Home Page Icon
Home Page
Table of Contents for
Index
Close
Index
by William R. Stanek, Derek Melber, Darren Mar-Elia, The Microsoft Group Policy Tea
Microsoft® Windows® Group Policy Guide
Microsoft® Windows® Group Policy Guide
A Note Regarding Supplemental Files
About the Authors
Foreword
Introduction
About This Book
Document Conventions
Companion CD
Support Policy
System Requirements
I. Getting Started with Group Policy
1. Overview of Group Policy
Understanding Group Policy
What It Does
How It Works
Using and Implementing Group Policy
Using Group Policy in Workgroups and Domains
Working with Group Policy Objects
Getting Started with Group Policy
Understanding Group Policy Settings and Options
Using Group Policy for Administration
Understanding the Required Infrastructure for Group Policy
DNS and Active Directory
Applying Active Directory Structure to Inheritance
Examining GPO Links and Default GPOs
Understanding GPO Links
Working with Linked GPOs and Default Policy
Working with the Default Domain Policy GPO
Working with the Default Domain Controllers Policy GPO
Summary
2. Working with Group Policy
Navigating Group Policy Objects and Settings
Connecting to and Working with GPOs
Applying Group Policy and Using Resultant Set of Policy
RSoP Walkthrough
Managing Group Policy Objects
Managing Local Group Policy
Accessing Local Group Policy on the Local Computer
Accessing Local Group Policy on a Remote Machine
Managing Active Directory–Based Group Policy
Installing the GPMC
Using the GPMC
Connecting to Additional Forests
Showing Sites in Connected Forests
Accessing Additional Domains
Setting Domain Controller Focus Options
Creating and Linking GPOs
Creating and Linking GPOs for Sites
Creating and Linking GPOs for Domains
Creating and Then Linking a GPO for a Domain
Creating and Linking a Domain GPO as a Single Operation
Creating and Linking GPOs for OUs
Creating OUs in the GPMC
Creating and Then Linking a GPO for an OU
Creating and Linking an OU GPO as a Single Operation
Delegating Privileges for Group Policy Management
Determining and Assigning GPO Creation Rights
Determining Group Policy Management Privileges
Delegating Control for Working with GPOs
Delegating Authority for Managing Links and RSoP
Removing Links and Deleting GPOs
Removing a Link to a GPO
Deleting a GPO Permanently
Summary
3. Advanced Group Policy Management
Searching and Filtering Group Policy
Filtering Policy Settings
Filtering Techniques for Policy Settings
Filtering Policy Settings by Operating System and Application Configuration
Searching Policy Objects, Links, and Settings
Search Techniques for Policy Objects, Links, and Settings
Beginning Your Policy Object, Link, or Setting Search
Filtering by Security Group, User, or Computer
Managing Group Policy Inheritance
Changing Link Order and Precedence
Overriding Inheritance
Blocking Inheritance
Enforcing Inheritance
Managing Group Policy Processing and Refresh
Changing the Refresh Interval
Enabling or Disabling GPO Processing
Changing Policy Processing Preferences
Configuring Slow Link Detection
Slow Link Detection
Configuring Slow Link Detection and Slow Link Policy Processing
Configuring Slow Link and Background Policy Processing
Refreshing Group Policy Manually
Modeling and Maintaining Group Policy
Modeling Group Policy for Planning Purposes
Copying and Importing Policy Objects
Copying Policy Objects and Their Settings
Importing Policy Objects and Their Settings
Backing Up GPOs
Restoring Policy Objects
Determining the Effective Group Policy Settings and Last Refresh
Summary
II. Group Policy Implementation and Scenarios
4. Deploying Group Policy
Group Policy Design Considerations
Active Directory Design Considerations
Active Directory Database Storage Location
Active Directory Operating System File Storage Location
Replication
Organizational Unit Design
Site Design
Physical Design Considerations
Remote Access Connection Design Considerations
GPO Application Design Considerations
Site, Domain, and OU Linking
GPOs Have Two Distinct Sections
Interaction of GPO Application When Linked to Sites, Domains, and OUs
Cross-Domain GPO Linking
Synchronous and Asynchronous Processing
Fast Logon Optimization
GPO Inheritance Modification
Additional GPO Design Considerations
Monolithic vs. Functional
Additional GPO Settings
Controlling GPO Processing Performance
Common Performance Issues
Performance Tips
Reduce the Number of Group Policy Objects
Link GPOs to Organizational Units
Disable Unused Sections of GPOs
Optimize the Background Refresh Interval
Configure a Reasonable Timeout for Scripts
Configure Asynchronous Processing
Limit Use of Loopback
Filter GPOs Based on Group Membership
Best Practices for Deploying GPOs
Choosing the Best Level to Link GPOs
GPOs Linked to Sites
GPOs Linked to Domains
GPOs Linked to OUs
Resources Used by GPOs
Software Installation
Designing GPOs Based on GPO Categories
Limit Enforced and Block Policy Inheritance Options
When to Use Security Filtering
When to Use WMI Filters
Network Topology Considerations
Limiting Administrative Privileges
Naming GPOs
Testing GPOs Before Deployment
Migrating GPOs from Test to Production
Migrating GPOs from Production to Production
Using Migration Tables
Domain-Specific GPO Settings
Migration Table Structure
Source Type
Source Name
Destination Name
Summary
5. Hardening Clients and Servers
Understanding Security Templates
Default Security Templates
Compatws.inf
DC security.inf
Iesacls.inf
Securedc.inf
Securews.inf
Hisecdc.inf
Hisecws.inf
Notssid.inf
Rootsec.inf
Setup Security.inf
Sections of the Security Template
Account Policies
Local Policies
Event Log
Restricted Groups
System Services
Registry
File System
Tools for Accessing, Creating, and Modifying Security Templates
Security Templates Snap-in
Security Configuration and Analysis Snap-in
Security Configuration Wizard
Using the Security Configuration Wizard
Accessing the Security Configuration Wizard
Sections of the Security Configuration Wizard
Role-Based Service Configuration
Network Security
Registry Settings
Audit Policy
Incorporating Security Templates into Security Policies
Best Practices for Using the Security Configuration Wizard
Deploying Security Templates
Importing Security Templates Into GPOs
Using the Security Configuration and Analysis Tool
Using the Secedit.exe Command-Line Tool
Using the Security Configuration Wizard and the scwcmd Command
General Hardening Techniques
Closing Unnecessary Ports
Disabling Unnecessary Services
Tools Used in Hardening Computers
Netstat
Portqry
Server Hardening
Member Servers
OU Design Considerations
Member Server Security Environment Levels
Security Settings for Member Servers
Ports Required for Member Servers
Domain Controllers
Domain Controller Security Environment Levels
Security Settings for Domain Controllers
Ports Required for Domain Controllers
File and Print Servers
Web Servers
Security Settings for Web Servers
Ports Required for Web Servers
Client Hardening
Ports Required for Clients
Restricted Groups for Clients
Client Computers for IT Staff and Administrators
Security Settings for IT Staff and Administrators
Local Services and Software
Local Group Configuration
Client Computers for Help Desk Staff
Security Settings for Help Desk Staff
Local Group Configuration
Troubleshooting
Security Areas and Potential Problems
Tools
Secedit
Security Configuration and Analysis
Gpresult
Resultant Set of Policy
Summary
6. Managing and Maintaining Essential Windows Components
Configuring Application Compatibility Settings
Optimizing Application Compatibility Through Group Policy
Configuring Additional Application Compatibility Settings
Configuring Attachment Manager Settings
Working with Attachment Manager
Configuring Risk Levels and Trust Logic in Group Policy
Configuring Event Viewer Information Requests
Using Event Viewer Information Requests
Customizing Event Details Through Group Policy
Controlling IIS Installation
Configuring Access to and Use of Microsoft Management Console
Blocking Author Mode for MMC
Designating Prohibited and Permitted Snap-ins
Requiring Explicit Permission for All Snap-Ins
Optimizing NetMeeting Security and Features
Configuring NetMeeting Through Group Policy
Enabling Security Center for Use in Domains
Managing Access to Scheduled Tasks and Task Scheduler
Managing File System, Drive, and Windows Explorer Access Options
Hiding Drives in Windows Explorer and Related Views
Preventing Access to Drives in Windows Explorer and Related Views
Removing CD-Burning and DVD-Burning Features in Windows Explorer and Related Views
Removing the Security Tab in Windows Explorer and Related Views
Limiting the Maximum Size of the Recycle Bin
Optimizing the Windows Installer Configuration
Controlling System Restore Checkpoints for Program Installations
Configuring Baseline File Cache Usage
Controlling Rollback File Creation
Elevating User Privileges for Installation
Controlling Per-User Installation and Program Operation
Preventing Installation from Floppy Disk, CD, DVD, and Other Removable Media
Configuring Windows Installer Logging
Optimizing Automatic Updates with Windows Update
Enabling and Configuring Automatic Updates
Controlling Auto Download and Notify for Install
Setting the Automatic Updates Detection Frequency
Optimizing Notify User Installs
Optimizing Scheduled Installs
Blocking Access to Automatic Updates
Designating an Update Server
Summary
7. Managing User Settings and Data
Understanding User Profiles and Group Policy
Configuring Roaming Profiles
Configuring the Network Share for Roaming Profiles
Configuring User Accounts to Use Roaming Profiles
Optimizing User Profile Configurations
Modifying the Way Local and Roaming Profiles Are Used
Only Allow Local User Profiles
Delete Cached Copies of Roaming Profiles
Do Not Detect Slow Network Connection
Log Users Off When Roaming Profile Fails
Prompt User When Slow Link Is Detected
Slow Network Connection Timeout for User Profiles
Timeout for Dialog Boxes
Wait for Remote User Profile
Modifying the Way Profile Data Is Updated and Changed
Modifying the Way Profile Data Can Be Accessed
Limiting Profile Size and Included Folders
Limiting Profile Size
Limiting Folders Included in Profiles
Redirecting User Profile Folders and Data
Understanding Folder Redirection
Configuring Folder Redirection
Using Basic Folder Redirection
Using Advanced Folder Redirection
Configuring Setup, Removal, and Preference Settings for Redirection
Managing Computer and User Scripts
Working with Computer and User Scripts
Configuring Computer Startup and Shutdown Scripts
Configuring User Logon and Logoff Scripts
Controlling Script Visibility
Controlling Script Timeout
Controlling Script Execution and Run Technique
Summary
8. Maintaining Internet Explorer Configurations
Customizing the Internet Explorer Interface
Customizing the Title Bar Text
Customizing Logos
Customizing Buttons and Toolbars
Customizing URLs, Favorites, and Links
Customizing Home, Search, and Support URLs
Customizing Favorites and Links
Creating Individual Favorites and Links
Importing Favorites and Links Lists
Configuring Global Default Programs
Optimizing Connection and Proxy Settings
Deploying Connection Settings Through Group Policy
Deploying Proxy Settings Through Group Policy
Enhancing Internet Explorer Security
Working with Security Zones and Settings
Restricting Security Zone Configuration
Deploying Security Zone Configurations
Configuring the Internet Security Zone
Configuring the Local Intranet Zone
Configuring the Trusted Sites Security Zone
Configuring the Restricted Sites Security Zone
Importing and Deploying the Security Zone Settings
Configuring Additional Policies for Internet Options
Summary
9. Deploying and Maintaining Software Through Group Policy
Understanding Group Policy Software Installation
How Software Installation Works
What You Need to Know to Prepare
How to Set Up the Installation Location
What Limitations Apply
Planning the Software Deployment
Creating Software Deployment GPOs
Configuring the Software Deployment
Deploying Software Through Group Policy
Deploying Software with Windows Installer Packages
Getting the Necessary Windows Installer File
Deploying the Software Using a Windows Installer File
Deploying Software with Non–Windows Installer Packages
Creating the ZAP File
Deploying the Software Using a ZAP File
Configuring Advanced and Global Software Installation Options
Viewing and Setting General Deployment Properties
Changing the Deployment Type and Installation Options
Defining Application Categories
Adding, Modifying, and Removing Application Categories
Adding an Application to a Category
Performing Upgrades
Patching or Installing an Application Service Pack
Deploying a New Version of an Application
Customizing the Installation Package with Transforms
Controlling Deployment by Security Group
Setting Global Deployment Defaults
Deploying Microsoft Office and Service Packs
Deploying Office Through Policy
Choosing a Package Distribution Technique
Using Transforms to Customize an Office Deployment
Selecting a Deployment Mode
Keeping Office Updated
Deploying Windows Service Packs Through Policy
Maintaining Deployed Applications
Removing Deployed Applications
Redeploying Applications
Configuring Software Restriction Policies
Getting Started with Software Restriction Policies
Configuring Enforcement Policy
Viewing and Configuring Designated File Types
Configuring Trust Publishers Policy
Configuring Disallowed and Unrestricted Applications
Configuring Security Rules
Using Certificate Rules
Using Hash Rules
Using Internet Zone Rules
Using Path Rules
Troubleshooting Software Installation Policy
Troubleshooting Steps
Common Software Installation Policy Problems
Summary
10. Managing Microsoft Office Configurations
Introducing Office Configuration Management
Customizing Office Configurations
Downloading and Installing the Tools
Working with the Custom Installation Wizard
Step 1: Create the Administrative Install of Office’s .msi File
Step 2: Use the Custom Installation Wizard for Office Configuration
Step 3: Deploy the Transformed Office Configuration
Working with the Custom Maintenance Wizard
Step 1: Update the Microsoft Office Configuration
Step 2: Deploy the New Configuration of Office
Preparing the Policy Environment
Deploying Office Administrative Template Files
Deploying Office Administrative Template Files for the First Time
Updating Previously Deployed Office-Related Policy Templates
Creating Office Configuration GPOs
Managing Multiple Office Configuration Versions
Managing Office-Related Policy
Working with Office-Related Policy
Examining Global and Application-Specific Settings
Configuring Office-Related Policy Settings
Preventing Users from Changing Office Configurations
Understanding How to Prevent Office Configuration Changes
Disabling Office Menu Items and Options Using Predefined Options
Disabling Office Menu Items and Options Using Custom Options
Step 1: Determining the Menu Item ID
Step 2: Using a Custom Disable Policy
Configuring Notification for Disabled Menu Items and Options
Controlling Default File and Folder Locations
Setting the Default Database Folder Location for Access 2003
Setting the Default File Location for Excel 2003
Setting Default Folder Locations for OneNote 2003
Setting Default Folder Locations for Publisher 2003
Setting Default Folder Locations for Word 2003
Configuring Outlook Security Options
Controlling Office Language Settings
Troubleshooting Office Administrative Template Policy
Summary
11. Maintaining Secure Network Communications
Understanding IPSec Policy
How IPSec Works
How IPSec Policy Is Deployed
When to Use IPSec and IPSec Policy
Managing and Maintaining IPSec Policy
Activating and Deactivating IPSec Policies
Create Additional IPSec Policies
Creating and Assigning the IPSec Policy
Defining Security Rules and Actions
Creating and Managing IP Filter Lists
Creating and Managing Filter Actions
Monitoring IPSec Policy
Deploying Public Key Policies
How Public Key Certificates Work
How Public Key Policies Are Used
Managing Public Key Policy
Understanding Windows Firewall Policy
How Windows Firewall Works
How Windows Firewall Policy Is Used
Managing Windows Firewall Policy
Configuring IPSec Bypass
Enabling and Disabling Windows Firewall with Group Policy
Managing Firewall Exceptions with Group Policy
Disabling the Use of Exceptions
Allowing File and Printer Sharing Exceptions
Allowing Remote Administration Exceptions
Allowing Remote Desktop Exceptions
Allowing UPnP Framework Exceptions
Defining Program Exceptions
Defining ICMP Exceptions
Defining Port Exceptions
Configuring Firewall Notification, Logging, and Response Requests
Prohibiting Notifications
Allowing Logging
Prohibiting Unicast Responses to Multicast or Broadcast Requests
Summary
12. Creating Custom Environments
Loopback Processing
Replace Mode
Merge Mode
Troubleshooting Loopback
Terminal Services
Controlling Terminal Services Through Group Policy on an Individual Computer
Controlling Terminal Services Through Group Policy in a Domain
Configuring Order of Precedence
Configuring Terminal Services User Properties
Best Practices
Configuring License Server Using Group Policy Settings
License Server Security Group
Prevent License Upgrade
Configuring Terminal Services Connections
Limit Number of Connections
Set Client Connection Encryption Level
Secure Server (Require Security)
Start a Program on Connection
Set Rules for Remote Control to Terminal Services User Sessions
Set Time Limit for Disconnected Sessions
Set Time Limit for Active Terminal Services Sessions
Terminate Session When Time Limits Are Reached
Allow Reconnection From Original Client Only
Managing Drive, Printer, and Device Mappings for Clients
Allow Audio Redirection
Do Not Allow COM Port Redirection
Do Not Allow Client Printer Redirection
Do Not Allow LPT Port Redirection
Do Not Allow Drive Redirection
Do Not Set Default Client Printer To Be Default Printer in a Session
Controlling Terminal Services Profiles
Set Path for TS Roaming Profiles
TS User Home Directory
Restrict Terminal Services Users To a Single Remove Session
Only Allow Local User Profiles
Delete Cached Copies of Roaming Profiles
Group Policy over Slow Links
Default Policy Application over Slow Links
Policies That Apply over Slow Links
Slow Link Behavior for RAS Connections
Slow Link Detection Group Policy Settings
Group Policy Slow Link Detection
Slow Network Connection Timeout for User Profiles
Do Not Detect Slow Network Connections
Prompt User When Slow Link Is Detected
Configure Slow Link Speed
Additional Slow Link Detection Settings for Client-Side Extensions
Summary
III. Group Policy Customization
13. Group Policy Structure and Processing
Navigating Group Policy Logical Structure
Working with Group Policy Containers
Examining Attributes of groupPolicyContainer Objects
Examining the Security of groupPolicyContainer Objects
Examining GPO Creation Permissions
Viewing and Setting Default Security for New GPOs
Viewing the defaultSecurityDescriptor Attribute
Modifying the defaultSecurityDescriptor Attribute
Navigating Group Policy Physical Structure
Working with Group Policy Templates
Understanding Group Policy Versioning
Understanding Group Policy Template Security
Navigating Group Policy Link Structure
Examining Group Policy Linking
Viewing the gPLink Attribute
Examining Inheritance Blocking on Links
Understanding Group Policy Security and Links
Understanding Group Policy Processing
Examining Client-Side Extension Processing
Examining Server-Side Extension Processing
Setting Storage for Wireless Network Policy
Setting Storage for Folder Redirection Policy
Setting Storage for Administrative Templates Policy
Setting Storage for Disk Quota Policy
Setting Storage for QoS Packet Scheduler Policy
Setting Storage for Scripts
Setting Storage for Internet Explorer Maintenance Policy
Setting Storage for Security Policy
Setting Storage for Software Installation Policy
Setting Storage for IP Security Policy
Understanding Policy Processing Events
Asynchronous vs. Synchronous Policy Processing
Tracking Policy Application
Tracking Slow Link Detection
Modifying Security Policy Processing
Group Policy History and State Data
Group Policy History Data
Group Policy State Data
Group Membership Data
Navigating Local GPO Structure
Understanding LGPO Creation and Application
Understanding LGPO Structure
Managing and Maintaining LGPOs
Controlling Access to the LGPO
Summary
14. Customizing Administrative Templates
What Is an Administrative Template?
Default .adm Files
Working with .adm Files
Default Installed .adm Files
Tips for Importing .adm Files
Adding .adm Files
Removing .adm Files
Managing .adm Files
Controlling Updated Versions of .adm Files
Turn Off Automatic Updates of ADM Files
Always Use Local ADM Files for Group Policy Editor
Tips for Working with .adm Files
Operating System and Service Pack Release Issues
Policies vs. Preferences
Creating Custom .adm Files
A Simple .adm File
Using .adm File Language
Structure of an .adm File
#if version
Syntax for Updating the Registry
Class
Keyname
Valuename
Valueoff/Valueon
Syntax for Updating the Group Policy Object Editor Interface
Strings
Category
Policy
Part
Checkbox
Clienttext
Combobox
Dropdownlist
Edittext
Listbox
Numeric
Text
Actionlist
Additional Statements in the .adm Template
Comments
Required
Maxlen
Explain
Supported
.adm File String and Tab Limits
Best Practices
Summary
15. Security Templates
Understanding the Security Template Structure
Account Policies
Local Policies
Event Log
Restricted Groups
System Services
Registry
File System
Where Security Template Settings Overlap with GPO Settings
Working with Security Templates
Security Templates Snap-In
Raw Security Template INF Files
Customizing Security Templates
Copying Templates
Creating New Security Templates
Customizing Security Options
Structure of the Sceregvl.inf File
Customizing the Sceregvl.inf File
Getting the Custom Entry to Show Up
Customizing Services in the Security Templates
Getting the Correct Service to Automatically Display
Acquiring the Service Syntax for the Security Template File
Manually Updating Services in the Security Template File
Microsoft Solutions for Security Settings
Summary
IV. Group Policy Troubleshooting
16. Troubleshooting Group Policy
Group Policy Troubleshooting Essentials
Verifying the Core Configuration
Verifying the Network Connection and Configuration
Verifying the Computer Account and Trust
Verifying Time Synchronization
Verifying the Computer and User Account Configuration
Verifying Key Infrastructure Components
Verifying the Scope of Management
Checking the GPO Status and Version
Checking the GPO on the Logon Domain Controller
Checking the GPO Link Status and Order
Checking the GPO Permissions
Checking the Loopback Processing Status of the GPO
Checking for Slow Links
Essential Troubleshooting Tools
Working with Resultant Set of Policy
Navigating the Summary Tab
Navigating the Settings Tab
Navigating the Policy Events Tab
Navigating the Advanced View
Viewing RSoP from the Command Line
Verifying Server-Side GPO Health
Checking the GPC and GPT for Errors
Checking the SYSVOL Permissions
Verifying Specific GPOs
Navigating the GPO Details
Managing RSoP Logs Centrally
Getting Started with Group Policy Monitor
Preparing the Group Policy Monitor Installation
Deploying and Configuring Group Policy Monitor
Viewing Group Policy Monitor Reports
Examining Differences Between Refresh Intervals
Managing Report Log Deletion
Group Policy Logging
Navigating the Application Event Logs
Configuring the Level of Application Logging
Understanding Group Policy Events
Managing Userenv Logging
Configuring the Level of Userenv Logging
Examining the Userenv Logs
Managing Logging for Specific CSEs
Enabling Debug Logging for Windows Installer Policy
Enabling Debug Logging for Folder Redirection Policy
Enabling Debug Logging for Security Policy
Summary
17. Resolving Common Group Policy Problems
Solving GPO Administration Problems
Domain Controller Running the PDC Emulator Is Not Available
Not All Settings Show Up in the Group Policy Editor
Custom Administrative Template Settings Are Not Visible
Administrative Templates and Settings Depend on the Operating System Version
Security Template Settings Are Not Taking Effect
New Custom Security Settings Are Not Displayed
Delegation Restrictions Within the GPMC
Creating GPOs
Linking GPOs
Managing GPOs
Editing GPOs
Viewing GPOs
Group Policy Settings Are Not Being Applied Due to Infrastructure Problems
Domain Controllers Are Not Available
Active Directory Database Is Corrupt
Local Logon vs. Active Directory Logon
SYSVOL Files Are Causing GPO Application Failure
GPO Files Manually Modified Incorrectly
SYSVOL Share Removed
Incorrect Date and Time of GPO Files
Problems with Replication and Convergence of Active Directory and SYSVOL
Syncing Group Policy GPC and GPT
Intrasite Replication
Intersite Replication
DNS Problems Causing GPO Application Problems
DHCP Servers Allocating Incorrect DNS Information
Manual Client Configuration Is Incorrect
SRV Records Have Been Deleted
Solving Implementation Problems
Tracking Down Incorrect GPO Settings
GPO Settings That Can Be Set to Enabled or Disabled
Incorrect Setting Selected
Computer Configuration vs. User Configuration Settings
GPO Links Causing GPO Application Problems
Linking GPOs to Multiple Containers
Administering GPOs that are Linked to Multiple Containers
Accounts Are Not Located in the Correct OU
Reasons That Accounts Are Placed in the Incorrect OU
Wrong Account in OU
Trying to Apply Group Policy Settings to Groups
Linking GPOs to OUs That Contain Only Groups
Setting GPO Security Filtering to Apply GPO Settings to Groups
Conflicting Settings in Two GPOs
Modifying Default GPO Inheritance
Enforcing GPOs
Block Policy Inheritance
Security Filtering
Summary
V. Appendixes
A. Group Policy Reference
Computer Configuration Reference
User Configuration Reference
B. New Features in Windows Server 2003 Service Pack 1
Adprep
Administrative Tools
Internet Explorer Feature Control Settings
Managing Feature Control Settings
Configuring Policies and Preferences
Internet Explorer Administration Kit/Internet Explorer Maintenance
Internet Explorer URL Action Security Settings
Changes to Internet Explorer URL Action Security Settings
Resultant Set of Policy
Changes to RSoP in SP1
Administering Remote RSoP with GPMC SP1
Delegating Access to Group Policy Results
Post-Setup Security Updates
Security Configuration Wizard
Windows Firewall
Changes to Windows Firewall
Changes for Audit Logging
Changes for Netsh Helper
Windows Firewall New Group Policy Support
C. GPMC Scripting
GPMC Scripting Interface Essentials
Understanding the GPMC Scripting Object Model
Creating the Initial GPM Object
Referencing the Domain to Manage
Creating and Linking GPOs
Automating Group Policy Security Management
Using the GPMC’s Prebuilt Scripts
Creating GPOs
Deleting GPOs
Finding Disabled GPOs
Finding GPOs by Security Group
Finding GPOs Without Active Links
Setting GPO Creation Permissions
Setting Other GPO Permissions
Backing Up All GPOs
Backing Up Individual GPOs
Copying GPOs
Importing GPOs
Generating RSoP Reports
Mirroring Your Production Environment
GPMC Prebuilt Script Review
D. Office 2003 Administrative Template Highlights
Microsoft Access 2003
Microsoft Excel 2003
Microsoft FrontPage 2003
Microsoft Clip Organizer 2003
Microsoft InfoPath 2003
Microsoft Office 2003
Microsoft OneNote 2003
Microsoft Outlook 2003
Microsoft PowerPoint 2003
Microsoft Project 2003
Microsoft Publisher 2003
Microsoft Visio 2003
Microsoft Word 2003
Index
About the Authors
Copyright
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Index
Next
Next Chapter
Index
U
updates,
Optimizing Automatic Updates with Windows Update
,
Optimizing Automatic Updates with Windows Update
,
Enabling and Configuring Automatic Updates
,
Optimizing Scheduled Installs
,
Optimizing Scheduled Installs
,
Deploying Office Administrative Template Files for the First Time
,
Removing .adm Files
,
Removing .adm Files
.adm files,
Removing .adm Files
Automatic Updates,
Optimizing Automatic Updates with Windows Update
,
Optimizing Automatic Updates with Windows Update
,
Enabling and Configuring Automatic Updates
,
Optimizing Scheduled Installs
,
Optimizing Scheduled Installs
automatic download and installation process,
Enabling and Configuring Automatic Updates
blocking access,
Optimizing Scheduled Installs
configuring,
Optimizing Automatic Updates with Windows Update
designating update server,
Optimizing Scheduled Installs
Office 2003, Administrative Templates,
Deploying Office Administrative Template Files for the First Time
upgrades,
Deploying Software with Windows Installer Packages
,
Adding an Application to a Category
,
Adding an Application to a Category
,
Performing Upgrades
,
Performing Upgrades
software installation,
Adding an Application to a Category
,
Performing Upgrades
,
Performing Upgrades
new version deployment,
Performing Upgrades
patches and service packs,
Performing Upgrades
Windows Installer packages,
Deploying Software with Windows Installer Packages
UPnP Framework exceptions, Windows Firewall,
Allowing Remote Desktop Exceptions
URL Action settings, Internet Explorer,
Configuring Policies and Preferences
URLs, customizing,
Customizing URLs, Favorites, and Links
,
Customizing URLs, Favorites, and Links
,
Customizing Home, Search, and Support URLs
,
Customizing Home, Search, and Support URLs
favorites,
Customizing Home, Search, and Support URLs
home, search, and support,
Customizing URLs, Favorites, and Links
links,
Customizing Home, Search, and Support URLs
user accounts, OUs troubleshooting,
Administering GPOs that are Linked to Multiple Containers
User Configuration policy, GPT User subfolder,
Working with Group Policy Templates
User Configuration section, GPO linking,
GPO Application Design Considerations
user configuration settings (GPOs),
Incorrect Setting Selected
user data, user profiles,
Understanding User Profiles and Group Policy
User Group Policy Loopback Processing Mode policy,
Changing Policy Processing Preferences
user profiles,
Understanding User Profiles and Group Policy
,
Understanding User Profiles and Group Policy
,
Optimizing User Profile Configurations
,
Optimizing User Profile Configurations
,
Optimizing User Profile Configurations
,
Only Allow Local User Profiles
,
Only Allow Local User Profiles
,
Only Allow Local User Profiles
,
Do Not Detect Slow Network Connection
,
Do Not Detect Slow Network Connection
,
Slow Network Connection Timeout for User Profiles
,
Slow Network Connection Timeout for User Profiles
,
Timeout for Dialog Boxes
,
Timeout for Dialog Boxes
,
Modifying the Way Profile Data Is Updated and Changed
,
Modifying the Way Profile Data Can Be Accessed
,
Limiting Folders Included in Profiles
,
Understanding Folder Redirection
,
Understanding Folder Redirection
data access,
Modifying the Way Profile Data Is Updated and Changed
limiting profile size,
Modifying the Way Profile Data Can Be Accessed
redirecting folders and data,
Limiting Folders Included in Profiles
,
Understanding Folder Redirection
,
Understanding Folder Redirection
basics,
Understanding Folder Redirection
configuration,
Understanding Folder Redirection
update and change modifications,
Timeout for Dialog Boxes
ways used,
Optimizing User Profile Configurations
,
Only Allow Local User Profiles
,
Only Allow Local User Profiles
,
Only Allow Local User Profiles
,
Do Not Detect Slow Network Connection
,
Do Not Detect Slow Network Connection
,
Slow Network Connection Timeout for User Profiles
,
Slow Network Connection Timeout for User Profiles
,
Timeout for Dialog Boxes
Delete Cached Copies Of Roaming Profiles setting,
Only Allow Local User Profiles
Do Not Detect Slow Network Connection setting,
Only Allow Local User Profiles
Log Users Off When Roaming Profile Fails setting,
Do Not Detect Slow Network Connection
Only Allow Local User Profiles setting,
Only Allow Local User Profiles
Prompt User When Slow Link Is Detected setting,
Do Not Detect Slow Network Connection
Slow Network Connection Timeout For User Profiles setting,
Slow Network Connection Timeout for User Profiles
Timeout For Dialog Boxes setting,
Slow Network Connection Timeout for User Profiles
Wait For Remote User Profile setting,
Timeout for Dialog Boxes
User Rights Assignment policy,
Working with the Default Domain Controllers Policy GPO
,
Working with the Default Domain Controllers Policy GPO
,
Account Policies
Default Domain Controllers Policy GPO,
Working with the Default Domain Controllers Policy GPO
Local Policies,
Account Policies
User Rights Assignment settings, local policies,
Local Policies
User subfolder, GPTs,
Working with Group Policy Templates
Userenv logs,
Configuring the Level of Userenv Logging
,
Configuring the Level of Userenv Logging
,
Configuring the Level of Userenv Logging
configuring,
Configuring the Level of Userenv Logging
Group Policy,
Configuring the Level of Userenv Logging
users,
How It Works
,
Understanding Group Policy Settings and Options
,
Determining and Assigning GPO Creation Rights
,
Searching Policy Objects, Links, and Settings
,
Searching Policy Objects, Links, and Settings
,
Beginning Your Policy Object, Link, or Setting Search
,
Enforcing Inheritance
,
Enforcing Inheritance
,
Security Areas and Potential Problems
,
Managing Computer and User Scripts
,
Configuring Computer Startup and Shutdown Scripts
,
Configuring User Logon and Logoff Scripts
,
Controlling Script Visibility
,
Controlling Script Timeout
,
Working with Security Zones and Settings
,
Working with Security Zones and Settings
,
Controlling Terminal Services Through Group Policy in a Domain
,
Controlling Terminal Services Profiles
,
Controlling Terminal Services Profiles
,
Set Path for TS Roaming Profiles
,
Restrict Terminal Services Users To a Single Remove Session
,
Restrict Terminal Services Users To a Single Remove Session
,
Restrict Terminal Services Users To a Single Remove Session
,
Group Policy Reference
authentication, Internet security zones,
Working with Security Zones and Settings
configuration,
Searching Policy Objects, Links, and Settings
,
Enforcing Inheritance
,
Enforcing Inheritance
refresh,
Enforcing Inheritance
searching policy objects,
Searching Policy Objects, Links, and Settings
configuration policies,
Group Policy Reference
controlling Terminal Services profiles,
Controlling Terminal Services Profiles
,
Controlling Terminal Services Profiles
,
Set Path for TS Roaming Profiles
,
Restrict Terminal Services Users To a Single Remove Session
,
Restrict Terminal Services Users To a Single Remove Session
,
Restrict Terminal Services Users To a Single Remove Session
Delete Cached Copies Of Roaming Profiles setting,
Restrict Terminal Services Users To a Single Remove Session
Only Allow Local User Profiles setting,
Restrict Terminal Services Users To a Single Remove Session
Restrict Terminal Services Users To A Single Remove Session setting,
Restrict Terminal Services Users To a Single Remove Session
Set Path For TS Roaming Profiles setting,
Controlling Terminal Services Profiles
TS User Home Directory setting,
Set Path for TS Roaming Profiles
filtering,
Beginning Your Policy Object, Link, or Setting Search
GPOs (Group Policy Objects), creation rights,
Determining and Assigning GPO Creation Rights
policies,
How It Works
rights troubleshooting,
Security Areas and Potential Problems
scripts,
Understanding Group Policy Settings and Options
,
Managing Computer and User Scripts
,
Configuring Computer Startup and Shutdown Scripts
,
Configuring User Logon and Logoff Scripts
,
Controlling Script Visibility
,
Controlling Script Timeout
administration,
Understanding Group Policy Settings and Options
controlling visibility,
Configuring User Logon and Logoff Scripts
execution,
Controlling Script Timeout
logon and logoff,
Configuring Computer Startup and Shutdown Scripts
timeout,
Controlling Script Visibility
searching policy objects,
Searching Policy Objects, Links, and Settings
Terminal Services properties,
Controlling Terminal Services Through Group Policy in a Domain
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset