Group Policy Management

Previous page
Table of content
Next page
   

Group Policy Management

The Microsoft Group Policy Management Console (GPMC) is the new solution for Group Policy management that helps you manage your enterprise more cost-effectively. It consists of a new Microsoft Management Console (MMC) snap-in and a set of scriptable interfaces for managing Group Policy. GPMC is planned to be available as a separate component by the time Windows Server 2003 is launched. GPMC is designed to do the following:

  • Simplify the management of Group Policy by providing a single place for managing core aspects of Group Policy. You can think of GPMC as a one-stop location for managing Group Policy.

  • Address top Group Policy deployment requirements, as requested by customers, by providing

    • A user interface (UI) that makes Group Policy much easier to use

    • Backup/restore of Group Policy objects (GPOs)

    • Import/export and copy/paste of GPOs and Windows Management Instrumentation (WMI) filters

    • Simplified management of Group Policy “ related security

    • HTML reporting for GPO settings

    • HTML reporting for Group Policy Results and Group Policy Modeling data (formerly known as Resultant Set of Policy)

    • Scripting of GPO operations that are exposed within this tool ”but not scripting of settings with a GPO

Prior to GPMC, administrators were required to use several Microsoft tools to manage Group Policy. GPMC integrates the existing Group Policy functionality exposed in these tools into a single, unified console, along with the new capabilities just listed.

Managing Domains

GPMC will be able to manage both Windows 2000 and Windows Server 2003 “based domains with the Active Directory service. In either case, the administrative computer on which the tool itself runs must be running one of the following:

  • Windows Server 2003

  • Windows XP Professional with Service Pack 1 (SP1), plus an additional post-SP1 hot fix, and the Microsoft .NET Framework

More Group Policy Improvements

Additional Group Policy improvements to Active Directory include the following:

  • Redirecting default user and computer containers.

    Windows Server 2003 includes tools to automatically redirect new user and computer objects into specified organizational units where Group Policy can be applied.

    This helps administrators avoid a situation in which new user and computer objects are left in default containers at the domain root level. Such containers were not designed to hold Group Policy links, and clients were not designed to read and apply Group Policy from these containers. This forced many customers who used these containers to introduce domain-level policy, which can be unwieldy in many cases.

    Instead, Microsoft recommends creating a logical hierarchy of organizational units to hold newly created user and computer objects. Administrators can use two new Resource Kit tools ”RedirUsr and ReDirComp ”to specify an alternative default for the three legacy APIs: NetUserAdd , NetGroupAdd , and NetJoinDomain . This will allow administrators to redirect the default locations to suitable organizational units and then apply Group Policy directly to these new organizational units.

  • Group Policy Results.

    Group Policy Results enables administrators to determine and analyze the current set of policies applied to a particular target. With Group Policy Results, administrators can review existing policy settings on targeted computers. Group Policy Results was formerly known as the logging mode of Resultant Set of Policy.

  • Group Policy Modeling.

    Group Policy Modeling is designed to help administrators plan for growth and reorganization. It allows administrators to poll standing policy settings, applications, and security for what-if scenarios. Once an administrator decides that a change is necessary or inevitable, a series of tests can be run to see what would happen to a user or group of users if they were moved to another location, another security group, or even another computer. This includes which policy settings would be applied and which files would be automatically loaded after the change took effect. Group Policy Modeling greatly benefits administrators by providing the means to fully test policy changes before implementing them throughout their networks.

New Policy Settings

Windows Server 2003 includes more than 150 new policy settings. These policy settings provide the capability to customize and control the behavior of the operating system for groups of users. These new policy settings affect functionality such as error reporting, Terminal Server, networking and dial-up connections, DNS, network logon requests , Group Policy, and roaming profiles. The new policy-related features include the following:

  • Web view administrative templates.

    This feature enhances the Group Policy Administrative Template extension snap-in, making it possible to view detailed information about the various available policy settings. When a policy setting is selected, information detailing a setting's behavior and additional information about where the setting can be used are displayed in a Web view within the administrative templates user interface. This information is also available from the Explain tab on the property page of each setting.

  • Manage DNS client.

    Administrators can configure the DNS client settings on Windows Server 2003 using Group Policy. This simplifies the steps to configure domain members when adjusting DNS client settings such as enabling and disabling dynamic registration of the DNS records by the clients, using devolution of the primary DNS suffix during name resolution, and populating DNS suffix search lists.

  • My Documents folder redirection.

    An administrator can use this feature to transition users from a legacy deployment of home directories to the My Documents model while maintaining compatibility with the existing home directory environment.

  • Full installation of user-assigned applications at logon time.

    The Application Deployment Editor contains a new option that allows a user-assigned application to be installed completely at logon time instead of on demand. Administrators can ensure that users have the appropriate software automatically installed on their computers.

  • Netlogon.

    This feature provides the capability to configure the Netlogon settings on Windows Server 2003 “based computers using Group Policy. This simplifies the steps required to configure domain members when adjusting Netlogon settings such as enabling and disabling dynamic registration of the specific domain controller locator DNS records by the domain controllers, periodicity of refreshing such records, and many other popular Netlogon parameters.

  • Network and dial-up connections.

    Windows Server 2003 networking configuration user interfaces can be made available for (or limited to) specific users via a Group Policy.

  • Distributed eventing policies.

    WMI eventing infrastructure is expanded to operate in a distributed environment. The enhancements consist of components that will enable configuring subscription, filtering, correlation, aggregation, and transport of WMI events. An ISV can enable health monitoring, event logging, notification, autorecovery, and billing with the addition of a user interface and definition of a policy type.

  • Credential Manager disabling.

    A new feature in Windows Server 2003, Credential Manager eases managing user credentials. Group Policy allows you to disable Credential Manager.

  • Support URL for software deployment.

    This feature provides a capability to edit and add a support URL for the package. When the application appears in Add/Remove Programs on target computers, the user can then select the Support Information URL and be directed to a support Web page. This feature can assist in reducing calls to a help desk or support team.

  • WMI Filtering.

    Windows Management Instrumentation (WMI) makes a large amount of data, such as hardware and software inventory, settings, and configuration information, available for a target computer. WMI gathers data from the registry, the drivers, the file system, Active Directory, Simple Network Management Protocol (SNMP), the Windows Installer service, structured query language (SQL), networking, and Exchange Server. WMI Filtering in Windows Server 2003 lets you dynamically determine whether to apply a GPO based on a query of WMI data. These queries (also called WMI filters) determine which users and computers receive the policy settings configured in the GPO where you create the filter. This functionality lets you dynamically target Group Policy based on the properties of the local machine.

    For example, a GPO might exist that assigns Office XP to users in a certain organizational unit. However, administrators are uncertain as to whether all of the older desktops in that organizational unit have enough hard disk space to accommodate the software. In this case, a WMI filter can be used with the GPO to assign Office XP only to users who have desktops with more than 400 megabytes (MB) of available hard disk space.

  • Terminal Server.

    An administrator can use Group Policy to manage how a terminal server can be used, such as enforcing redirection capabilities, password access, and wallpaper settings.

   
Top

Previous page
Table of content
Next page
Introducing Microsoft Windows Server 2003
Introducing Microsoft Windows Server(TM) 2003
ISBN: 0735615705
EAN: 2147483647
Year: 2005
Pages: 153
Authors: Jerry Honeycutt
BUY ON AMAZON
Java for RPG Programmers, 2nd Edition
Cisco Voice Gateways and Gatekeepers
Twisted Network Programming Essentials
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Java Concurrency in Practice
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy