Information Technology Reference
In-Depth Information
A GPO with few policy settings defined or configured has only a few additional subfolders
and files under the root folder. For example, you have made only a few changes to the Default
Domain Controllers Policy, which is in the folder starting with 6AC1. If you browse the Machine
and User subfolders, you'll likely find only one additional file, GptTmpl.inf. This file contains
settings configured in the Security Settings node under Computer Configuration.
Activity 7-2: Browsing GPTs
Time Required:
15 minutes
Objective:
Browse subfolders and files in a GPT folder.
Description:
You want to get a better idea of how group policies are structured, so you decide
to explore the folders where the GPT component of GPOs is located.
1. Log on to your server as Administrator, if necessary.
2. Open Windows Explorer, and navigate to
C:\Windows\SYSVOL\sysvol\W2K8ADXX.com\
Policies
, where you should see a list of folders similar to Figure 7-3, shown previously.
3. In the left pane, click the folder starting with
6AC1
, which is the Default Domain
Controllers Policy GPT. Double-click the
GPT.ini
file to open it in Notepad. Notice the ver-
sion number, which changes each time the GPO is modified. Exit Notepad.
4. Under the GPT folder, click to expand the
MACHINE\Microsoft\Windows NT\SecEdit
folder. Double-click the
GptTmpl.inf
file to open it in Notepad. Knowing the details of
what's in this or other GPT files isn't important; you just need to know that they exist and
how to find them. You'll probably recognize some information, however. Find the line start-
ing with “SeInteractiveLogonRight,” and you'll see Domain Users in this line. In Activity 3-10,
you added the Domain Users group to the Allow log on locally right, which is the setting
this line pertains to. Exit Notepad.
5. Browse to the third GPT folder (the one that doesn't start with 6AC1 or 31B2), which is
associated with the GPO (TestOUGPO) you created and linked to TestOU in Activity 3-10.
Double-click the
GPT.ini
file and make a note of the version number; you'll compare it to
the GPC version number in the next activity.
6. Click the
User
folder, which contains the Registry.pol file, used to store policy settings that
affect the Registry of the computer to which the policy is applied. Double-click
Registry.pol
.
Windows asks how you want to open the file. Click the
Select a program from a list of
installed programs
option, and then click
OK
.
7. In the list of programs, click
Notepad
. Make sure the
Always use the selected program to
open this kind of file
check box is selected, and then click
OK
. This file contains the key and
value of Registry entries. In this case, the key is related to Windows Explorer, and the value
is NoControlPanel, which is the policy you set in Activity 3-10. Exit Notepad.
8. Close all open windows, but stay logged on for the next activity.
7
Group Policy Containers
A
Group Policy Container (GPC)
is an Active Directory object
stored in the System\Policies folder and can be viewed in Active Directory Users and Computers
with the Advanced Features option enabled. The GPC stores GPO properties and status infor-
mation but no actual policy settings. Like a GPT, the folder name of each GPT is the same as the
GPO's GUID.
A GPC is composed of a considerable number of attributes that you can view in the
Attribute Editor tab of the GPC's Properties dialog box, as shown in Figure 7-4. Although deci-
phering the purpose of each attribute isn't always easy, some information the GPC provides
includes the following:
•
Name of the GPO
—The displayName attribute tells you the name of the GPO the GPC is
associated with.
•
File path to GPT
—The gPCFileSysPath attribute specifies the UNC path to the related
GPT folder.
Search WWH ::
Custom Search