Windows Server 2019 Module 2 Section 3 and 4 Understanding GPOs and Working With GPOs

Ascend Education - Microsoft Introduction to Windows Server 2019 Module 2 Section 3 and 4 ONLY

Group Policy (GP) is a what in Windows OS

Framework

An example use of Group Policy (GP) is what

To standardize all users desktops in an Organizational Unit (OU) or entire Org

You can use Group Policy (GP) to deploy software in the .msi format

true

Folder Redirect

Option that allows you to redirect certain folders to a different storage location, allow them to have all their data regardless of the computer they are on, and even back up their entire computer.

Group Policy (GP) can be set up to only let you connect to certain ““ networks

wifi and wired

The most Granular part of Group Policy (GP) is

Individual policy settings

What are the three states of a Group Policy (GP)

Not Configures, Enabled, and Disabled

Group Policy Objects (GPO) store what

Group Policy Settings

In a new Group Policy Object (GPO) every setting defualts to

Not Configured

To create a new Group Policy or edit one

right-click or access the context menu for the Group Policy Objects Container then select “new” or “edit”

The Group Policy Management Editor displays all the

policy settings available within a GPO

Policy settings in Group Policy Objects (GPOs) define

configuration, however you must also specify the devices or users to which it applies

Scope

the collection of users or devices that the policy will apply to

GPO Link

ability to link a GPO to many sites, domains, and organizational units (OU) (Note: it is not recommended to link them to many sites, this may cause performance issues.

Two filters you can use to narrow the scope of a GPO

Security Filters and Windows Management instrumentation (WMI) filters

Security Filters

These specify security groups or individual user or computer objects that relate to a GPO’s scope, but to which the GPO explicitly should or should not apply.

Windows Management Instrumentation (WMI) Filters

These specify a scope by using characteristics of a system, such as an operating system version or free disk space.

Group Policy (GP) hierarchical processing order

Local GPOs > Site-Linked GPOs > Domain-Linked GPOs > OU-Linked GPOs > Child OU-Linked GPOs

The general rule of Group Policy (GP) application is that

the last one prevails or is applied

Group Policy Management Console

GPMC

You can disable a containers GPO link to

block the application of a GPO completely for a given site, domain, or OU

GPO Inheritance

A GPO that conflicts with another will cause the one with higher precedence to prevail over the others

The smaller the number the higher the ““ in the GPMC

presidence

The default setting in GPOs linked to a higher level container is that

they are inherited by lover-level containers

The later GPOs

override the previous ones

The sequential application of GPOs creates an effect called

Policy Inheritance

Polices are inherited, which means that the

Resultant Set of Policies (RSoPs) for a user or computer will be the cumulative effect of site, domain, and OU policies.

By default inherited GPOs have

Lower Precedence than GPOs that link directly to a container

When linking more than one GPO to and AD DS container Object. The link order of GPOs determines the

Precedence of GPOs in such a scenario. GPOs with a higher link order take precedence over GPOs with a lower link order.

To change the precedence of a GPO link, use the following procedure:

Select the AD DS container object in the GPMC console tree. >Select the Linked Group Policy Objects tab in the details pane > Select the GPO > Use the Up, Down, Mover To Top, and Move To Bottom arrows to change the link order of the selected GPO.

Blocking Inheritance

Configuring a domain or OU to prevent the inheritance of policy settings

To block inheritance,

right-click or access the context menu for the domain or OU in the GPMC console tree, and then select Block Inheritance

you can set a GPO link to be enforced.

To enforce a GPO link, right-click or access the context menu for the GPO link in the console tree, and then select Enforced from the shortcut menu.

An Enforce GPO link

takes the highest level of precedence and will apply to child containers even when those containers are set to block inheritance

Domain Based Group Policy Objects

Created and stored on domain controllers. Can be used to manage configureation centrally for the domains users and devices.

Local Group Policy Objects

A GPO that is linked to a specific computer.

he Default Domain Policy GPO is linked to the domain

Applies to all Authenticated Users, and does not include any WMI filters, contains policy settings that specify password, account lockout, and Kerberos version 5 authentication protocol policies.

The Default Domain Controllers Policy GPO links to

the organizational unit (OU) of the domain controllers.

Acounts for domain controllers are kept exclusivly in the

Domain Controller OU

Group Policy Container (GPC)

contains GPO properties and is stored in Active Directory on each Domain Controller.

Group Policy Template (GPT)

contains the data of a GPO and is stored in the SysVol of each domain controller in the %SystemRoot%\SYSVOL\Domain\Policies\GPOGUID path, where GPOGUID is the globally unique identifier (GUID) of the Group Policy container.

globally unique identifier

(GUID)

The Group Policy container defines basic attributes of the GPO, but it does not contain any of the

settings

The Group Policy template contains the Group Policy

settings

When you change the settings of a GPO, the changes are saved to the

Group Policy template of the server from which you opened the GPO.

You can use a ““ ““ to create other GPOs within the Group Policy Management Console (GPMC)

Starter GPO

A starter Group Policy Object is a good ““ in starting new GPOs in your domain

starting point

GPOs are saved as what filed

Cabinet (.cab)

The GPMC stores Starter GPOs in a folder, Starter GPOs,

which is located in SYSVOL

The use of administrative templates is known as a ““ because all the settings you configure in administrative templates result in changes to the registry.

registry-based policy

For many apps, using a registry-based policy is the simplest and best way to support the centralized management of policy settings.

True

The two sets of administrative templates

User-related settings

Computer-related settings

When configuring settings in the Administrative Templates node of the GPO, you make modifications to the

Registry

The settings in the computer section of the Administrative Templates node edit the ““ hive in the registry, and the settings in the user section of the Administrative Templates node edit the ““ hive in the registry.

HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER

All setting in the Administrative Templates node of a GPO are stored in which type of file?

.admx files

By default windows server store .admx files where?

Windows\PolicyDefinitions folder

Since .admx files are language neutral, A readable language is stored in the subfolder with the extension?

.adml

Central Store

A central location for all .admx files, which anyone with permissions to create or edit GPOs can access

If the domain controller or Central Store is not available

The Group Policy Management Editor uses the local store