Modifying Administrative Templates


With a baseline understanding of how Group Policy functions in a Windows Active Directory Domain environment, Microsoft Exchange 2003 administrators can look at how Group Policy, GPOs, and templates can be leveraged to enhance the ability to manage applications like Microsoft Outlook 2003 in the enterprise. Working with predefined Group Policy templates available from Microsoft, administrators can now manage areas and control access and changes, ranging from restrictions and preventing configuration modifications to controlling the look and feel that affects the overall user experience when working with application software.

In this section, we will review the tools and options for managing an application such as the Microsoft Outlook 2003 client software, specifically using Group Policy and predefined templates. We will also explore the options available with Group Policy when deploying and working with the Outlook client, Outlook Group Policy templates, and the steps for configuring administration privileges for managing the Exchange client through Group Policy.

Outlook Client Policy Options

To further enhance the management functionality when working with an application like the Outlook 2003 software, the Office Resource Kit (ORK) provides a predefined template for managing Outlook clients using the Group Policy functionality of Windows domains.

Called Outlk11.adm, this template enables administrators to centrally manage and configure many of the preferences and security functions normally required to be configured at each individual Outlook client. Using Outlk11.adm, administrators can fully manage and configure the following areas:

  • Outlook preferences The preferences options available with the security templates can be defined in the same manner as using the Options tab available in the Tools menu of the Outlook client. When defining preferences, administrators can control the standard look and feel of each component available with Outlook. Options include areas for enforcing items such as spell-check and email format, calendar views, and contact options.

  • Exchange settings Configuration items, such as profile configurations and auto archiving, can now be centrally configured.

  • SharePoint Portal Server settings In addition to the Outlook client settings, using the templates enables administrators to configure access to SharePoint Portal Server resources through the Outlook client.

Adding the Outlook Administrative Template

Because the additional administrative templates are not installed by default when Windows Server 2003 is installed, administrators must download or install the Outlook administrative template manually. Available on the ORK, Outlk11.adm is placed on the local drive of the systems where the ORK is installed.

To begin setting up the Outlook administrative template, start by installing the GPMC on the domain controller where the policy will be administered. Next, install the Microsoft ORK on a system where the template can be accessed from a domain controller for import into the Domain Group Policy.

Tip

The Office 2003 Resource Kit can be downloaded from the Microsoft Office Web site at http://www.microsoft.com/downloads.


After the ORK is installed, the Outlk11.adm file is automatically extracted and placed in the C:\Windows\Inf directory (where C: represents the drive where the Windows installation resides) on the local system drive where the ORK was installed.

To import the Outlook security template Outlk11.adm into the Domain Group Policy using the Group Policy Management Tool, use the following steps:

Tip

When importing the Outlk11.adm security template, it is best to import the template to the Default Domain Group Policy.


1.

From a domain controller in the domain where the policy will be applied, open the Group Policy snap-in by selecting Start, All Programs, Administrative Tools, Group Policy Management.

2.

Select the Default Domain Policy where Outlk11.adm will be imported to, as shown in Figure 21.10.

Figure 21.10. Select the location in the Group Policy Management Console.


3.

From the Action menu select Edit; this opens the Group Policy Object Editor window.

4.

On the Group Policy Object Editor, select Administrative Templates under the User Configuration option and right-click to choose Add/Remove Templates, as shown in Figure 21.11.

Figure 21.11. Select Add/Remove Templates in the Group Policy Object Editor.


5.

From the Add/Remove Templates dialog box, click the Add button.

6.

Navigate to the location where Outlk11.adm was placed, as noted in step 2. Select the template to import OUTLK11.ADM and click the Open button.

7.

Ensure that the OUTLK11 template has added the Add/Remove Templates dialog box, and click Close to continue.

You should now see the Microsoft Outlook 2003 template under the Administrative Templates folder in the Group Policy Editor.

Assigning Group Policy Delegates

Although Group Policy has traditionally been the management task of Windows domain administrators, with delegation, permissions can be assigned to additional resources and accounts to manage Microsoft Outlook clients. Using the Delegation Wizard of the GPMC, accounts can assign and delegate rights to add, modify, and delete Group Policy Objects.

It is important to delegate the proper rights for administrators to manipulate Outlook 2003 group policies. Using the delegation option of the GPMC, administrators can assign a very small group of users permission to edit Outlook policies at the domain level. To enhance this functionality, it is also possible to allow diverse groups of administrators to configure group policies at lower levels of the Active Directory domain tree.

When assigning permissions, administrators can delegate the following rights:

  • Create GPO

  • Create WMI filters

  • Permissions on WMI filters

  • Permissions to read, edit, and so forth an individual GPO

  • Permissions on individual locations to which the GPO is linked (SOM)

How to Delegate Rights over GPOs

To understand the steps required to assign rights over GPOs, let's look at the following scenario to assign one Active Directory account permission at the domain level. The rights that will be assigned to the account will be the Edit Group Policy Objects Only permissions.

To begin, open the GPMC by selecting Start, All Programs, Administrative Tool, Group Policy Management. Then follow these steps:

1.

On the GPMC, select Domain Folder, Your Domain, Group Policy Objects, Default Domain Policy.

2.

Select the Delegation tab in the right pane of the Domain Group Policy Object.

3.

To add an account, select the Add button, enter the name of the account to be added, and click the OK button.

4.

Select the rights to be assigned to the account by selecting the permission Edit in the drop-down box, as shown in Figure 21.12; select OK to continue.

Figure 21.12. Add Group or User permissions.


The account has now been assigned rights to edit the domain-level GPO. Review the information and test settings to ensure that the permissions have been applied correctly.

Managing Group Policy Configurations

Through Group Policy, Outlook configuration settings can be configured and applied differently depending on how the GPO is applied.

Exchange administrators can not only centrally manage one group of Outlook clients, but they can configure and apply a completely different set of options enforced on a different group or OU in the domain by following these steps:

1.

Open the GPMC and select the organizational unit to which to apply the GPO.

2.

Select Action from the menu bar and select Link An Existing GPO.

3.

From the Select GPO dialog box, choose the domain policy and click OK to link the domain policy to the desired organizational unit.

Tip

When linking the GPOs, access to the GPMC can be obtained through the Active Directory Users and Computers (ADUC) snap-in. Select the properties of the domain you are working with and select the Group Policy tab.


Defining Baseline Outlook Preferences

One option that group policies enable organizations to accomplish when managing an application like the Outlook client is the ability to design, develop, and implement a baseline configuration for every client configuration in use. Often, this was not an option because of the exhaustive amount of administration involved, along with the inability to secure configurations from modification.

With the option of standardizing configuration for all Outlook client systems, administrators must wonder which options can be configured to improve the productivity and functionality of the network client for every user. Using the Group Policy Object settings to define simple Outlook configuration settingssuch as Saving Sent Items, Spell Checking Messages Before Sending, and Auto Archive Settingscan not only improve the functionality of the Outlook client, but can also reduce administrative management overhead when supporting workstations and users.

Email Options

Some of the most useful email options available when configuring settings using Group Policy include the following:

  • HTML/Microsoft Word message format The most enhanced of all Outlook email options is the HTML/Microsoft Word format. This option can be enabled to provide a robust email editor.

  • Junk Email Filtering Enabling the Junk Email Filtering option allows the configuration of filtering email at the client level.

  • OST/PST Creation Disabling or enabling the OST and PST Creation options can provide control of network traffic and local system disk space utilization.

  • Empty Deleted Items Folder Controls the total amount of space each user mailbox can have, helping control storage limits; administrators can enable this option.

  • Auto Archive One area often requiring administrative overhead, the Auto Archive option can now be toggled via GPO settings.

  • Email Accounts Using this option, users can be prevented from adding additional account types.

Calendar Options

In addition to the email options available, the following calendar options can be defined to establish a base functionality for all Domain Outlook users:

  • Reminders Display Options Calendar reminders can be disabled and enabled.

  • Working Hours and Work Week These options can be defined and set for all calendar views.

Contact Options

One interesting setting is the option in the Outlook security template for contacts. Administrators can define how each contact will be filed and displayed. For example, the Display Name can be set as First, [Middle], Last Name, and the File As option for the contact as Last, First.

There are many options available when configuring the Outlook client. Review the options and descriptions for each before applying settings and changes to the Outlook Group Policy Objects.

Managing the Look and Feel of the Outlook Client

Another powerful function of using group policies is the ability for an administrator to define the look and feel of the Outlook client. Administrators can now configure options to create a specific look and feel when using Outlook.

Group Policy preferences can be defined to customize the look of the Outlook client. Options can be set to allow users access to information Web sites and SharePoint Portal Server sites, providing an enhanced user's experience and data access option not previously available.

Web Options Overview

Using the Preferences options of the GPO, settings can be defined to integrate and redirect Outlook users to valuable Web data using technologies such as Microsoft SharePoint Portal and Internet Information Services:

  • Custom Outlook Today Administrators can use the URL for Custom Outlook Today Properties settings to define a Web page that will be viewed when users access the Outlook Today home page.

  • Folder Home Pages Settings Each Outlook folder can now be redirected to a predefined Web page.

  • SharePoint Portal Server With Outlook 2003 and Group Policy preferences, support to integrate SharePoint with Outlook can easily be enabled and disabled.

Configuring and Applying Outlook Group Policy Settings

With all the information gathered in the previous sections, administrators can now apply settings and configuration options using the GPMC and Outlook 2003 security template. To better understand the settings for applying a group policy, review the following mock installation scenario.

In this scenario, you create and apply a standard set of preferences to create an Outlook client baseline configuration for one OU in the Active Directory domain. As described earlier, one additional setting is applied to redirect the client's Outlook Today setting and direct users to a company Internet home page.

To begin, open the GPMC by selecting Start, All Programs, Administrative Tools, Group Policy Management and then follow these steps:

1.

Select the Default Domain Policy by selecting Forest, Domains, YourCompanydomain, Group Policy Objects.

2.

Select the Default Domain Policy, click Action from the GPMC menu, and click Edit. This opens the Group Policy Editor.

3.

Select Administrative Templates under the User Configuration and select the Microsoft Outlook 2003 folder.

From this point, you can begin to enable options and apply preferences to the GPO. After options are enabled, they appear in the GPMC to be tested through RSoP and applied to the OU. In this scenario, you apply the HTML/Microsoft Word Email Editor options and redirect the Outlook Today page to point to a Web page called www.CompanyABC.com. To apply these settings, complete these steps:

1.

Select the Microsoft Outlook 2003 folder and select Tools, Options, Mail Format, Message Format.

2.

Double-click Message Format Editor in the right pane to open and configure the Message Format Policy settings.

3.

As shown in Figure 21.13, select Enabled Option and click HTML/Microsoft Word in the drop-down box. Select OK to continue.

Figure 21.13. Message Format Editor properties.


4.

Next, select the Outlook Today folder by selecting Microsoft Outlook 2003, Outlook Today.

5.

Double-click URL for Custom Outlook Today Properties in the right pane.

6.

To enable the redirection of the Outlook Today home page, click the Enable button and enter the URL to be displayed, as shown in Figure 21.14. Click OK when finished.

Figure 21.14. Custom Outlook Today properties.


7.

Open the GPMC and confirm that the settings are ready to be applied. From the GPMC, select Default Domain Policy and ensure that the Outlook settings appear as shown in Figure 21.15.

Figure 21.15. GPMC Outlook settings.


Now that the Group Policy options have been configured, you apply the settings to a group of users in the domain by following these steps:

8.

To apply the settings to a group, click the Add button under Security Filtering in the right pane of the Default Domain Policy.

9.

From the Select Users, Computers, or Groups search page, enter the name of the group to which the settings will be applied and click OK.

10.

Check to see whether the group has been added to the Security Filtering pane.

When the configuration is completed, it is good practice to back up the configuration and ensure that all the settings are enabled on the GPO by selecting Action/GPO Status.

Customizing Administrative Group Policy Templates

Beyond using the custom and default templates, it is possible for you to create your own customized Administrative template to enforce a Registry change. The changes appear in the Group Policy GUI format and can be configured through the GPMC or ADUC the way normal Group Policy would be configured. Customized templates can be very useful in a highly customized environment or one where the default choices are not sufficient.

To best determine how to write a custom template, you must first consider what you are trying to control or change. You must also discover whether the Registry change is in the User or Computer hive area and then also note the actual Registry path and Registry value. After you have determined these items, coding a new basic administrative template is not too complex.

Administrative templates vary from the very basic to the extremely complex (look at the common.adm that is installed with Windows 2003). However, they can be extremely useful tools with which to customize any environment using Group Policy.




Microsoft Windows Server 2003 Unleashed(c) R2 Edition
Microsoft Windows Server 2003 Unleashed (R2 Edition)
ISBN: 0672328984
EAN: 2147483647
Year: 2006
Pages: 499

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net