Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Activity 7-1: Working with Vista Local GPOs, Pg. 256-257, In step 16.
advuser1 to be changed.
6
Domain GPOs
Domain GPOs are stored in Active Directory on
domain controllers
Consists of two separate parts: a group policy
template (GPT) and a group policy container (GPC)
GPT and GPC have naming structure (32
hexadecimal digits) and folder structure (2 subfolders,
Machine and User).
Knowing GPO structure is important for resolving
issues.
9
Group Policy Replication
GPCs which are AD objects are replicated during
normal Active Directory replications.
GPTs are replicated by one of the following
methods:
File Replication Service (FRS):
Used only when running in a mixed environment of differing
Windows Server operating systems such as Win Server
2003/2008 and Win server 2000.
Distributed File System Replication (DFSR) which is more
reliable and efficient than FRS:
Used when all DCs are running Windows Server 2008
Replication problems can be diagnosed with the
tools Gpotool.exe that can be downloaded from
Microsoft Download Center Website.
14
Group Policy Scope and Inheritance
The scope of a group policy defines which objects
(users or Computers) in AD are affected by settings
(enabled or disabled) in the policy.
If two GPOs are applied to an object, and a setting
is configured on one GPO but not the other, the
configured setting is applied
Policies are applied in this order:
Local policies
Site-linked GPOs
Domain-linked GPOs
OU-linked GPOs
25
Additional Security Settings Subnodes
13 more subnodes under Security Settings:
Event Log
Restricted Groups
System Services
Registry
File System
Wired Network (IEEE 802.3) Policies
Windows Firewall with Advanced Security
Network List Manager Policies
Wireless Network (IEEE 802.11) Policies
Public Key Policies
Software Restriction Policies
Network Access Protection
IP Security Policies on Active Directory
31
Chapter Summary (cont.)
The Security Settings node in Computer
Configuration contains the Account Policies sub-
node with settings that affect all domain users.
Administrative Templates can control hundreds
of settings on computers and for users.
Security templates are used to transfer security
settings easily from one GPO or computer to
another and can be used to analyze a
computers current settings against a security
database created from one or more security
templates.
32