GPMC is a new tool that unifies management of all aspects of Group Policy across multiple forests in an enterprise. GPMC allows you to manage all GPOs, Windows Management Instrumentation (WMI) filters, and Group Policy- related permissions in your network. Think of GPMC as your primary access point to Group Policy, with all the Group Policy management tools available in the GPMC interface. The information presented in this chapter is based on using GPMC for Group Policy deployment and ongoing management.
Before you begin planning your Group Policy design, install GPMC. It is available as a download from the Microsoft Web site. See the Group Policy Management Console link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources. This is a free download, and you are licensed to use this software if you have at least one licensed copy of Windows Server 2003 in your organization.
GPMC consists of an MMC-based user interface (UI) and a set of scriptable interfaces for managing Group Policy. The UI integrates all previous Group Policy tools into a unified Group Policy-management console.
You can use GPMC in an Active Directory network on computers that are running Windows Server 2003 or Windows XP Professional with Service Pack 1 and the Microsoft .NET Framework.
This tool can manage both Windows Server 2003 and Windows 2000 Active Directory “based domains. Figure 7.1 shows the GPMC interface opened to the Inheritance tab.
GPMC provides the following:
A new user interface that integrates existing Group Policy functionality currently accessible by using various tools such as the Active Directory Users and Computers snap-in, the Active Directory Sites and Services snap-in, the Delegation of Control Wizard, the RSoP snap-in, the Delegation Wizard, and the ACL editor. The UI also simplifies inheritance and enforcement of GPOs.
Access to the Group Policy Object Editor.
Backing up and restoring GPOs.
Importing GPOs.
Copying and pasting GPOs, including across trusted domains.
Searching for existing GPOs.
Integration of Resultant Set of Policy (RSoP) capabilities:
Group Policy Modeling allows you to simulate the application of Group Policy for specified combinations of computer and user accounts. This is valuable in planning Group Policy deployments prior to implementing in the production environment. The simulation occurs on a service running on a Windows Server 2003 domain controller. Note that although Windows 2000 does not support RSoP infrastructure, it is possible to simulate the application of Group Policy for Windows 2000 computers using Group Policy Modeling.
Group Policy Results allows you to retrieve RSoP data for viewing GPO interaction and for troubleshooting Group Policy deployments. The computer from which this data is retrieved must be running either Windows XP Professional or Windows Server 2003.
Support cross-domain and cross-forest GPO import and copy operations.
Reporting GPO settings and RSoP data in HTML-based reports that you can save and print.
Scripting all operations that are available within the tool. To help you get started, the GPMC installation includes 32 sample scripts that use COM interfaces. You cannot, however, use scripts to edit individual policy settings in a GPO.
To create a GPO, use GPMC. To edit a new GPO, use the Group Policy Object Editor snap-in for the Microsoft Management Console (MMC), which you can start from GPMC. By using GPMC to link a GPO to selected Active Directory system containers ” sites, domains, and organizational units (OUs) ” you apply the policy settings in the GPO to the users and computers in those Active Directory containers.
For detailed, step-by-step information about using GPMC to deploy and manage your Group Policy infrastructure, see the online Help available in GPMC.
For more information about GPMC, read Administering Group Policy with the Group Policy Management Console, available from the Group Policy Management Console link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources. You can also find more information about using GPMC in Troubleshooting Group Policy in Microsoft Windows Server 2003, available from the Troubleshooting Group Policy link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
