Windows Server Administration/Group Policy

This lesson covers Group Policy. Activities include creating and testing Group Policy objects.

Objectives and Skills
Objectives and skills for the Understanding Active Directory portion of Windows Server Administration Fundamentals certification include:
 * Understand group policy: group policy processing; Group Policy Management Console; computer policies; user policies; local policies

Readings

 * 1)  Group Policy
 * 2) What is Group Policy and How Does it work?
 * 3)  Folder redirection
 * 4) Using Folder Redirection in Group Policy
 * 5) Configure folder redirection to OneDrive
 * 6)  Roaming user profile
 * 7) Deploying Roaming User Profiles

Multimedia

 * 1) YouTube: Introduction to Group Policy in Windows Server 2016
 * 2) YouTube: Group Policy (Part 2 of 4) - Group Policy Desktop Settings
 * 3) YouTube: How to Deploy Software (MSI Packages) Via Group Policy (GPO) | Windows Server 2019
 * 4) YouTube: How to Enable Roaming User Profiles on Windows Server 2019
 * 5) YouTube: Deploy Folder Redirection in Windows Server 2019
 * 6) YouTube: How To Map Network Drives Using Logon Script GPO in Windows Server 2019
 * 7) YouTube: How to change screensaver and timeouts in Group Policy Windows Server 2019

Activities

 * 1) Review  Group Policy and Password Policy in the Default Domain Policy. Configure essential security settings, including Password Policy and Account Lockout Policy.
 * 2) Review Step by Step How to Configure Folder Redirection in Windows Server 2016. Configure and test folder redirection.
 * 3) Review How to Configure Roaming Profile in Windows Environment Step by Step Procedures Configure and test roaming user profiles.  Compare and contrast roaming user profiles with folder redirection.

Lesson Summary

 * Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.


 * Policy settings are defined separately for computers and for users. Computer policies are processed at computer startup.  User policies are processed at user logon.


 * Group Policy objects are processed in the following order: local, site, domain, then organizational unit (OU). Policy settings are inherited from one level to the next unless overridden.


 * Policy inheritance can be blocked at a lower level. But higher level policies can be set as enforced, preventing both the blocking of inheritance and override.


 * Group Policy objects are created and maintained using the Group Policy Management Console.


 * Local policies may be set on individual computers using the Microsoft Management Console Local Security Policy snap-in.


 * By default, Microsoft Windows refreshes its policy settings every 90 - 120 minutes on workstations and member servers and every five minutes on domain controllers. However, some settings are only applied during startup or user logon.


 * Group Policy settings can be refreshed manually using the gpupdate command.


 * The gpresult command may be used to display the Resultant Set of Policy (RSoP) settings for a given computer or user.


 * Folder Redirection provides the ability to automatically reroute file operations from standard local folders (directories) to storage located elsewhere on a network.


 * Folder Redirection allows the saving of user data to centralized network server locations for easier sharing, backup, and recovery.


 * Folder Redirection separates user data from profile data, decreasing the amount of time required to log on when profile data is also stored on a server (roaming profile).


 * Folder Redirection is most often implemented using Group Policy settings.


 * The following user folders may be redirected through Folder Redirection: AppData/Roaming, Contacts, Desktop, Downloads, Favorites, Links, Music, Documents, Pictures, Saved Games, Searches, Start Menu, and Videos..


 * Active Directory supports three types of user profiles: local profiles, roaming profiles, and mandatory profiles. Local profiles are created automatically on each computer where a user logs on.  Roaming profiles are copied to a server share and downloaded to the local computer when users log on.  Mandatory profiles are implemented as read-only roaming profiles.

Key Terms

 * Windows Management Instrumentation (WMI)
 * A set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.

Flashcards

 * Test your understanding of this lesson.
 * Test your understanding of the key terms.