Predicting Group Policy Outcomes

 < Day Day Up > 



Because of the complexity of inheritances, user versus computer configuration, and a host of other variables, foreseeing the outcome of any policy change is usually not possible. Two tools in Windows Small Business Server can help you keep out of deep water—an all-too-common outcome for those who mess about with Group Policy.

Group Policy Modeling

The Group Policy Modeling tool lets you simulate a policy deployment and see the results. (Group Policy Modeling is essentially the same as Resultant Set of Policy planning mode on Windows Server 2003 prior to the release of Group Policy Management Console.)

To use Group Policy Modeling, complete the following steps:

  1. Select Group Policy Management from the Administrative Tools menu.

  2. Right-click Group Policy Modeling in the console tree and select Group Policy Modeling Wizard.

  3. On the Domain Controller Selection page, your Windows Small Business Server is selected.

  4. On the User And Computer Selection page, you can select the following combinations:

    • A container with user information combined with a computer container

    • A container with user information combined with a specific computer

    • A single user and a computer container

    • A single user and a specific computer

    • A computer container alone

    • A specific computer alone

    • A user container alone

    • A specific user alone

  5. On the Advanced Simulation Options page, select any advanced simulation options you want to include.

  6. On the Alternate Active Directory Paths page, you can simulate changes to the network location.

  7. If you specified a user or user container, the User Security Groups page appears showing group membership (Figure 10-24). To see the results of changes to group membership, add or remove groups from the list.

    click to expand
    Figure 10-24: Simulating a change in group membership.

  8. If you specified a computer or computer container, the Computer Security Groups page appears. You can change the security group memberships for the computer or computer container you’re modeling.

  9. Leave the default settings for the WMI Filters For Users and WMI Filters For Computers pages.

  10. Review the settings on the Summary Of Selections page (Figure 10-25). Click Next. When Group Policy Modeling is complete, click Finish.

    click to expand
    Figure 10-25: Review the selections for this simulation.

    The report is generated and appears in the console tree under Group Policy Modeling. In the details pane, the Summary tab shows the applied and denied GPOs and the simulated group memberships.

  11. Click the Settings tab to review the policies that apply to this simulation, what the settings are, and the GPO that determines each setting. The Query tab summarizes the settings that the report is based on.

  12. Right-click the name of the saved report and select Rerun Query to run it again after you’ve made changes.

start sidebar
Under the Hood

WMI Filters

Windows Management Instrumentation (WMI) allows the dynamic checking of the scope of a GPO. When a GPO linked to a WMI filter is applied on a computer, the filter is evaluated. If the filter evaluates to false, the GPO is not applied. If the filter evaluates to true, the GPO is applied— except on Windows 2000 computers, which ignore the filter altogether and always apply the GPO.

WMI filtering applies only to computers running Windows Server 2003 and Windows XP and is really designed for very large networks, so its use in a Windows Small Business Server environment is akin to using a cannon to ring a doorbell.

If you want to read up on WMI filters, select Help and Support from the Start menu. Search for WMI filters in the Help and Support.

end sidebar

Group Policy Results

Use the Group Policy Results tool to determine current policy settings for a specific user or computer. To use Group Policy Results, complete the following steps:

  1. Select Group Policy Management from the Administrative Tools menu.

  2. Right-click Group Policy Results in the console tree and select Group Policy Results Wizard.

  3. On the Computer Selection page, you must specify the computer to use. But you can select the option to display only the user policy settings and not display the policy settings for the computer (Figure 10-26).

    click to expand
    Figure 10-26: On the Computer Selection page, choose whether you want to view only user policy settings.

  4. On the User Selection page, specify a specific user. On this page, you can select the option to report just the computer settings and not the user policy settings.

  5. On the Summary Of Selections page, the summary of your selections is displayed. Click Next and then Finish to generate a Group Policy Results report.

    The report is generated and appears in the console tree under Group Policy Results. In the details pane, the Summary tab shows the applied and denied GPOs and the actual group memberships.

  6. Click the Settings tab to review applied policies, what the settings are, and the GPO that determines each setting.



 < Day Day Up > 



Microsoft Windows Small Business Server 2003 Administrator's Companion
Microsoft Windows Small Business Server 2003 Administrators Companion (Pro-Administrators Companion)
ISBN: 0735620202
EAN: 2147483647
Year: 2004
Pages: 224

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net