1 Introducing Group Policy
-
Upload
alexandreantunes -
Category
Documents
-
view
222 -
download
0
Transcript of 1 Introducing Group Policy
-
8/10/2019 1 Introducing Group Policy
1/23
-
8/10/2019 1 Introducing Group Policy
2/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize= 2/23
eatures that are included in the newer Windows operating systems.
hat Is Group Policy?
igure 1: What Is Group Policy?
Group Policy is a mechanism for applying computer and user settings to one or many
computers throughout an Active Directory environment. These settings are typically referred
o as Policies and stem from the security policies that were present in earlier versions of
indows. Now, the security policies themselves are part of Group Policy. The term Group
olicy is somewhat of a misnomer as the policies are not configured at the Group level, but
are instead applied at the local, site, domain, or OU level.
Group Policy was introduced with Windows 2000 as a replacement for the system policies of
older Windows environments. The system policies used in the past were inflexible and difficulto reverse once they were put in place.
The new Group Policy in Windows Server 2012 and Windows 8 Client builds upon the
oundation established with Windows 2000. Some Group Policy enhancements were made in
indows Server 2003, but they do not compare to the new features and numerous new
settings in Group Policy with the newest versions of Windows.
You can use Group Policy to affect many different parts of a Windows Server 2012
environment.
-
8/10/2019 1 Introducing Group Policy
3/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize= 3/23
The most common impression of Group Policy is that it is used to lock down the user
environment. Although Group Policy can be used in that way, this feature is just one of its
any powerful capabilities.
fficiently managing Group Policy for any number of computers involves establishing an
Active Directory structure. Understanding Active Directory is essential to a successful Group
olicy deployment.
Desktop Settings and Restrictions
igure 2: Desktop Settings and Restrictions
Group Policies are broken down into two sections: User Configuration and Computer
Configuration. The User Configuration items are specific to user accounts no matter where
hey may log on, while the Computer Configuration items are specific to the computer system
o matter who may log on to it.
ithin the User and Computer sections are two sub-sections:
Policies: The Policies layer has Software Settings, Windows Settings, and Administrative
Templates beneath it.
Preferences: The Preferences layer contains Windows Settings and Control Panel Settings.
ost of the desktop-related settings and restrictions are found within the Policies,
Administrative Templates, Preferences, Windows Settings, Preferences, and Control Panel
Settings areas.
-
8/10/2019 1 Introducing Group Policy
4/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize= 4/23
The settings can range from the aesthetic background logo to a complete lockdown of the
system.
Security Policies
igure 3: Security Policies
se Security Policies to enforce standards for security, auditing, NTFS permissions, ACLs on
egistry keys, IPSec policies, and much more.
Security Policies can be used to enforce corporate security standards, or to conform with
industry or governmental policies.
Folder Redirection
-
8/10/2019 1 Introducing Group Policy
5/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize= 5/23
igure 4: Folder Redirection
The folder redirection process stores the users My Documents and other selected folders on a
server instead of locally. The user is unaware of this change and offline synchronization
caches the documents on the users local hard drive.
Software Deployment
igure 5: Software Deployment
A powerful feature of Group Policy is the ability to distribute software packages and to restrict
access to unauthorized software. Other more powerful tools also provide these features, such
as Microsoft SMS, but for the small to mid-sized environment, the built-in software
anagement tools may be all that are needed.
istributing Software Packages
The Software Installation section within Group Policy allows for the distribution of software
ackages. This capability relies upon the Windows Installer service that is present on all
indows operating systems from Windows 2000 to the present.
n order to distribute software using Group Policy, the package must be in MSI format. This
eans that an application that is not currently packaged as an MSI file cannot be distributed
nless it is repackaged or a new package is built for it. Many commercially available tools can
do this packaging.
-
8/10/2019 1 Introducing Group Policy
6/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize= 6/23
t is possible (but not desirable) to distribute legacy installer packages using a special file called
a ZAP. A ZAP file is a simple text file that contains the name of the executable command that
erforms the installation. Unfortunately, it does not have any of the powerful features of the
SI format, such as self-healing, reporting, and clean uninstall.
Software can be distributed either to the User Configuration section of a Group Policy, or to
he Computer Configuration section. If software is distributed to the user, the package will
ollow the user from one machine to another. If the package is configured in the Computer
Configuration section, it will be available to anyone that logs on to the computer.
hen you distribute software to the User Configuration section of Group Policy, you can
distribute it as either an assigned package or a published package. Software packages created
in the Computer Configuration section can only be assigned.
Assigned packages are mandatory and are installed at computer boot time in the case of
software assigned to the Computer Configuration section. When packages are assigned to the
ser Configuration section, they are installed at either first logon or the first time the user
attempts to use the application in the package.
ublished packages are optional. The end user must install them from within Add/Remove
rograms on Windows XP and Windows Server 2003, or from within Programs and Features
on Windows Vista and Windows Server 2008.
Software Restrictions
igure 6: Software Restrictions
ecause of the growing threat of viruses and rogue software, a great need exists to control the
software that the users run. Anti-virus software is certainly a necessity, but it catches only the
-
8/10/2019 1 Introducing Group Policy
7/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize= 7/23
software that is a known threat. Any new viruses or Trojan horse that slips under the radar
can still be a huge problem.
The SRP (Software Restriction Policies) that are available in Group Policy can prevent
suspect software from running before it ever becomes an issue. Software restrictions enforce
corporate standards regarding the type of software that end users can install and run. This
could lead to greater productivity or, at the very least, reduce downtime due to software that
causes stability problems.
AppLocker is a new software restriction methodology that was introduced with Windows 7
and Server 2008 R2. It is more powerful and flexible than the Software Restriction Policies
available in previous versions of Windows. AppLocker allows policies to be created by
scanning a folder structure and automatically picking up the executable file types to be allowed
or restricted.
Logon Scripts
igure 7: Logon Scripts
ogon scripts have generally been used to perform actions at logon that could not be
configured as Group Policy settings. More and more of these settings are now incorporated
into Group Policy as individual configurable items.
or instance, logon scripts have historically created a mapped network drive for users upon
logon.
-
8/10/2019 1 Introducing Group Policy
8/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize= 8/23
indows Server 2008 Group Policy now contains an option under User Configuration,
references, Windows Settings, Drive Maps that allows you to configure the mapped drives.
Group Policy Scenarios
igure 8: Group Policy Scenarios
You can use Group Policy in a variety of ways to control the Windows environment.
igure 8 lists the possible ways that you can use Group Policy.
To prevent changes to the desktop environment
Use desktop restrictions to constrain the user environment so that users are less likely todo themselves harm, and generate support calls.
To enforce an Audit policy for servers
Use auditing in security policies to track who is accessing specific files and folders within
the operating system.
To maintain user documents on a central server
Use Folder Redirection to direct a users saved documents to a server-based folder
instead of storing the documents locally.
-
8/10/2019 1 Introducing Group Policy
9/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize= 9/23
To assign a software package to many computers
Use software deployment to automatically distribute software to users and computers.
To prevent users from running unauthorized code
Use software restriction policies to prevent users from running prohibited or maliciousprograms.
To map a drive letter to a server resource
Use login scripts to automate certain routines like the mapping of network drives or
printers.
New Group Policy Features Introduced with Windows
Server 2008 and Windows Vista
igure 9: New Group Policy Features Introduced with Windows Server 2008 and Windows
ista
sers familiar with Group Policy from Windows 2000 and Windows Server 2003 will find
significant changes in the Windows Server 2008 operating system. All administrators need to
now the details of these differences because many environments will consist of a mix of
indows operating systems (from Windows XP to Windows Server 2012) for some time to
come.
any of these policy enhancements are effective only in Windows Server 2008, Windowsista and later environments. Older operating systems will still be able to interoperate in the
ew framework, but will not be able to take advantage of many of the new Group Policy
-
8/10/2019 1 Introducing Group Policy
10/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 10/23
settings and features.
Since the release of Service Pack 1 for Windows Vista, the Group Policy structure for
indows Vista and later Windows versions are the same. The current Group Policy
anagement Editor now includes separate top-level Policiesand Preferencessections
This topic describes the enhancements to the Group Policy Management Editor and the
changes to the Group Policy service. This topic also describes the new categories of settings
hat are available in Group Policy.
Group Policy Management Editor Enhancements
igure 10: Group Policy Management Editor Enhancements
The Group Policy Management Editor has been enhanced with many new features for
indows Server 2008. Key enhancements include:
New format for ADMX (Administrative Templates): Administrative Templatesare
now based on an XML file format. The new GPO tools can read both the older ADM files
and the newer ADMX files. All ADMX files are now stored centrally in Sysvol.
Starter GPO: It creates a template of GPO settings that you can reuse.
Comments for GPOs: You can add custom comments to GPOs.
GPO filtered view: You can now display settings in a variety of ways, including a sorted
view or a filtered view.
-
8/10/2019 1 Introducing Group Policy
11/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 11/23
GPMC: The GPMC was a feature pack download for Windows Server 2003. Now, the
GPMC is the standard tool for managing group policies.
Group Policy Service Changes
igure 11: Group Policy Service Changes
The obvious changes to the Group Policy management process are not the only differences in
olicies with Windows Vista and later. Significant changes also exist behind the scenes.
Group Policy service: Group Policy has been moved from the Winlogon service and now
runs as a service of its own. This nearly eliminates the need for reboots after policy
changes, including after the distribution of software.
Local Group Policy enhancements: Multiple GPOs can now be created for the local
computer that allow for easier deployment of kiosk-type environments.
Network location awareness: Group Policy no longer relies on ICMP. It uses event
detection and event notification and provides faster startup times when group policies are
applied.
New GPO Settings
-
8/10/2019 1 Introducing Group Policy
12/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 12/23
igure 12: New GPO Settings
Over 1,700 settings were already available in Group Policy in Windows Server 2003. In
indows Server 2008, the number exceeds 2,400 to support all the new features found in
indows Vista and later. Figure 12 lists some of these new categories of settings.
ew Power Management Options
All of the currently available power management options in the Windows operating systems
can now be managed through Group Policy. The advantage of this feature is that a central
standard can be set for power management settings without having to visit each computerindividually or writing complex scripts to accomplish the same goal.
ith a renewed emphasis on reduction of power consumption in many environments, the
ability to put a rigid power management policy in place is critical. Simply turning monitors off
after a few hours of inactivity can save hundreds of dollars annually per monitor.
lock Device Driver Installation
The new device driver management features go far beyond the simplistic device driver
signing settings that were previously available in Group Policy. Now the settings are far more
ranular.
You can now block or allow device driver installation down to a specific PnP hardware
identifier.
-
8/10/2019 1 Introducing Group Policy
13/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 13/23
You can block installation of removable media devices. This feature is very important for
sensitive environments where you want to reduce the risk of data being copied and carried out
of the facility.
inally, you can customize a balloon tip message when installation is prevented. You can use
his message, for example, to outline the corporate policies regarding the usage of removable
edia or other devices.
indows Firewall with Advanced Security Options
The new Microsoft Windows Firewall with Advanced Security tool is much more advanced
han its predecessor. In addition to blocking or allowing incoming access, the new interface
allows you to create inbound and outbound firewall policies.
PSec functionality has now been integrated directly into the Windows Firewall interface.
hen you need to secure a connection, you can very quickly configure IPSec to encrypt all or
selected data between the systems involved.
ew Windows Internet Explorer Options
The newest versions of Windows Internet Explorer, version 7 and later, bring with them a
certain amount of baggage in the form of hundreds of new settings, and a redesigned GUI.
ost of these settings are now configurable through Group Policy. You can centrally define
ome pages, security settings, history retention, and much more.
You can also centrally control the user interface settings and turn off some of the new
indows Internet Explorer interface elements or reset them to the classic values.
rinter Installation
ocation-Based Printer Installation
The new printer deployment capabilities of Windows Server 2008 were partly introduced in
indows Server 2003 R2. This feature allows for shared printer connections to automatically
-
8/10/2019 1 Introducing Group Policy
14/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 14/23
e made available to the computer or user side of the GPO. With this capability,
administrators can rely less on scripts for the installation of printers within a logon script.
rinter Driver Installation for Non-Administrators
hether printers are deployed or manually installed by the end user, the installation of printer
device drivers now occurs in the background with elevated privileges. In the past, when a user
connected to a shared printer, if the device driver did not exist, it would not install. An
administrator would then have to install the printer on behalf of the user. Now, printer drivers
install automatically with the proper rights.
New Group Policy Features Introduced with WindowsServer 2008 R2 and Windows 7
igure 13: New Group Policy Features Introduced with Windows Server 2008 R2 and
indows 7
indows Server 2008 R2 and Windows 7 provide a few additional Group Policyenhancements.
igure 13 lists these enhancements.
Windows PowerShell cmdlets: The Windows PowerShell cmdlets manage Group Policy
from Windows PowerShell and run Windows PowerShell scripts during logon and startup.
Microsoft has included a library of cmdlets specific to Group Policy management that allow
GPO configuration from the command line and for automation.
-
8/10/2019 1 Introducing Group Policy
15/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 15/23
Group Policy Preferences: Additional types of GPO preference items have been added.
Preferences were added to the original Windows Server 2008 release, but have been
augmented with new capabilities in Windows Server 2008 R2.
Starter GPOs: Improvements have been made to the Starter GPOs. New default Starter
GPOs have been added to the GPMC interface.
Administrative Template Settings: A new user interface and many additional policy
settings have been added. The Administrative Templatessection has been augmented
with hundreds of new settings and an editor window that is easier to navigate.
AppLocker: AppLocker is a new mechanism for restricting access to software that is only
supported by Windows Server 2008 R2 and Windows 7. AppLocker supports wildcards for
version numbering, allowing a single policy to restrict multiple versions of a file. AppLocker
also can restrict by user name or group.
New Group Policy Features in Windows Server 2012
and Windows 8 Client
igure 14: New Group Policy Features in Windows Server 2012 and Windows 8 Client
indows Server 2012 and Windows 8 Client are very similar to their predecessors. However,
here are several new features and enhancements in the latest version of Group Policy.
igure 14 lists these enhancements:
Remote Update from the GPMC: Use the GPMC to force a refresh of policies against all
-
8/10/2019 1 Introducing Group Policy
16/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 16/23
computers in a specific OU.
PowerShell Invoke-GPUpdate: Use the Invoke-GPUpdate cmdlet to update policies on
the local or remote machines.
Group Policy Infrastructure Status: Use the replication Status tab to check on the
replication status of GPOs in the domain. This eliminates the need for GPOTool.exe.
Policy Error Links in RSOP Results: View Group Policy related events from local or
remote machines.
Hundreds of new GPO items: Hundreds of new settings are specific to Windows Server
2012, Windows 8 Client and the new IE 10 browser.
cronyms
The following acronyms are used in this section:
ACL access control list
ADM Administrative TemplatesADMX Administrative Templates XML-based
CD-ROM compact disc read-only memory
VD-ROM digital versatile disc read-only memory
GPMC Group Policy Management Console
GPO Group Policy object
GUI graphical user interface
CMP Internet Control Message Protocol
PSec IP Security
D5 Message Digest 5
SI Microsoft Software Installer
TFS New Technology File System
OU organizational unit
KI public key infrastructure
nP plug and play
SoP Resultant Set of Policy
SMS Systems Management Server
-
8/10/2019 1 Introducing Group Policy
17/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 17/23
SRP Software Restriction Policies
SB Universal Serial Bus
ML Extensible markup language
AP Zero Administration Package
Section Review
Summary
Group Policy is a mechanism for applying computer and user settings to one or manycomputer throughout an Active Directory environment.
Use Group Policy to:
Prevent changes to the desktop environment
Enforce an Audit policy for servers
Maintain user documents on a central server
Assign a software package to many computers
Prevent users from running unauthorized code
Map a drive letter to a server resource
Use the following Group Policy tools to:
Group Policy
Tool
Use it to
Group Policy Management Console View and
manage
all the
policiesthat exist
in a given
Active
-
8/10/2019 1 Introducing Group Policy
18/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 18/23
Directory
forest
Group Policy
Management Editor View and modify all of the policy settings within a GPO
Gpupdate.exe Remotely update GPOs
Gpresult.exe Display all the policy settings that are active for a computer
or user
RSoP snap-in Troubleshoot the policies that are applied to computers or
users
Figure 15: Group Policy Tools
Some basic desktop policies are:
Policy Description
Computer Configuration
User Configuration
Settings that apply only to the computer objects that are within the scope
of the policy
Settings that apply only to the user objects that are within the scope of the
policy
Desktop Settings and
Restrictions Include a wide range of desktop settings, from changing the aesthetic
background logo to a complete lockdown of system
Logon Scripts Perform actions at logon; settings are now incorporated into Group Policy
as individual configurable items
Folder Redirection Process that stores the users personal My Documents files on a server
instead of locally
-
8/10/2019 1 Introducing Group Policy
19/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 19/23
Figure 16: Desktop Policies
Some basic software policies are:
Policy Description
Distributing Software
Packages Software Installation section within Group Policy is used to distribute
software packages
User Configurationand Computer Configurationsections of Group
Policy are used to distribute software to user or computer, respectively
Add/Remove Programson Windows XP and Windows Server 2003 or
from Programs and Features within Windows Vista and Windows
Server 2008 are used by the end user to install published packages
Restricting Access to
Software Four types of SRPs (Path Rule, Network Zone Rule, Hash Rule,
Certificate Rule) are used to prevent suspect software from running
Figure 17: Software Policies
New Group Policy features in Windows Server 2008 and Windows Vista are:
Policy Description
Group Policy
Management
Editor
Enhancements
New format for ADMX: Based on XML file format; new GPO tools can read ADM
and ADMX files
Starter GPO: Creates a template of GPO settings that you can reuse
Comments for GPOs: Add custom comments to GPOs
GPO filter view: Displays settings in a variety of ways, including sort view or
filtered view
GPMC: Standard tool for managing group policies
Group Policy
Service Changes Group Policy service: Runs as a service of its own
-
8/10/2019 1 Introducing Group Policy
20/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 20/23
Local Group Policy enhancements: Create multiple GPOs for the local computer
Network location awareness: Group Policy now uses event detection and event
notification and provides faster startup times when group policies are applied
New GPO
Settings New power management options: Set central standard for power managementsettings
Block device driver installation: Settings are now more granular; can block or
allow device driver installation down to a specific PnP hardware identifier; can block
installation of removable media devices; can customize a balloon tip message when
installation is prevented
Windows Firewall with Advanced Security options: With a new interface you can
easily create outbound filters; IPSec functionality has been integrated directly into the
Windows Firewall interface
New Internet Explorer options: Most new Windows Internet Explorer settings are
now configurable through Group Policy; can centrally define homes pages, security
settings, history retention, etc.
Printer installation:Location-based printer installation(shared printer connections
are automatically available to computer or user side of the GPO);printer driver
installation for non-administrators(installation of printer device drivers now occurs
in the background with elevated privileges)
Figure 18: New Group Policy Features in Windows Server 2008 and Windows Vista
New Group Policy features in Windows Server 2008 R2 and Windows 7 are:
Policy Description
Windows
PowerShell
cmdlets
Manage Group Policy from Windows PowerShell and run Windows PowerShell
scripts during logon and startup; cmdlets allow GPO configuration from the
command line and for automation
Group Policy
Preferences Additional types of GPO preference items were added
Starter GPOs
-
8/10/2019 1 Introducing Group Policy
21/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 21/23
New default Starter GPOs were added to the GPMC interface
Administrative
Template Settings New user interface and additional policy settings were added; Administrative
Templates section was augmented with new settings and an editor window that is
easier to navigate
AppLocker A new mechanism for restricting access to software that is only supported by
Windows Server 2008 R2 and Windows 7; supports wildcards for version
numbering, allowing a single policy to restrict multiple versions of a file; can restrict
by user name or group
Figure 19: New Group Policy Features in Windows Server 2008 R2 and Windows 7
nowledge Check
1. What is Group Policy used for? (Choose all that apply.)
a. To configure desktop settings
b. To deploy software
c. To enforce security policies
d. To run logon scripts
2. What is Group Policy? Write a brief description in the space provided.
3. Match each Group Policy feature with its correct description. Write the letter of the
description in the Answer column.
Answer Group
Policy
Feature
Description
1.________
GPMC A.A tool used to create inbound and outbound firewall policies. IPSec
functionality has been integrated directly into the interface.
Windows B.These allow GPO configuration from command line and for
-
8/10/2019 1 Introducing Group Policy
22/23
16/11/2014 1 Introducing Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=2&FontSize 22/23
2.________ Firewall with
Advanced
Security
automation.
3.________
AppLocker C.These set the central standard for power management settings.
4.________
Windows
PowerShell
cmdlets
D.A standard tool used to manage group policies.
5.________
Power
management
options
E.A new mechanism for restricting access to software that is only
supported by Windows Server 2008 R2 and Windows 7; supports
wildcards for version numbering, allowing a single policy to restrict
multiple versions of a file; can restrict by user name or group.
Knowledge Check Answer Key
The correct answers to the Knowledge Check questions are bolded.
1. What is Group Policy used for? (Choose all that apply.)
a. To configure desktop settings
b. To deploy software
c. To enforce security policies
d. To run logon scripts
2. What is Group Policy?
It is a mechanism for applying computer and user settings to one or many
computers throughout an Active Directory environment.
3. Match each Group Policy feature with its correct description. Write the letter of the
description in the Answer column.
Answer Group Policy
Feature
Description
-
8/10/2019 1 Introducing Group Policy
23/23
16/11/2014 1 Introducing Group Policy
1. DGPMC F.A tool used to c reate inbound and outbound firewall polic ies. IPSec
functionality has been integrated directly into the interface.
2. AWindows Firewall
with Advanced
Security
G.These allow GPO configuration from the command line and for
automation.
3. EAppLocker H.These set the central standard for power management settings
4. BWindows
PowerShell cmdlets
I.A standard tool used to manage group policies.
5. CPower management
options
J.A
supported by
Windows Server 2008 R2 and Windows 7; supports wildcards for
version numbering, allowing a single policy to restrict multiple versions
of a file; can restrict by user name or group.
new mechanism for restricting access to software that is only