Folder Redirection
user profile,
Understanding User Profiles and Group Policy
startup scripts,
Understanding Group Policy Settings and Options
,
Configuring Computer Startup and Shutdown Scripts
state data, processing storage,
Group Policy History Data
stateful port filtering, Windows Firewall basics,
Managing Public Key Policy
static logos, Internet Explorer,
Customizing Logos
status states, Group Policy,
Verifying Key Infrastructure Components
Store passwords using reversible encryption setting, Account Policies,
Account Policies
STRINGS syntax, Group Policy Object Editor interface updates,
Valueoff/Valueon
structures,
Navigating Group Policy Logical Structure
,
Navigating Group Policy Logical Structure
,
Examining Attributes of groupPolicyContainer Objects
,
Examining Attributes of groupPolicyContainer Objects
,
Examining the Security of groupPolicyContainer Objects
,
Examining GPO Creation Permissions
,
Navigating Group Policy Physical Structure
,
Working with Group Policy Templates
,
Understanding Group Policy Versioning
,
Understanding Group Policy Versioning
,
Understanding Group Policy Versioning
,
Understanding Group Policy Versioning
,
Viewing the gPLink Attribute
,
Viewing the gPLink Attribute
,
Understanding LGPO Creation and Application
,
Understanding LGPO Creation and Application
,
Understanding the Security Template Structure
,
Understanding the Security Template Structure
,
Account Policies
,
Local Policies
,
Restricted Groups
,
Restricted Groups
,
System Services
,
File System
LGPOs,
Understanding LGPO Creation and Application
link,
Understanding Group Policy Versioning
,
Understanding Group Policy Versioning
,
Viewing the gPLink Attribute
,
Viewing the gPLink Attribute
gPLink attribute,
Understanding Group Policy Versioning
gPOptions attribute,
Viewing the gPLink Attribute
security,
Viewing the gPLink Attribute
logical,
Navigating Group Policy Logical Structure
,
Navigating Group Policy Logical Structure
,
Examining Attributes of groupPolicyContainer Objects
,
Examining Attributes of groupPolicyContainer Objects
,
Examining the Security of groupPolicyContainer Objects
,
Examining GPO Creation Permissions
GPCs,
Navigating Group Policy Logical Structure
GPO creation permissions,
Examining the Security of groupPolicyContainer Objects
groupPolicyContainer object attributes,
Examining Attributes of groupPolicyContainer Objects
groupPolicyContainer object security,
Examining Attributes of groupPolicyContainer Objects
viewing and modifying default security settings,
Examining GPO Creation Permissions
physical,
Navigating Group Policy Physical Structure
,
Working with Group Policy Templates
,
Understanding Group Policy Versioning
,
Understanding Group Policy Versioning
GPT permissions,
Understanding Group Policy Versioning
GPTs,
Navigating Group Policy Physical Structure
versioning,
Working with Group Policy Templates
security templates,
Understanding the Security Template Structure
,
Understanding the Security Template Structure
,
Account Policies
,
Local Policies
,
Restricted Groups
,
Restricted Groups
,
System Services
,
File System
account policies,
Understanding the Security Template Structure
Event Log settings,
Local Policies
File System,
File System
local policies,
Account Policies
Registry,
System Services
Restricted Groups settings,
Restricted Groups
System Services,
Restricted Groups
Subs.adm file, Internet Explorer .adm files,
Default .adm Files
subsequent processing,
How It Works
Summary tab (RSoP),
Working with Resultant Set of Policy
Support Information, software general deployment properties,
Deploying the Software Using a ZAP File
support URLs, customizing,
Customizing URLs, Favorites, and Links
SUPPORTED tag, .adm files,
Explain
,
Supported
SUS (Software Update Services), linking GPOs to Active Directory sites,
GPOs Linked to Sites
synchronization, time verification,
Verifying the Computer Account and Trust
synchronous processing,
Cross-Domain GPO Linking
,
Understanding Policy Processing Events
,
Understanding Policy Processing Events
GPO design,
Cross-Domain GPO Linking
vs. asynchronous processing,
Understanding Policy Processing Events
syncing,
Listbox
System access control list (SACL), security descriptor,
System Services
System events setting, Local Policies,
Local Policies
System Restore, checkpoint control,
Optimizing the Windows Installer Configuration
System Services,
Security Areas and Potential Problems
,
Restricted Groups
,
Restricted Groups
security template,
Restricted Groups
troubleshooting,
Security Areas and Potential Problems
System Services section, security template,
System Services
System.adm file, Administrative Templates,
Default .adm Files
systems,
Using Group Policy for Administration
,
Using Group Policy for Administration
,
Filtering Techniques for Policy Settings
Administrative Templates,
Using Group Policy for Administration
configuration, policy setting filtering,
Filtering Techniques for Policy Settings
SYSVOL files,
Checking the GPC and GPT for Errors
,
Checking the GPC and GPT for Errors
,
SYSVOL Files Are Causing GPO Application Failure
,
GPO Files Manually Modified Incorrectly
checking for errors,
Checking the GPC and GPT for Errors
GPO application failures,
SYSVOL Files Are Causing GPO Application Failure
troubleshooting replication/convergence,
GPO Files Manually Modified Incorrectly
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset