50255: Managing, Maintaining, and Securing Your Networks Through Group Policy
Four DaysInstructor-led
About this Course
Discover how to consolidate the administration of an enterprise IT infrastructure with Group Policy. In this course, you will learn to control and manage computer systems and domain users running Windows Server 2003, Server 2008, XP, and Vista. You will learn to create Group Policies, implement administrative and security templates, and determine best practices when deploying software packages. Walk away with the experience and tools needed to optimize your enterprise systems and networks.
Audience Profile
This course is intended for Enterprise network staff responsible for help desk support, system administration, and network design.
At Course Completion
After completing this course, students will be able to:
Design and deploy security policies for all your Windows 2003/2008 servers, workstations, member servers, XP, and Vista clients
Delegate Administrative Control of Group Policies
Back up and restore Group Policy Objects (GPOs) through Group Policy Management Console (GPMC)
Easily roll out selected software updates and operating system patches from your network environment
Tips for troubleshooting Group Policy
Prerequisites
Experience with the Microsoft Windows Server 2003/8 environments and a fundamental understanding of Active Directory
Course Outline
Module 1: Introduction to Group Policy
This module provides a review of the Active Directory infrastructure and describes the basis of what Group Policy is and how it functions.
Lessons
Group Policy and Active Directory
Review of Active Directory
Overview of Group Policy
Lab : Introduction to Group Policy
Examining Hardware Components
Exploring and Configuring the Host Operating System
Installing Lab Files and Starting Virtual Machines
Starting the Virtual Machines
Preparing the Active Directory Schema for Vista and Server 2008 Support
After completing this module, students will be able to:
Understand how Active Directory relates to Group Policy
Explain the basic concepts of Active Directory
Describe the new Group Policy features
Module 2: Group Policy Management Tools
This module describes a downloadable console, Group Policy Management Console, from Microsoft released after Server 2003 intended as a one-stop shop for Group Policy administration.
Lessons
What is the GPMC?
Installing the GPMC
Advanced GPMC Features
Migration Tables
Integration of RSoP Functionality
WMI Filters
Lab : Group Policy Management Tools
Renaming and Joining Client Machines to the Domain
Installing the OS Specific GP Controls on Clients
Installing and Displaying RSAT on Vista
Server 2008 Group Policy Management Console Features
Utilizing Command-Line and Graphical Interfaces for Backing Up and Restoring Group Policy Objects
After completing this module, students will be able to:
Describe the needs filled by the GPMS
Successfully install the GPMC following installation requirements
Back up, restore, import, copy and search for GPOs using the GPMC
Build migration tables and resolve any conflicts
Use the GPMS to accomplish RSoP analyses
Create and apply a WMI filter
Module 3: Designing a Group Policy Infrastructure
This module details the steps a successful Group Policy deployment should follow, linking your design to how your company can best use the features. Essential network components and security design are also defined.
Lessons
Implementing Group Policy
Planning your Group Policy Design
Designing Your Group Policy Solution
Deploying Your Group Policy
Managing Your Group Policy Solution
Lab : Designing a Group Policy Infrastructure
Exploring and Configuring Delegation Using the GPMC
Installing and Configuring the AGPM
After completing this module, students will be able to:
List the four stages of implementing Group Policy
Plan Group Policy in accordance with a companys requirements
Follow Group Policy creation guidelines when developing GPOs
Deploy Group Policy based on the Active Directory structure
Manage Group Policy by delegating administration and setting permissions
Module 4: Troubleshooting Group Policy
This module explains the key concepts that you must grasp in order to effectively troubleshoot Group Policy.
Lessons
Group Policy Infrastructure
Group Policy Deployment Order
Group Policy Troubleshooting Tools
Lab : Troubleshooting Group Policy
Analyzing Users Using Group Policy Modeling
Analyzing Users Using Group Policy Results
Running Gpresult.exe to Analyze the Group Policy Assignments
Checking Version Number Using Scripts
Utilizing Tools to Locate the PDC Emulator
Following GPO Processing Event in the Event Viewer Console
After completing this module, students will be able to:
Describe the Active Directory components that are used to deploy Group Policy
Explain the order in which Group Policy is deployed in Active Directory
Describe some of the tools used to troubleshoot Group Policy
Module 5: Deploying Legacy Security Templates
This module defines the Windows security model and details the process of using the Security Configuration and Analysis tools to apply security templates.
Lessons
Security Architecture
The SECEDIT Database
Hardening Computer Accounts
Lab : Deploying Legacy Security Templates
Using the Security Configuration and Analysis Console
Creating Custom Templates with the Security Template Console
Enforcing a Custom Template Using the Secedit.exe Command-Line Tool
After completing this module, students will be able to:
Explain how security principals, access control lists, security groups, user profiles, and the registry are used for Group Policy deployment
Create, analyze, apply and customize security templates
App account and local policies
Module 6: : Implementing Security Using Group Policy
This module details effective security design using Active Directory logical components. You will also learn how to utilize predefined Security Guide templates and the GPO Accelerator tool in order to further security your environment.
Lessons
Getting Started with Security Configuration
Domain Security
Controlling Services with Group Policy
Enforcing an Audit Policy
Restricting Security Group Membership
Using Scripts
Lab : Implementing Security Using Group Policy
Installing the Microsoft GPOAccelerator
Installing the Prescriptive Recommendations for Vista and XP Clients
Deploying the Security Configuration Wizard to Create, Edit, Apply and Roll Back a Security Policy
Configuring Enterprise Auditing through Group Policy Deployment
After completing this module, students will be able to:
Use Microsoft security guidelines, tools, and templates to configure security policies for your network
Use ACLs to deploy domain security
Define Group Policy network settings per machine and per user
Create an effective audit policy
Use Restricted Groups as a component of your security policy
Module 7: Configuring the Desktop Environment
This module explains many of the settings that are available to configure and restrict the user desktop environment, such as Control Panel restrictions, Start Menu settings, and Windows Explorer configuration.
Lessons
Scripts for Clients
Desktop, Start Menu, and Taskbar Control
Control Panel Control
Windows Components
User Profiles
Folder Redirection
Printer Management and Pruning
Computer Network Settings
Lab : Configuring the Desktop Environment
Creating a Wireless Network Policy for Windows Vista Clients
Creating and Assigning a GPO to Prevent the Installation of Removable Devices
Sharing and Securing a Folder for the Gk.local Users Redirection
Redirecting the Documents Folder for the hq.local Users
Creating and Assigning a GPO to Encrypt Offline Files
Writing and Deploying a Visual Basic Script for Log on
After completing this module, students will be able to:
Specify startup, shutdown, logon, and logoff scripts and settings
Identify the many ways to control the user desktop, Start menu, and taskbar
Restrict the Control Panel settings
Restrict operations that users can perform in Windows Explorer, Internet Explorer, and Terminal Services
Customize processing of user profiles and roaming user profiles
Redirect user folders to a server
Module 8: Assigning and Publishing Software Packages
This module explains how manage to use Group Policy for deploying software.
Lessons
MSI Packages
Group Policy as a Software Deployment Method
Software Deployment
Setting Up Distribution Points
Systems Management Server
Lab : Assigning and Publishing Software Packages
Preparing for Distribution
Creating a Custom Software Package
Deploying a Third-Party Package
After completing this module, students will be able to:
Describe the basic elements of an MSI package and determine when to use an existing package or build or repackage your own
Define the requirements for distributing software via Group Policy
Identify the best method of software deployment for your organization
Explain how to set up distribution points for software deployment
Explain when you might want to use SMS instead of Group Policy
Module 9: Software Restrictions Policies
This module explains the deployment of software restriction policies including the essential components, rules, and the order of precedence of such policy. You will learn how to use software restriction policies to prevent users from running unauthorized software reducing the likelihood that viruses, Trojan horses, or spyware might intrude upon the environment.
Lessons
What is a Software Restriction Policy?
How to Create a Software Restriction Policy
Additional Rules to Identify Software
What Makes an Effective Software Restriction Policy
Lab : Software Restrictions Policies
Software Restriction Policies and the Path Rule
Software Restriction Policies and the Hash Rule
After completing this module, students will be able to:
Describe software restriction policies and how to use them
Explain how to create software restriction policies
Explain how additional rules are applied to software restriction policies
Describe the characteristics of an effective software restriction policy
Module 10: Creating and Deploying Legacy Administrative Templates
This module explains the logic behind administrative templates, when to use them, and the basics of how to write them.
Lessons
Overview of ADM Templates
Standard ADM Templates
Registry Structure Used by ADM Templates
ADM Template Syntax
Custom ADM Templates
Lab : Creating and Deploying Legacy Administrative Templates
Building an ADM Template
After completing this module, students will be able to:
Describe the benefits of using ADM templates
List the ADM templates that come with each version of Windows
Identify the registry locations that ADM templates affect
List and explain the key words and syntax used in building ADM templates
Explain the different ways you can add custom ADM templates to the registry
Module 11: New Group Policy Features for Windows Vista and Server 2008
This module explains the new GPO features and settings that are available for Windows Vista and Windows Serve 2008. You will learn about the changes in the GPO Editor and differences in GPO processing.
Lessons
Group Policy in Windows Vista and Windows Server 2008
Group Policy Editor Enhancements
Changes to Group Policy Processing
New GPO Settings
Lab : New Group Policy Features for Windows Vista and Server 2008
Installing the ADMX Migrator
Migrating an .ADM to .ADMX/.ADML Format
Creating the ADMX Central Store and Populating the Files
Deploying the Policy Filtering on the Group Policy Console
Creating and Deploying a Starter Group Policy Console
Creating and Deploying Multiple Local Group Policy Objects
After completing this module, students will be able to:
Briefly review the new features of Group Policy in Windows Vista and Windows Server 2008
Describe some of the Group Policy Editor changes in Windows Vista and Windows Server 2008
Compare some of the differences in policy processing between Windows Server 2008 and older operating systems
List some of the new categories of GPO settings
Module 12: Managing Group Policy Preferences
This module explains the function of GPO preferences, describes how Preferences can be combined with GPO Policies are different from Policies.
Lessons
Overview of Group Policy Preferences
Comparing Preferences and Policy Settings
Configuring Preference Settings
Group Policy Preferences: Advanced Configuration
Lab : Managing Group Policy Preferences
Updating Clients to Support Group Policy Preferences
Creating and Deploying Group Policy Preferences
Migrating an .ADM to .ADMX/.ADML Format
Deploying Item-Level Targeting through Group Policy Preferences
Testing the Group Policy Preferences Assignments
After completing this module, students will be able to:
Describe the purpose of Group Policy Preferences
Explain the difference between Preferences and Policies
Configure Group Policy Preference settings, including Windows and Control Panel settings
Describe the advanced Preference configuration options available in Group Policy
