< Day Day Up > |
Outlook Client Group PoliciesWith a baseline understanding of how Group Policy functions in a Windows Active Directory Domain environment, Microsoft Exchange 2003 administrators can look at how Group Policy, GPOs, and security templates can be leveraged to enhance the ability of Management Exchange Outlook 2003 clients in the enterprise. An all-in-one solution, Exchange administrators can also use the Group Policy function to create Administrative Distribution Points for pushing client software to the desktops. Working with predefined Group Policy templates available from Microsoft, administrators can now manage areas and control access and changes, ranging from restrictions and preventing configuration modifications to controlling the look and feel that affects the overall user experience when working with the Exchange Outlook 2003 client software. In this section, you review the tools and options for managing the Exchange Outlook 2003 clients, specifically using Group Policy and predefined templates. You explore the options available with Group Policy when deploying and working with the Outlook client, Outlook Group Policy templates, and the steps for configuring administration privileges for managing the Exchange client through Group Policy. Exchange Client Policy OptionsTo further enhance the management functionality when working with Exchange Outlook 2003 clients, the ORK now provides a predefined security template for managing Outlook clients using the Group Policy functionality of Windows domains. Called Outlk11.adm , this template enables administrators to centrally manage and configure many of the security functions and preferences normally required to be configured at each individual Outlook client. Using Outlk11.adm, administrators can fully manage and configure the following areas:
Though the Outlk11.adm template enables you to configure many import options and preferences with the Outlook 2003 Exchange clients, not all areas are available with the template. Adding the Outlook Administrative TemplateBecause the additional administrative templates are not configured by default when Windows Server 2003 is installed, administrators must download or install the Administrative Outlook Template manually. Available on the ORK, the Outlk11.adm is placed on the local drive of the systems where the ORK is installed. To begin setting up the Outlook security template Outlk11.adm , start by installing the GPMC on the domain controller where the policy will be administered. Next install the Microsoft ORK on a system where the template can be accessed from a domain controller for import into the Domain Group Policy. TIP To download the GPMC from Microsoft, go to http://www.microsoft.com/windowsserver2003/downloads/default.mspx The Office 2003 Resource Kit (ORK) can be downloaded from the Microsoft Office Web site at http://www.office.microsoft.com/home/default.aspx After the ORK is installed, the Outlk11.adm file is automatically extracted and placed in the C:\Windows\Inf directory (where C: represents the drive where the Windows installation resides) on the local system drive where the ORK was installed. To import the Outlook security template Outlk11.adm into the Domain Group Policy using the Group Policy Management Tool, use the following steps: TIP When importing the Outlk11.adm security template, it is best practice to import the template to the Default Domain Group Policy.
You should now see the Microsoft Outlook 2003 template under the Administrative Templates folder in the Group Policy Editor. Assigning Group Policy DelegatesAlthough Group Policy has traditionally been the management task of Windows domain administrators, with delegation, permissions can be assigned to additional resources and accounts to manage Exchange 2003 Outlook clients. Using the Delegation Wizard of the GPMC, accounts can assign and delegate rights to add, modify, and delete Group Policy Objects. It is important to delegate the proper rights for administrators to manipulate the Microsoft Outlook 2003 Group Policy. Using the delegation option of the GPMC, administrators can assign a very small group of users permission to edit Outlook policies at the domain level. To enhance this functionality, it is also possible to allow diverse groups of administrators to configure group policies at lower levels of the Active Directory domain tree. When assigning permissions, administrators can delegate the following rights:
Using the Group Policy Delegation Wizard makes it easy to give the appropriate groups of administrators the rights they need to do their job and continue to administer Windows Server 2003 in the most secure way possible. How to Delegate Rights over GPOsTo understand the steps required to assign rights over GPOs, let's look at the following scenario to assign one Active Directory account permission at the domain level. The rights that will be assigned to the account will be the Edit Group Policy Objects Only permissions. To begin, open the GPMC by selecting Start, All Programs, Administrative Tool, Group Policy Management. Then follow these steps:
The account has now been assigned rights to edit the domain-level GPO. Review the information and test settings to ensure that the permissions have been applied correctly. Managing Group Policy ConfigurationsThrough Group Policy, Outlook configuration settings can be configured and applied differently depending on how the GPO is applied. Exchange administrators can not only centrally manage one group of Exchange 2003 Outlook clients, but they can configure and apply a completely different set of options enforced on a different group or OU in the domain by following these steps:
TIP When linking the GPOs, access to the GPMC can be obtained through the Active Directory Users and Computers (ADUC) snap-in. Select the properties of the domain you are working with and select the Group Policy tab. |
< Day Day Up > |