Information Technology Reference
In-Depth Information
Activity 7-7: Demonstrating GPO Inheritance Blocking
Time Required:
20 minutes
Objective:
Enable the Block Inheritance option on an OU.
Description:
You want to set some policies for personnel in the Marketing Department.
However, your salespeople need not be subject to these policies, so you must block inheritance
on the Sales OU.
1. Log on to your server as Administrator, if necessary.
2. Open GPMC, and click the
Group Policy Objects
folder. Create a GPO in this folder named
StMenuMktGPO
, using the StartStMenuU Starter GPO you created earlier. (Refer to
Activity 7-6, if you need a reminder of how to create a GPO from a Starter GPO.)
3. In the left pane, right-click
StMenuMktGPO
and click
Edit
. In GPME, click to expand
User
Configuration
, and then navigate to the
Start Menu and Taskbar
node.
4. Set the following policies in the Start Menu and Taskbar node:
• Remove Music icon from Start Menu:
Enabled
• Remove Pictures icon from Start Menu:
Enabled
5. Close GPME. In GPMC, link the
StMenuMktGPO
GPO to the
Marketing
OU. (Refer to
Activity 7-4 for a reminder of how to link GPOs to containers.)
6. Click to expand the
Marketing
OU, if necessary, and then click the
Sales
OU. In the right
pane, click the
Group Policy Inheritance
tab. Notice that Sales is inheriting policies from
both StMenuMktGPO and Default Domain Policy, and StMenuMktGPO has a higher prece-
dence than Default Domain Policy. Leave GPMC open.
7. Log on to the domain from your Vista computer as
salesperson1
with
Password02
.
8. Right-click the taskbar. The taskbar should be locked, and the Lock the Taskbar option
should be disabled. Click
Start
to verify that the Games, Network, Music, and Pictures links
are no longer in the right pane of the Start menu. Remain logged on to your Vista computer.
9. On your server, in the left pane of GPMC, right-click the
Sales
OU under the Marketing OU
and click
Block Inheritance
. Notice that the list of GPOs in the Group Policy Inheritance tab
is empty.
10. On your Vista computer, open a command prompt window. Type
gpupdate
and press
Enter
.
After Gpupdate.exe updates group policies, close the command prompt window. (You can
also log off and back on again to update user policies.)
11. Right-click the taskbar. The Lock the Taskbar option is no longer disabled. Click
Start
. The
links for Games, Network, Music, and Pictures should have been restored.
12. Leave GPMC open, and stay logged on to your server and Vista computer for the next
activity.
7
Activity 7-8: Demonstrating GPO Enforcement
Time Required:
20 minutes
Objective:
Enable the Enforced option on a GPO.
Description:
You have decided that the Start menu policies you configured in your Starter GPO
should be applied to all users in the domain. You create a GPO based on the Starter GPO, link
the new GPO to the domain object, and enforce that GPO. (Refer to Figure 7-12 for the relevant
Active Directory structure.)
1. Log on to your server as Administrator, if necessary.
2. Open GPMC, if necessary, and click the
Group Policy Objects
folder. Create a GPO in
this folder named
StMenuDomainGPO
, using the StartStMenuU Starter GPO you created
earlier.
Search WWH ::
Custom Search