microsoft ® official course module 6 managing user desktops with group policy
TRANSCRIPT
Microsoft® Official Course
Module 6
Managing User Desktops with Group Policy
Module Overview
Implementing Administrative Templates
Configuring Folder Redirection and Scripts
Configuring Group Policy Preferences•Managing Software with Group Policy
Lesson 1: Implementing Administrative Templates
What Are Administrative Templates?
What Are ADM and ADMX Files?
The Central Store
Discussion: Practical Uses of Administrative Templates•Demonstration: Configuring Settings with Administrative Templates
What Are Administrative Templates?
Administrative Templates sections for computers are:
• Control Panel• Network• Printers• System• Windows components
Administrative Templates sections for users are:
• Control panel • Desktop• Network• Start menu and taskbar• System• Windows components
Administrative Templates provide you with the ability to control both the environment of the operating system and user experience
Each of these main sections contain many subfolders to further organize settings
What Are ADM and ADMX Files?
ADM files:
• Are copied into every GPO in SYSVOL• Are difficult to customize
ADMX files:
• Include language-neutral ADML files that provide the localized language
• Are not stored in the GPO• Are extensible through XML
The Central Store
The Central Store:• Is a central repository for ADMX and ADML files• Is stored in SYSVOL• Must be created manually• Is detected automatically by Windows Vista or Windows
Server 2008
Windows Vista or Windows Server 2008
workstation
ADMX files
Domain controller with SYSVOL
Domain controller with SYSVOL
Discussion: Practical Uses of Administrative Templates
How do you currently provide desktop security?
How much administrative access do users have to their systems?
Which Group Policy settings will you find useful in your organization?
Demonstration: Configuring Settings with Administrative Templates
In this demonstration, you will see how to:• Filter Administrative Template policy settings• Apply comments to policy settings• Add comments to a GPO• Create a new GPO by copying an existing GPO• Create a new GPO by importing settings that were exported from another GPO
Lesson 2: Configuring Folder Redirection and Scripts
What Is Folder Redirection?
Settings for Configuring Folder Redirection
Security Settings for Redirected Folders
Demonstration: Configuring Folder Redirection
Group Policy Settings for Applying Scripts•Demonstration: Configuring Scripts with GPOs
What Is Folder Redirection?
Folder redirection is a feature that allows folders to be located on a network server, but appear as if they are located on the local drive
Folders that can be redirected in Windows Vista, Windows 7, and
Windows 8 are:• Desktop• Start Menu• Documents• Pictures• AppData\Roaming• Contacts• Downloads
• Favorites • Saved Games• Searches• Links• Music• Videos
Settings for Configuring Folder Redirection
AccountingUsers
AccountsN-Z
AccountsA-M
AccountingManagers
Anne
Amy
Folder redirection configuration options:• Use Basic folder redirection when all users
save their files to the same location• Use Advanced folder redirection when
the server hosting the folder location is based on group membership
• Use the Follow the Documents folder to force certain folders to become subfolders of Documents
Target folder location options:• Redirect to the users’ home directory
(Documents folder only) • Create a folder for each user under the
root path • Redirect to the following location • Redirect to the local user profile location
Security Settings for Redirected FoldersNTFS permissions for root folder
Share permissions for root folder
NTFS permissions for each users’ redirected folder
Creator/Owner Full control – subfolders and files only
Administrator None
Security group of users that save data on the share
List Folder/Read Data, Create Folders/Append Data-This Folder Only
Local System Full control
Creator/Owner Full control – subfolders and files only
Security group of users that save data on the share
Full control
Creator/Owner Full control – subfolders and files only
%Username% Full control, owner of folder
Administrators None
Local System Full control
Demonstration: Configuring Folder Redirection
In this demonstration, you will see how to:• Create a shared folder for folder redirection• Create a GPO to redirect the Documents folder• Test folder redirection
Group Policy Settings for Applying Scripts
You can use scripts to perform many tasks, such as clearing page files or mapping drives, and clearing temp folders for users
You can assign Group Policy script settings to assign:
• For computers:
Startup scripts
Shutdown scripts
• For users:
Logon scripts
Logoff scripts
Demonstration: Configuring Scripts with GPOs
In this demonstration, you will see how to:• Create a login script to map a network drive• Create and link a GPO to use the script and store the script in the Netlogon share• Log on to client computer and test results
Lesson 3: Configuring Group Policy Preferences
What Are Group Policy Preferences?
Comparing Group Policy Preferences and GPO Settings
Features of Group Policy Preferences•Demonstration: Configuring Group Policy Preferences
What Are Group Policy Preferences?
Group Policy preferences expand the range of configurable settings within a GPO
Group Policy preferences:
• Enable IT professionals to configure, deploy, and manage settings that were not manageable by using Group Policy
• Can be created, deleted, replaced, or updated
• Are natively supported on Windows Server 2008 and Vista SP2 or newer
Comparing Group Policy Preferences and GPO Settings
Group Policy Settings Group Policy Preferences
Strictly enforce policy settings by writing the settings to areas of the registry that standard users cannot modify
Are written to the normal locations in the registry that the application or operating system feature uses to store the setting
Typically disable the user interface for settings that Group Policy is managing
Do not cause the application or operating system feature to disable the user interface for the settings they configure
Refresh policy settings at a regular interval
Refresh preferences by using the same interval as Group Policy settings by default
Features of Group Policy Preferences
Is used to configure additional options that
control the behavior of a Group Policy preference item
Targeting Features
Determines to which users and computers a preference
item applies
Common Tab
Demonstration: Configuring Group Policy Preferences
In this demonstration, you will see how to:• Configure a desktop shortcut with Group Policy preferences• Target the preference• Configure a new folder with Group Policy preferences • Target the preference• Test the preferences
Lesson 4: Managing Software with Group Policy
How Group Policy Software Distribution Helps to Address the Software Lifecycle
How Windows Installer Enhances Software Distribution
Assigning and Publishing Software•Managing Software Upgrades by Using Group Policy
How Group Policy Software Distribution Helps to Address the Software Lifecycle
Preparation
11
Deployment
1.0
22
Maintenance
2.0
33
Removal
44
How Windows Installer Enhances Software Distribution
Windows Installer:
Windows Installer service:
• Fully automates the software installation and configuration process
• Modifies or repairs an existing application installation
Windows Installer package contains:
• Information about installing or uninstalling an application
• An .msi file and any external source files
• Summary information about the application
• A reference to an installation point
Benefits of using Windows Installer:
• Custom installations
• Resilient applications
• Clean removal
Assigning and Publishing Software
Software Distribution ShareSoftware Distribution Share
Publish software using document activation
Publish software using document activation
Publish software using Add or
Remove Programs
Publish software using Add or
Remove Programs
Assign softwareduring computer
configuration
Assign softwareduring computer
configuration
Assign software during user
configuration
Assign software during user
configuration
Managing Software Upgrades by Using Group Policy
Mandatory upgrade
Users can use only the upgraded version
Optional upgrade
Users can decide when to upgrade
Selective upgrade
You can select specific users for an upgrade
2.0
1.02.0
2.0
1.0
Deploy next version of the application
Deploy next version of the application
2.0
Lab: Managing User Desktops with Group Policy
Exercise 1: Implementing Settings by Using Group Policy Preferences•Exercise 2: Configuring Folder Redirection
Logon Information
Virtual machines: 20411B-LON-DC120411B-LON-CL1
User name: Adatum\AdministratorPassword: Pa$$w0rd
Estimated Time: 45 minutes
Lab Scenario
A. Datum Corporation is a global engineering and manufacturing company with its head office in London, U.K. An IT office and a data center are located in London to support the London head office and other locations. A. Datum has recently deployed a Windows Server 2012 server and client infrastructure.
A. Datum has just opened up a new branch office. Users in this office require an automated method for mapping drives to shared server resources and you decide to use Group Policy preferences. Furthermore, you have been asked to create a shortcut to the Notepad application for all users that belong to the IT security group. To help minimize profile sizes, you have been asked to configure folder redirection to redirect several profile folders to each user’s home drive.
Lab Review
Which options can you use to separate user's redirected folders to different servers?
Can you name two methods you could use to assign a GPO to selected objects within an OU?•You have created Group Policy preferences to configure new power options. How can you ensure that they will be applied only to laptop computers?
Module Review and Takeaways
Review Questions
Best Practice•Common Issues and Troubleshooting Tips