Information Technology Reference
In-Depth Information
For example, to obtain information about user wpanek in a system called STELLACON,
you would use the command gpresult / S STELLACON / USERwpanek .
Through the use of these techniques, you should be able to track down even the most
elusive Group Policy problems. Remember, however, that good troubleshooting skills do
not replace planning adequately and maintaining GPO settings!
Summary
In this chapter, you examined Active Directory's solution to a common headache for many
systems administrators: policy settings. Specifically, I discussed topics that covered Group
Policy.
I covered the fundamentals of Group Policy including its fundamental purpose. You
can use Group Policy to enforce granular permissions for users in an Active Directory
environment. Group policies can restrict and modify the actions allowed for users and
computers within the Active Directory environment.
Certain Group Policy settings may apply to users, computers, or both. Computer settings
affect all users who access the machines to which the policy applies. User settings affect
users regardless of the machines to which they log on.
You learned that you can link Group Policy objects to Active Directory sites, domains,
or OUs. This link determines to which objects the policies apply. GPO links can interact
through inheritance and filtering to result in an effective set of policies.
The chapter covered inheritance and how GPOs filter down. I showed you how to use
the Enforced option on a GPO issued from a parent and how to block a GPO from a child.
You can also use administrative templates to simplify the creation of GPOs. There are
some basic default templates that come with Windows Server 2012 R2.
In addition, administrators can delegate control over GPOs in order to distribute
administrative responsibilities. Delegation is an important concept because it allows for
distributed administration.
You can also deploy software using GPOs. This feature can save time and increase
productivity throughout the entire software management life cycle by automating software
installation and removal on client computers. The Windows Installer offers a more robust
method for managing installation and removal, and applications that support it can take
advantage of new Active Directory features. Make sure you are comfortable using the
Windows Installer.
You learned about publishing applications via Active Directory and the difference
between publishing and assigning applications. You can assign some applications to users
and computers so that they are always available. You can also publish them to users so that
the user can install them with minimal effort when required.
You also learned how to prepare for software deployment. Before your users can take
advantage of automated software installation, you must set up an installation share and
provide the appropriate permissions.
 
Search WWH ::




Custom Search