70-410 Objective 6.1 - Understanding Group Policy Management on Windows Server

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome back to another video in this video for objective 6.1 creating and managing Group Policy objects I want to talk to you a little bit about the gpmc or the group policy management console before we do that though let's just take a look at Active Directory users and computers because what I want to do is kind of show you the structure that we have here and explain it a little bit so let me just go ahead and zoom in on that so up here we have our contoso dot-com container and that's really our domain right that holds the main object and then you'll notice the next type of container is built in and then right below it is computers now these two containers here differ a little bit in appearance than this one right here and that's because their containers and they're not organizational units so when we look at organizational units which are these guys right here depicted by the little square or whatever you call it on the folder we can actually apply a group policy on to use but we cannot actually apply group policy on to containers and we have like foreign security principles managed service accounts users computers and built in those are created for us when we create the domain there's no way that you can actually apply a group policy to those containers now I have created a new structure of contoso and then what I did was I created them by object type so we have groups servers computers all under the contoso oh you and we do this because we want to be able to apply group policy in a hierarchical fashion let's go over to the gpmc now and we'll open that up kind of side by side and we'll notice that we've got domains and then contoso just move that over a little bit and then underneath contoso we have all of our oh you structure our domain controllers and then our group policy objects so let's just take a look at this for a second here so we'll notice here we have the contoso com domain container and right underneath it we have a default domain policy now this is actually what we call a link this links to the group policy object down here and this is actually our inventory of all the group policy objects that have been created and this is actually the GP the group policy object and this right here is just a link to it now down here we have domain controllers and again we have a link to it to the default domain controllers policy out of the inventory of default domain controller policy right that rather group policy objects and that's our default domain control controller GPO now if we take a look and we go and look side by side will notice that the computers container is not in here that's because you can't really do anything in group policy with a container but we have or contoso comm container we have our groups or rather oh you we have our group so you we have our servers oh you we have our users oh you and then we have our domain controllers oh you and that's where our domain controllers actually set and we can see that the structure inside of group policy management console emulates what's in active active directory sends the the actual containers or just basic folders that we can't do anything with so now let's go ahead and just take a look as to where these group policy objects actually are and I'm just going to go down here and type in slash slash contoso comm and we're actually looking at our domain controller right now this is our sis vol there's our contoso comm container or I guess folder there is our policies and we have two policies in here now when the domain was created these two policies actually got created one is the default domain controller policy and one is the default domain policy and I'm just going to go into an edit the default domain policy and if I go to the properties of this we can see that the unique name or global unique ID is 3 1 B 2 F and there is our 3 1 B 2 F there is the actual GP for the default domain policy for contoso and you'll notice that it's broken down into machine and user and there's settings in here we can't really directly edit them but we can kind of peek in there and take a look at you know what is actually configured and what the structure looks like and generally you don't manage anything from the sysvol this is how all of your policies get replicated to all the domain controllers but what I wanted to do is kind of show you the relevance of these folders in here now going back I'm just going to close that out going back here if we open up and I'm actually going to create a brand new GPO we can do in a number of different ways when we create a GPO and Link it what we're actually doing is two steps we're creating the GPO that's going to go into our group policy object inventory and at the same time we're linking it to the O you so I'm just going to go ahead and create a brand new GPO and I'm going to call this contoso settings and I'm going to okay it you're going to notice that what happened in that step was our contoso settings GPO got applied here and that link also got created up here I'm going to right click on it and I'm going to edit it now let's take a look at what we have here okay so when we look at actually editing a GPO we have our basic structure up here of computer settings or user settings now depending on what type of object you're trying to policy whether it's a computer object or a user object you will isolate your settings to one of these different nodes if you would because here's what's going to happen if a user is under the oh you and you set a whole bunch of computer configuration it doesn't matter that the user is under that oh you and this GPO is applied to that oh you if they're not set for the user in the user configuration it's not going to apply to that object so the first thing that we have to understand is that we have two different types of settings we have computer configuration and user configuration user configuration will not apply to computers and computer configuration will not apply to users now as we look at the structure in here whether you're under users or computers we have policies and we have preferences policies are what we originally got in Windows 2000 and every version since Windows 2000 they've been proved it this is how we actually policy users and computers we have a couple different things we have software settings that allows us to apply software to remote computers or users depending on where it's at we have Windows settings those are like security settings account settings we have administrative templates and these are where you actually get to control either the operating system with the user by setting you know and we'll talk about the States by setting the different template settings now those policies are policy every 90 minutes in a process called background refresh black background refresh is where the settings get reapplied to the computer and not all of them but but 90% of them get reapplied to the computer and this is how we policy a computer now there's also preferences and preferences are not really policy the more of suggested they when we log on to a computer or a computer starts up they will be set but they will not be background refreshed they will only be done on the initial startup of the computer or the initial logon of the user and this is why their preferences now the why would we have preferences well because lots of times we want to set the initial setting but then allow the user to go ahead and set it now give you a perfect example if we set the screensaver in a policy that means that every time the computer starts up or the rather the user logs on the timer for the screensaver will be 40 minutes but let's say that you have people giving presentations where they might let this computer sit for 45 minutes and you want to allow them to make it an hour right but if you make it an hour you can affect everybody well the preferences we can push down the preference of 45 minutes and thus allowing them to set it to whatever they want whereas if we set it through a policy one every 90 minutes it would be refreshed and brought back to 45 minutes and to we we would actually lock the user out because lots of times it Gray's out the setting so this is kind of you know group policy we're going to look a lot more at it as we go through the objective I hope you gain something out of this video yet haven't already please subscribe to my channel like my videos share my videos enjoy my videos if you have any comments leave them down in the comment section below Google+ Facebook or Twitter and as always I thank you for watching you
Info
Channel: NetworkedMinds
Views: 222,108
Rating: 4.9334846 out of 5
Keywords: networkedminds, group policy, gpo, gpmc, group policy management console, mmc, active directory, gpo link, default domain policy, default domain controller policy, ou, organizational unit, sysvol, guid, ad, create and link, policies, preferences, policies vs. preferences, windows server, 2012 r2, 2008
Id: azup50LaIN0
Channel Id: undefined
Length: 13min 0sec (780 seconds)
Published: Sun Mar 13 2016
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.