group policy document

8/7/2019 Group Policy Document

1/20

Group PolicyAuthor: Tran Anh Quan

1. Khi nimGroup Policy l mt nhm cc Policy, cc policy ny qui nh rt nhiu tnh nng nhbo v mt khu, ci t t xa, thay i ci t h thng . Cc Group Policy c chatrong GPO (Group Policy Object)

Th d: Ngi qun tr mng mun qun l ngi dng mt s thng tin sau:

Cc chng trnh ginh cho ngi s dng dng. Cc chng trnh xut hin trn mn hnh nn ca ngi dng. Hay a ra mt s hn ch buc ngi dng phi tun theo.

Vic ci t cc thnh phn kim sot cc vic trn gi l ci t cc Policy.

Th d: GPO Default Domain Policy lin kt vi Domain.

Cc GPO ny lin kt vi Site, Domain, OU p dng ti cc ngi dng trn Site,Domain, OU .

Cc Policy p dng theo th t sau:

- Local

- Site- Domain- Ou- Ou trong OU

C hai im chnh (Node) trong Group Policy trong :

User Configuration. Computer Configuration.

Trong tng im u c ba im ph ging nhau

Software Setting. Windows Setting. Administrative Template

Tuy nhin c s khc nhau gia hai im chnh trn


2/20

Cc Policy trong User Configuration s p dng cho cc ci t cho User ( bt kkhi User y log on vo my no )

V cc Policy trong Computer Configuration s p dng ti my tnh ( bt k userno log on ti my tnh y )

2. Mt s v d v trin khai Group Policy trong thc t

p dng vo tng m hnh c th chng ta s c nhng yu cu ring. V d nh chngta mun tt c nhn vin phng k thut c nhng cu hnh ring khi ng nhp mng thchng ta s tin hnh cc bc nh sau

M Active Directory User and Computer bng lnh Dsa.msc. Phi chut chn Propertiest OU KyThuat


3/20

Trong ca s KyThuat Properties chng ta chn Tab Group Policy. Chng ta chn ntNew to ra mt GPO mi. Chng ta s t tn cho GPO l KyThuatGPO

Sau y chng ta bm nt Edit. Ca s Group Policy Object Editor s hin ra. Ti ychng ta s nhn thy 2 nhnh l Computer Configuration v User Configuration. Chngta s cu hnh nhnh User Configuration.

y chng ta mun n ht cc biu tng trn mn hnh khi ngi s dng thuc nhmKyThuat ng nhp vo domain th chng ta s lm nh sau. Chng ta chn vo nhnhUser Configuration, chn Administrative Tempalates, chn tip Desktop, nhn sang bnca s bn phi ta chn Hide and Disable all the items on the desktop


4/20

Ta chn option Enable kch hot policy ny


5/20

Tip n ta tip tc mun cm khng cho tt c cc User thuc phng K Thut s dngnt RUN th ta thc hin cc bc sau. Chn nhnh User Configuration, chn nhnh StartMenu and Taskbar, bn ca s bn phi chn Remove Run menu from Start Menu


6/20

Chn option Enable kch hot policy ny


7/20

Chng ta cn lu l sau khi kch hot cc policy chng ta phi s dng cu lnh

GPUPDATE cp nht nhng thay i ny ngay lp tc. Chng ta vo Start/ Run, gcu lnh GPUPDATE.

By gi chng ta mun ci t phn mm Lotus Note Client khi tt c cc User trongphng K thut ng nhp vo Domain chng ta s tin hnh nh sau. Chng ta chnnhnh User Configuration/ Software Settings. Phi chut vo Software Installation chnNew, chn Package tm gi tin cn ci t


8/20

Lu th nht l gi tin ci t phi c t mt th mc c quyn chia snu khng cc my khch s khng th no tm c gi tin ny

Lu th hai l gi tin ny cn phi xc nh theo dng ng dn trn mng chkhng th xc nh theo dng local trn my. V d nh chng ta cn ci t gi tinLotus.Msi trn th mc Setup D th thay v dng ng dn D:\Setup\Lotus.Msichng ta phi dng ng dn \\ tn server\Setup\Lotus.Msi.

Lu th ba l chng ta ch c th tin hnh ci t c vi cc gi tin c ui *.Msi v*.zap

Ni dung file ZAP:[Application]

FriendlyName = "Program"

SetupCommand = "\\FileServer\Share\setup.exe" /q

Lu bng notepad, nh dng all file. t tn c ui .zap.


9/20

i vi mt s phn mm khng c tp tin *.msi th dng cc trnh sau to tp tin*.msi cho phn mm :

VERITAS Software Console. WININSTALL Discovery.

hp thoi Deploy Software chng ta s c 3 la chn:

- Published: pht hnh phn mm to sn cho ngi dng ty chn c ci t v mymnh hay khng, bng cng c Add/Remove Program trn Control Panel.


10/20

- Assigned: cp pht phn mm ti ngi dng. Khi ngi dng ng nhp mng, mngt ng ci t mt s thng tin va v phn mm v to li tt trn trnh n bt u.Khi ngi dng m ng dng chng trnh s tip tc ci t y .

- Advanced: c nhiu ty chn nng cao nh ci t hon ton phn mm khi ngi dng

ng nhp y chng ta la chn option Published. Bm OK tip tc


11/20

Sau khi tin hnh xong tt c cc bc trn, ta quay li ca s Active Directory User andComputer, ta chn phi chut mc Domain, chn Properties


12/20

Ta chn Tab Group Policy


13/20

Ta chn Add thm KyThuatGPO vo danh sch Group Policy Object Link.


14/20

Ti ca s Add Group Policy Object Link chng ta chn Tab All.

Ti ca s tab All chng ta s thy c KyThuatGPO, chng ta bm chn GPO ny. BmOK tip tc

Ti ca s Group Policy Object Link chng ta s thy KythuatGPO c add vo.Vn l y chng ta mun ch c nhng ngi thuc phng K Thut mi chu nhhng ca nhng Policy ny, vy chng ta tin hnh lc Policy bng cch chnKyThuatGPO ri chn Properties


15/20

Ti hp thoi KyThuatGPO Properties chng ta chn tab Security. Ti y chng ta thy

c nhm Authenticated Users ( tc l nhm tt c nhng user log on vo domain cchng thc s u b nh hng bi Policy trong KyThuatGPO. Chng ta s removenhm ny i bng cch bm chn nhm ri bm nt Remove


16/20

Sau y chng ta bm nt Add thm group KyThuat vo danh sch. Ti ca s SelectUsers, Computers, or Groups chng ta g Kythuat vo Enter the object names to select.

Sau y bm OK


17/20

Quay tr li ca s KyThuatGPO Properties chng ta thy c tn nhm Kythuat. Tuynhin tt c cc User thuc nhm ny c th nhn c cc Policy chng ta cn tchthm la chn Apply Group Policy mc Permissons for KyThuat

Sau y t my khch chng ta ng nhp vi account Kt1. y l account thuc OUKythuat do n s chu nh hng ca cc Policy chng ta t trong KythuatGPO.

Chng ta c th thy trn mn hnh nn ca account Kt1 khng cn g ht


18/20

Truy cp vo Start chng ta thy nt RUN cng b n

Vo Control Panel, chn Add New Program chng ta s thy c Lotus Note 6.5.


19/20

Mun ci t vo my chng ta bm vo nt Add tin hnh ci t


20/20

C th ni qua nhng v d trn chng ta c th thy Group Policy bao gm rt nhiu tnhnng cc k hu ch, lm gim nh s phc tp khi phi cu hnh trong mt mng ln.Nu nh AD l trung tm ca h iu hnh mng Windows 2003 server th Group Policyc th xng ng coi l trung tm ca AD.

group policy document

Documents