Skip to main content

Event Review: Understanding Group Policy on Windows Server 2003 Part 1 (Session TNT1-119_200)

Welcome to the material supporting page for this session. The materials on this page have been selected as the best matches to the content covered in the live event session.

Session Outline

This two-part session takes an in-depth look at Group Policy, a powerful management feature of Windows Server 2003 that enables IT administrators to automate one-to-many management of users and computers, thus simplifying administrative tasks and reducing IT costs. Through the use of Policy Settings, administrators can control desktops, software deployment, and software usage and security settings across an entire organization. As this is such a powerful feature, this session covers the full range of options within Group Policy, starting by highlighting differences from previous versions. We will look at design considerations for both security and management, and then look at deploying and managing Group Policy objects using the GPMC, deploying software, testing staging, filtering, and finally troubleshooting. With GPMC, policy-based management is even easier. Administrators can efficiently implement security settings, enforce IT policies, and distribute software consistently across a particular site, domain, or range of organizational units.

Session Agenda

  • Group Policy Concepts
  • Linking and Order of Precedence
  • Group Policy Management Console
  • Administrative Templates
  • Designing a Security Policy
  • Domain Level Settings
  • Software Restrictions Through GPO
  • Hardening Servers
  • OU Structure

Session Media

This session consists of a Windows Media presentation and demonstrations:
View the session presentation

View the full multimedia recording of this session.

Download the full session

Download the full multimedia recording of this session.

Download all slides and transcripts

Download just the slides and transcripts of this session.

Demo: Managing Group Policies Using the Group Policy Management Console

This demonstration will give a review of Group Policy and an overview of the new Group Policy Management Console (GPMC). Group Policy links will be defined and displayed in the GPMC. Inheritance and Resultant Set of Policies will be reviewed. The Group Policy file structure will be shown while building a new GPO for Finance Users. Finally, searching and backing up GPOs will be shown. We will also go over real world scenarios including creating a GPO to deploy software, editing a GPO to prevent users from installing unauthorized software, delegating GPO creation to another security group, delegating editing rights of a GPO to another security group, as well as using Security Filtering to prevent the application of policy settings on specific users. 

Demo: Designing a Security Policy

This demo reviews Security Policies and policies that are set at the domain level. GPO settings regarding passwords are demonstrated along with details of how the settings affect how users change their passwords. Locking down software installations at the workstation is demonstrated. This demo shows how delegation works at the GPO level and gives specific examples of it. Finally, we will review how to prevent GPOs from applying to administrators and determining which settings should be set for the domain level. 

Related Links

Use the following resources to learn more about topics covered in this briefing.

Third-Party Books

  • Inside Active Directory: A System Administrator's Guide, 2nd Edition

    Summary: The most practical, comprehensive, and highly praised guide to Active Directory has now been fully updated for Windows Server 2003. The second edition of Inside Active Directory: A System Administrator's Guide offers a definitive reference to the design, architecture, installation, and management of Active Directory, the cornerstone technology within Windows 2000 and Windows Server 2003 distributed networks. This new edition—based on the final release software of Windows Server 2003—emphasizes security and covers all the new features and discusses enhancements in replication and Group Policy, forest trusts, functional levels, and working with dynamic objects.

  • Microsoft Windows Server 2003 Unleashed

    Summary: A fresh perspective on planning, designing, implementing, and migrating to a Windows Server 2003 environment. Rand Morimoto and his co-authors began writing this book using their experience from several very large client implementations, some having more than 100 servers in production. On a daily basis, as this book was in production, they had clients with thousands of users taking advantage of the Windows Server 2003 security, scalability, performance, and reliability functions months before the product release. Because of that unique experience, the authors of this book were able to compile the best practices, installation and migration tips and tricks, performance optimization techniques, configuration tuning, and server management techniques for the readers of this book. Rather than revising from previously published chapters in Windows Server 2000 Unleashed, this book was written completely from scratch with the belief that this approach would incorporate the true recommendations from the author team for best practices, tips, and tricks to get the most out of the Windows Server 2003 networking environment.

  • Inside Windows Server 2003

    Summary: This book is designed to lead a class through the complexities of a full Windows Server 2003 deployment. Each chapter starts off with a list of new features in Windows Server 2003, along with any significant improvements to features carried over from Windows 2000. It then presents design principles, followed by procedures to install and configure the aspects of Windows Server 2003 covered in that chapter. The coverage is comprehensive, in-depth, practical, and authoritative. Many helpful examples are presented to illustrate the concepts. All along the way the author includes proven advice for improving stability and performance. Windows Server 2003 represents a new emphasis from Microsoft on trustworthy computing, so security issues are covered extensively.

  • Group Policy: Management, Troubleshooting, and Security

    Summary: The Group Policy Management Console (GPMC) is a dramatic step forward in the way Group Policy is administered. This book provides all the instruction and insight you need to take full control of your Active Directory with GPMC and other Group Policy tools. You'll also learn techniques for implementing IntelliMirror, making it possible for users to work securely from any location; and you'll find intensive troubleshooting advice, insider tips on keeping your network secure, and hundreds of clear examples that will help you accomplish all your administration goals. You will learn to: create and manage all Group Policy functions within Active Directory; understand Group Policy differences in Windows 2000, Windows XP, and Windows Server 2003 systems; troubleshoot Group Policy using Support tools, Resource Kit utilities, log files, registry hacks, and third-party tools; create and deploy custom settings for managing client systems; manage, secure, and audit client and server systems; script complex operations, including linking, back up, restore, permissions changes, and migrating; set up Local, Roaming, and Mandatory profiles; set up and manage IntelliMirror components with Group Policy; use Group Policy Software Installation to perform hands-off installations; use Remote Installation Services to automate the installation of new Windows systems; ensure the safety of your users' data with Redirected Folders and Shadow Copies.

  • The Ultimate Windows Server 2003 System Administrator's Guide

    Summary: Windows Server 2003, the successor to Windows 2000 and Windows NT Server, is designed to accommodate the seamless exchange of information through Web services. It delivers the increased flexibility and power needed to administer networks as global entities, but its enhanced management tools and security features present as many challenges as opportunities. The Ultimate Windows Server 2003 System Administrator's Guide will help readers negotiate these challenges and exploit the opportunities.

Training and Certification

  • Course 2273: Managing and Maintaining a Microsoft Windows Server 2003 Environment

    Summary: This course provides students with the knowledge and skills that are required to manage accounts and resources, maintain server resources, monitor server performance, and better safeguard data in a Microsoft Windows Server 2003 environment. This is the first course in the Systems Administrator and Systems Engineer tracks for Windows Server 2003 and serves as the entry point for other courses in the Windows Server 2003 curriculum.