eBook - ePub
Mastering Windows Group Policy
Control and secure your Active Directory environment with Group Policy
Jordan Krause
This is a test
- 408 pages
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
eBook - ePub
Mastering Windows Group Policy
Control and secure your Active Directory environment with Group Policy
Jordan Krause
DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations
Ă propos de ce livre
Improve and reimagine your organization's security stance, desktop standards, and server administration with centralized management via Group Policy.
Key Features
- Explore advanced filtering techniques for Group Policy Objects
- Interact with Group Policy through GPMC and PowerShell
- Practical guide covering the daily and advanced administration of group policy
Book Description
This book begins with a discussion of the core material any administrator needs to know in order to start working with Group Policy. Moving on, we will also walk through the process of building a lab environment to start testing Group Policy today. Next we will explore the Group Policy Management Console (GPMC) and start using the powerful features available for us within that interface. Once you are well versed with using GPMC, you will learn to perform and manage the traditional core tasks inside Group Policy. Included in the book are many examples and walk-throughs of the different filtering options available for the application of Group Policy settings, as this is the real power that Group Policy holds within your network. You will also learn how you can use Group Policy to secure your Active Directory environment, and also understand how Group Policy preferences are different than policies, with the help of real-world examples. Finally we will spend some time on maintenance and troubleshooting common Group Policy-related issues so that you, as a directory administrator, will understand the diagnosing process for policy settings.
By the end of the book, you will be able to jump right in and use Group Policy to its full potential.
What you will learn
- Become familiar with the Group Policy Management Console
- Create, link, and filter new policies
- Secure your users and devices using Group Policy
- Maintain and troubleshoot Group Policy
- Administer Group Policy via PowerShell
- Control your Active Directory environment efficiently with Group Policy settings
Who this book is for
If you are an IT professional who works with Windows Servers or are interested in an Active Directory environment then this book is for you. General knowledge of Microsoft Windows, how Windows Server fits into an enterprise's infrastructure and also some existing knowledge of an Active Directory domain environment is expected.
Foire aux questions
Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier lâabonnement ». Câest aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via lâapplication. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă la bibliothĂšque et Ă toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode dâabonnement : avec lâabonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă 12 mois dâabonnement mensuel.
Quâest-ce que Perlego ?
Nous sommes un service dâabonnement Ă des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă toute une bibliothĂšque pour un prix infĂ©rieur Ă celui dâun seul livre par mois. Avec plus dâun million de livres sur plus de 1 000 sujets, nous avons ce quâil vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Ăcouter sur votre prochain livre pour voir si vous pouvez lâĂ©couter. Lâoutil Ăcouter lit le texte Ă haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, lâaccĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Mastering Windows Group Policy est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă Mastering Windows Group Policy par Jordan Krause en format PDF et/ou ePUB ainsi quâĂ dâautres livres populaires dans Computer Science et System Administration. Nous disposons de plus dâun million dâouvrages Ă dĂ©couvrir dans notre catalogue.
Informations
Group Policy Maintenance
As we begin to wind down this discussion on Group Policy, we close the chapters regarding the cool capabilities and functionality that exist inside this technology, and turn our attention to ensuring that Group Policy continues to run well in our environments. While maintenance tasks are always less glamorous than creation-type tasks, it is every GP administrator's duty to know how to perform the jobs outlined here.
The following topics will be covered in this chapter:
- Documenting Group Policy
- Searching Group Policy
- Starter GPOs
- Backing up and restoring GPOs
- Implementing ADMX/ADML files
- Delegating permissions to manage Group Policy
Documenting Group Policy
You do not need to write your own book about how Group Policy works in your environment, but the further you get into your journey of implementing GPOs in your organization, the more you will wish that you had followed some good documentation practices from the start. We already discussed naming GPOs according to the settings contained within, as this good practice alone will help tremendously when looking back on these GPOs a year down the road.
Additionally, there are some other things that you could be doing on a regular basis whenever you create a new policy that will help you to flesh out documentation for your AD environment. These items will be particularly useful for any other administrators that log into the domain and attempt to diagnose or otherwise figure out the purposes behind your policies.
Commenting inside GPOs
As we have moved through Group Policy and taken a look at numerous screenshots, you may have noticed some comment fields. Primarily used inside the GPOs, these comments can prove to be invaluable to other administrators who are filling your shoes for a day. Commenting inside policies will also become useful to your future self when you find yourself opening up a policy 2, 3, or 10 years down the road and wondering why in the world you implemented those settings in the first place.
Let's take a look at the places where we can insert comments into GPOs. Launch the GPMC with me, and expand out the Group Policy Objects folder so that we can view all of the GPOs that we have created throughout this book. Then, Edit a GPO to launch GPME. I am going to edit my GPO called Auto-launch Notepad+Calc on login. This policy is already aptly named so that anyone who looks at this policy will be able to guess exactly what it is doing, but we'll flesh out a comment in here anyway to give even more information.
The option to add comments is listed inside each policy setting. So, in order to add a comment appropriate for my policy, I will need to re-navigate to the location of my Run these programs at user logon setting, and double-click on that setting in order to edit it. This is exactly the same screen where we went to create this policy in the first place, so you can see how it makes the most sense to add in these comments on day one, immediately when creating the policy and plugging settings into it.
I am simply going to populate the Comment field with a little bit of useful information. I like to include the date and my initials with the comment. That way, other administrators who log in here and take a look at your policy will have a clear idea about who created this, when they created it, and for what purpose. It is also helpful to include your initials here for searching purposes, which we will review later in this chapter:
Generating a GPO report
Another incredibly useful documentation feature inside GPMC is the ability to export a report for any given GPO. There are two different places from which you can generate this report. On the left tree of the screen, you can simply right-click on any GPO (or even a link to a GPO), and choose Save Report...:
Alternatively, if you are already looking inside the Settings tab for any given GPO, you may also right-click anywhere inside the Settings screen and choose the option to Save Report....
Whichever location you use for clicking on this option, all you need to do is specify a location and name for saving this report, and select whether you want it to be an HTML File or XML File. I like the look and feel of these settings inside HTML, so I am going to select that option:
Now, double-click on the report file in order to open it, and view the data stored inside. The generated report contains information from the Details tab inside the Group Policy, so you can quickly discover whether user or computer configuration settings were disabled. It also shows all of the active links related to this policy. Security Filtering settings and Delegation are listed next. Finally, down at the bottom of the report are all of the settings stored inside this GPO. With the information provided inside this little report file, you could completely recreate your GPO from scratch in the event that it was ever accidentally deleted or modified:
It may be smart to store these reports somewhere centrally. If you take two seconds and create this report immediately after creating any new policy, you will always have a backup "paper" copy of every single one of your GPOs and the settings contained within. You could also create new reports after any change to an existing GPO. In the event of a catastrophic failure of Active Directory or a recovery gone wrong, where you lose GPOs and their settings, you could then utilize these reports in order to rebuild the environment.
Searching Group Policy
We live in a search-driven world. Almost any answer to any question is available at our fingertips, with 5,770,000,000 results presented to us in 0.50 seconds. Are we losing a human element in today's IoT-focused world? Absolutely. Need to change brake pads on your new car? Maybe it used to be the case that you would pick up the phone and call your father or grandfather for some advice, or even to invite them over to help out. Now, there is a good chance that at least 30 different people have YouTube videos walking you through changing those pads, every step of the way. Does your child have an interest in sewing? A common-sense wealth of knowledge on this subject may be your own grandmother or a neighbor down the street, but taking that approach requires time and effort, and it is just easier to find online tutorials that you can start right now, from your cellphone.
I think this is terrible. However, the technology behind the change in behaviors is enormously impressive, and I use it all the time. Online searching is how we "do life" now. If you start using Group Policy to its full extent, I guarantee that you will visit search engines often in order to quickly track down which settings are best suited for your purposes. There is also a search functionality built right into Group Policy, and it is important to know how to utilize these searches to quickly find GPOs or settings in your own environment.
Searching for GPOs
First, let's search for GPOs. Right now, our test lab is small enough that it is pretty easy to identify and find whatever GPO we are looking for within a few seconds of clicking around, but the more you utilize Group Policy, the larger that list of GPOs will grow. Pretty soon, you will forget what policies you put into place. Do you need to implement some new Internet Explorer settings? Do you really want to immediately create a new GPO, when it is possible that there is already an existing GPO full of IE settings? Maybe it would make more sense to modify the existing policy, rather than create a new one. But, did you name that policy starting with Internet Explorer, or something such as Security for IE, or maybe even Much ado about IE settings? Hmm, if we look inside the Group Policy Object's alphabetically-organized folder full of GPOs, we might be here for a while trying to decide whether we have an existing policy that deals with IE settings.
Instead of doing that, simply right-click on the name of your domain (or forest) inside GPMC, and select Search....
There are m...