Group Policy Tutorial For Beginners - Live Training

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right so let's get started um so the group policy tutorial for beginners what we're going to do first i'm just going to go through like four slides i know powerpoint slides is like you know you need to have death by powerpoint i do my best to avoid them at all costs but sometimes it's it's a good idea to just give you guys a slight overview so group policy is a tool that's included with windows server and let me make sure you guys can all see my screen alright we're good there it's a tool that's included with windows server domain controllers so when you install the active directory or add ds server role it's going to install a bunch of tools that are related to group policy like active directory users and computers sites and services one of the tools is group policy you can also install group policy using what's called the server administration remote server administration toolset that's just a console that you can install on any computer whether it's a domain controller or not and you just connect to your domain controllers remotely so you wouldn't install that on a domain controller might want to throw that out there you generally install it on a member server or maybe a windows 10 computer and then you connect to your domain controller and then you can access group policy and make changes and things like that so group policy allows administration of domain users and computers you can do things like create file shares you can create printers and manage your active directory domains uh really it's a really good thing for you to understand active directory users and computers before you try to move into group policy because i don't know how you use one well you could use active directory without getting into group policy but it's really hard to use group policy without having to unders or have some basic understanding of active directory so if you're not on server if you're on server academy we have an active directory module and that comes before the group policy module so make sure that you guys go through that first if you're on youtube or you don't have you're not a member then we have that free training that i was showing you guys earlier about active directory that's going to help you out a lot when it comes to administrating group policy okay cool all right so i want to give you guys a basic example so here on the left-hand side we have or on the right-hand side rather we have the domain root and this could be any domain that you have and then we have two organizational units an organizational unit you can think of it's kind of like a folder and it contains active directory objects but in active directory they're called organizational units they're not called folders so here we have two ou's one by the way ou is organizational unit we have the domain users ou or organizational unit and we have domain computers oh you organizational unit and inside that you can see these little icons are supposed to represent computers uh or users now this is all theory this isn't what active directory looks like we're going to get into the console and you'll understand that more in a second but just want to give you guys a little bit of theory um so we can create a gpo and link it to either these organizational units or we can link it to the root of our domain so if we link it to the root of the domain it's going to affect everything that falls within the the domain so domain users it would apply to them and it would apply to domain computers now we can also link these group policy objects or gpos to a specific organizational unit so that it only affects that ou and all ou's under it so if we link a gpo to a domain computer's ou then it's only going to affect the computers inside that ou same thing goes for domain users we link it to the ou for just users it's only going to affect those users now gpo is a group policy object and that contains configuration settings for either computers or user accounts in your domain so you can do things like install software which is one of the things we're going to do today you can also configure a desktop background with a group policy object you can figure things like password uh security policies so you can say that um that you know they have to have at least a 10 character password or 14 character password and you can set the complexity requirements you can tell computers through a group policy object that they have to install security updates every sunday night at 12 pm you can do things like that so it gives you a lot of control over your domain and you use group policy objects to create the settings and then you link those group policy objects where you want those settings to be applied all right so kind of like what we just talked about and what's inside of a gpo we got computer configuration now these settings only apply to computer accounts okay that's important then we have user configuration this only applies to user accounts and this is all within the same gpo you'll see more about this in a second yeah so i'm just going to check the comments really quick uh herms what's up buddy herms is one of my guys and let's see cass smith is saying our instructor had us install virtualbox and then download server 2019 set up a domain and then go download one to seven ten linux vms and join them to domain that's awesome uh that's really good yeah so that's kind of similar what to what we do at uh server academy we show how to do it through virtualbox and we're bringing hyper-v it's actually in editing right now but we also provide these online it labs so uh same kind of deal um yeah just setting up your own domain is like it's it's so important for you guys to do that um so if we create a gpo and all that all this is to say you know you have user and computer configuration all that is to say if you link a gpo to the root of your domain and you only configure computer settings it's only going to affect the domain computers that are underneath your uh domain okay same thing goes if you only configure user settings you link that gpa to the root it's not gonna affect the computers because there's no computer settings in this gpo okay it's only gonna affect the users all right so like i said i don't like to spend too much time on powerpoint uh so i'm gonna close that and i'm gonna switch over here to the lab i'm just gonna um move this into full screen mode and if you guys also have the lab up what we're going to do is log into the domain controller and we're going to take a look at the group policy console so i'm just making sure all the video is still working for everybody somebody's asking what's the difference between computer accounts and a user account a computer account is an object in active directory that represents a computer account it stores the computer account's password you manage where it's located inside of active directory and the user account is exactly the same thing it represents a physical user object inside of active directory so if you create a user account for somebody who just started working at your office you would create you would create the user account give them the domain memberships they need and assign their password right and that's they're represented by the active directory user account object but again that kind of goes into the active directory training that we did last time so you'll definitely want to check that out if you're having those kinds of questions which are really good questions so i'm going to hit ctrl delete here and log into my domain controller now the cool thing about these labs is the username and password is stored here on the right-hand side so i'm just going to type that in and hit go and then i'm going to go ahead and just log into my windows 10 workstation so i'll select my workstation here i'll hit ctrl delete and i'm going to log into that one as well so i'll type in the password and just click on the password it types it for me and i'll click go so then i'm going to switch back up to the domain controller and let this log in uh someone's saying they downloaded virtualbox and windows server 2016 but they're having an error that could be a corrupted download of windows server 2016 i see that happen a lot so maybe try giving it another download yeah that's correct cass is saying once you join a client to the domain then you're logging into accounts managed by the domain so the admin can set up the policies for set accounts this is exactly right and that's what we're going to be learning uh in this one in this webinar of this free training yeah so joining linux is not as simple as joining a windows computer did you have to well last time i did it i used realm um but there's also like 80 info i'm not the sharpest on that but i just did it a few weeks ago i think i used realm to join it to the active directory domain but that's something i should write up uh i should do some documentation documentation to write that up okay so uh now that we're logged into our active directory domain controller we know it's a domain controller because we see the addds server roles installed here on the left hand side if i click on local server i can see the computer name is sadc which is short for domain controller and i can see my static ip address all that good stuff what we're going to do is select tools and we're going to go down here and select group policy management now i'm going to expand this and i'm going to drag this over so i can see what's going on on the left side so my forest is server academy.local we're not going to break down the difference between domains and forests and sites we're going to stick work strictly with domains but i do have videos of that on youtube and also have lessons on server academy that go a little bit more into detail on that we're going to expand our domain server academy.local and this is where all of our user accounts computer accounts and group policy objects reside so here i can see that this is an organizational unit server academy i have domain controllers and then i have a set of ous beneath that then here i can expand this little dropbox or folder you might call it and this contains all of my group policy objects here i have wmi filters which i haven't created any of these but these are filters that you can link to a gpo to kind of make sure that they get applied to the computers that you want it's a little bit more in-depth but generally you don't have to mess with these too much then we have started gpos next we have group policy modeling and group policy results this lets you troubleshoot group policy so if you want to figure out what a policy would be for a specific user on a specific computer with a specific number of security groups you could do that with the group policy modeling and group policy results will actually run in rsop which we'll talk about in a little bit but it tells you which actual group policy settings are being applied to the computer so they're very useful for actually troubleshooting group policy all right well the first thing that we're going to do is start by just talking about the difference between a group policy object and a link so here are all of our group policy objects we have the default domain policy and i'm going to say do not show this message again and down here you'll also notice we have another group policy object called default domain policy and if we expand domain controllers you'll see default domain controller policy and here we'll see default domain controllers policy it looks like there's two really what's going on there's two gpos these two are the gpos and there's two gpo links and all gpo links is all that means is that hey i want to take this group poly group policy object and i want to apply it here in the domain so really quick i'm going to open active directory and i'm just going to show you what's actually inside of these organizational units so if we go to domain controllers in active directory i'll expand my domain here we have domain controllers and over here we have domain controllers inside of that domain controller i have sadc01 that's one of my that's my primary domain controller that i'm currently logged into and this is a gpo that's being applied to this organizational unit that's applying all the settings for my domain controller it's things like that prevent regular domain users from logging into a domain controller in a bunch of different security settings that are specific to domain controllers now we have the default domain policy which is linked to serveracademy.local it's linked up here at the top and that affects everything inside of the domain so all of these all the organizational units rather which there's two of them domain computers and server academy so what we're going to do is we're going to create a gpo to install some software on on our windows 10 workstation so this computer right here we're going to install i think it is notepad plus plus so right now if i click start and i scroll around we don't have notepad plus installed so we're going to fix that and we're going to do that at the domain controller level the reason why you might want to do this is you know in this lab we have one windows 10 workstation but in the real world you might have 100 workstations or 500 or a thousand and you can't log into all those and install the application on each one it would take forever and then every time there's an update you'd have to log in and you know run that update and it's just endless amounts of work so we can create one gpo and tell it to hey i want you to install this program and you link it to the ou where the computer sits and it will install for you automatically so you have to do anything oh someone's asking can you fit the window yeah let me do that uh i'm going to change the resolution thank you for bringing that up i'm going to change the resolution here advanced let's go to let's try 1600 by 900 i don't know if this makes it better or not can you guys tell me if that's better alright on youtube if it's too small let me know uh i'm getting a few reports that the screen is a little small oh cool so dj is saying the server academy course is by a mile the most complete administration course i've ever seen i've learned so much oh cool so you remember awesome man thanks i really appreciate that i'm working really hard to uh try and make it better okay someone's saying it's still too small so i'm going to pull up let's see i think there's a way to change let me see here there's a way to like change how it's zoomed in advanced sizing i don't know if this will work very well but we can try this and they change it like oh and this is just going to be on this server which is a real bummer um hold on hmm okay i'm gonna try and fix this guys hang on a second what i'm gonna do is i'm gonna lower my desktop resolution i don't know what's gonna happen to the stream let me stop screen sharing really quick and i'm gonna try and fix this for you guys okay so i'm gonna go to just webcam all right i'm gonna grab the screen resolution if i lower the resolution on my computer it should look better for you guys so let me do this all right i'm changing around a bunch of settings uh let me go to desktop capture okay i'm gonna scale this up okay and then over here i'm gonna change this to 1280 by 720. okay and then i'm going to share a screen i got so many things going on it's crazy guys thanks for uh bearing with me okay tell me if this looks better is that bigger does that look better let me know can we get a copy the powerpoint slides yeah i'll do that i'll put that on the uh recording but yeah let me know if you guys oh okay someone is saying it was good already on youtube but um i don't know now it's extra good i guess let me hit f11 here to go to full screen or actually i'll just hit full screen all right we're good now all right that's the best i think i can do for you guys um all right so where was i so we're about to create a group policy object that was going to install uh notepad plus plus now in the lab on the e drive we already have notepad plus plus downloaded i went ahead and did that for you by the way when i run live streams i create these labs ahead of time and i try to set up everything for you guys so that it's as easy as possible uh same thing for the courses everything is pre-configured so we have uh notepad plus plus and we have server academy desktop so if i double click on this this should be like some kind of yeah this is like a desktop with server academy an old logo that we actually don't use so we're going to deploy this notepad plus plus now before we can do that we need to make sure that this file is accessible by our windows 10 workstation so we have to create a file share so on the windows 10 workstation if i try to uh navigate to sadc 01 sadc 01 so i'm doing backslash backslash sadc01 if i press enter what we're going to find is we only have the net logon and the sysvol shared folders so what we need to do is create a new file share that we can access so when we configure these group policy objects they'll be able to access it without getting like a permissions denied or could not find the file so i'm going to right click on the data e drive and i'm going to create a new folder and we're just going to call this share so now i'll right click on share and i'm going to choose properties and we're going to go to the sharing tab and we'll select advanced sharing okay and we're going to say share this folder and we're going to select permissions now what we need to do is everyone has read permissions that's okay you might want to change this uh in a real environment to authenticated users so i'm just gonna type in authenticated hit check names and it should pop up authenticated users i'll hit ok and we'll say authenticated users can read the directory so they'll be able to access and run the installer because there's not any sensitive information inside of here it's just notepad plus plus if maybe if you had like some proprietary software in there you wouldn't want authenticated or everyone you might want to restrict it to a specific group but that's beyond the scope of what we're doing the next thing i'm going to do is say domain admins and i'm going to hit check names and i'm going to give domain admins full control of the file share so authenticated users can read it and domain admins can have full control over it so i'll hit apply and i'll hit ok i'll hit apply and ok again and now we have this share path sadc01 backslash share if i go back to my windows 10 client and i hit f5 now i can see the share folder there so if i open this uh the folder is empty right now let me go back to domain controller and drag in this file i'm going to drag in notepad plus plus and now i can run and launch notepad plus plus so we have the file accessible to everything in the domain if i go over to sams01 i'll just go ahead and log into this and if i type in the password and hit go um i guess i'll yeah i'll wait for this you guys probably trying to catch up anyways uh on the lab but if i this is going to take a second if i hit file explorer and i do backslash backslash sad c01 backslash i go to share i can also access notepad plus plus so it's accessible to everything on the domain as long as you're an authenticated user which is perfect and i could run this manually by double clicking it we don't want to do that we want group policy to do the work for us that's the whole point when you're doing automated deployments you don't want to have to do a lot of work you want group policy to do it for you that way you can get back to watching cat videos and things like that the important things the internet all right so over here on the domain controller we've done all the work to make sure that the file is accessible so what we need to do now is create the group policy object and we can do that by first identifying where should the group policy object go so let's go to active directory and let's look under our server academy domain and figure out if we want to install this on saws 01 which our organizational unit should we link the group policy object so i'm going to click on domain computers and here i can see that it's going to it's under a domain computer so i have sa ws01 and i have sams01 now in the real world i could probably tell you right now you wouldn't want your windows 10 clients and your member servers to be in the same organizational unit that's not a good practice but for our lab it's probably fine so what we're going to do is create a gpo that will link to this ou and it will apply to all of these computer accounts so uh let's right click and group let's go back to group policy and under domain computers let's right click and let's say create a gpo in this domain and link it here now we can type in the name and i'm going to call this notepad plus plus install and i'll click ok now if i expand this we can see that we have a new gpo link remember it's a link it's not the object itself and it's uh called notepad plus plus install and it's linked to the domain computer's ou under the group policy objects we now have a new one called notepad plus plus install all right so what i'm going to do is we can right click to edit a group policy object you can right click on the link and say edit or you can right click on the gpu itself and say edit also if i go here and i say delete it's going to say do you want to delete this link and it says this is not the gpo itself so if i say yes it's gone but the gpo still exists so if we wanted to link that we could just right click on domain computers and say list or link an existing gpo we select the gpu that we just created and hit ok and now that link's there additionally we can right click on another gpo and say link an existing gpo and we can link the same one again right so if i expand this now we have it linked in two different spots but we still only have the one gpo okay hopefully that's starting to make sense for you guys so i'm gonna go ahead and delete the link here because this is a this would not apply here let's say okay getting rid of domain groups and under domain controllers we're gonna right click or i'm sorry domain computers we're gonna right click on notepad plus plus install and we're going to say edit now this is where in the powerpoint i was talking about computer settings and user settings we're applying this gpu to a organizational unit that only contains computer accounts so what does that tell you where should we configure the settings because there's two places that we can configure the software install we can do it under computer configuration or we can do it under user configuration so we have two identical settings one for users and one for computers since the ou only contains computer accounts we need to configure this setting under the computer configuration okay does that make sense let me take a pause here for a second grab some water all right i'm gonna right click here and we're gonna say new and we're gonna say new packet excuse me i'm choking on my water we're gonna say new package and we can go to the data drive we can go to share and we can select notepad plus plus but this presents a problem and it tells us right away it says cannot verify path is a network location you have to specify the path from your network location not a local location otherwise the computers will try to access it on their e drive it's just not going to work like we want so what we're going to say is say no don't do that right click say new package and we're going to browse to the shares so we're going to do backslash backslash sadc 01 and we'll go to share and now we can select notepad plus plus so we're on the the network path or network share of our server that we just created and we'll select open and we can just leave this as assigned you can change it to advanced and make and change more options assigned is going to be perfectly fine for what we're trying to do which is just get it installed so we'll click ok and if you're curious about that i go into all those details inside of the group policy course just kind of goes beyond the time that we have for today all right so we can right click on this we can say properties and we can look at the deployment type uh we can say uninstall when it falls out of the scope of management we can change it there's upgrades categories and security we don't need to mess with any of this stuff it's just there if you need it we can also click and we can remove the application by saying all tasks and we can say remove all right so now we have this software which should get installed on all of our computers so if we pop open over to our windows 10 workstation you would kind of expect if you're new to group policy that hey it should be installed right now so if we click on start you're going to notice if we search for notepad it's not going to be installed yet all that comes up is regular notepad not notepad plus plus which is what we want so the deal is we need to uh manually we could either we could do two things first we can wait until the group policy refreshes in this case it'll actually take uh for the policy to refresh and the user to log off and log on sometimes it takes a reboot of the computer or we can open command prompt and we can run a command that is group policy update or gp update forward slash force and that will force our computer to go out to the domain controller and say hey i want to get all the policies and i want them right now versus instead of just waiting for when they'll do it by itself which could be in 90 minutes it could be in 30 minutes from now so since we're trying to test this we want to make sure it's going to work let's go ahead and do it now so i'm going to hit start and i'm going to type in cmd and i'm going to right click and i'm going to say run as administrator it's going to ask for administrator credentials i'm just going to type in administrator and i'm going to type in the password which is right here on the right hand side so it's capital p lowercase a dollar sign dollar sign w0rd and i'm going to say yes so i'm using the domain administrator account to run this and what i'm going to do is type in gp update forward slash force and by the way that running as administrator might be a little bit overkill that might not be necessary for what we're doing right now but i like to do it so in some cases it causes problems like if we try to run gp results slash scope us yeah slash r slash scope computer or user it's actually going to give us an error because we're running as administrator but that's fine okay so it's updating the policy it says computer policy update has completed and then the following warning so it looks like great something's not working actually it is working it says uh it was unable to apply one or more settings because the change must be processed before the system startup or user log on so it wants to know if it's okay to restart so i'm just going to say yes you can go ahead and restart so i'll press y and i'm going to press enter and now it's going to reboot the computer in less than a minute all right we can go ahead and go over to this computer as well and we can hit cmd and this time i won't run it as administrator just to show that it works so i just hit cmd and press enter and i'm gonna say gp update four task force and it should give us a very similar message yep same message so you have to uh reboot or log off and log on so can process so i'm just gonna say yeah go ahead and reboot so it's starting up see the cool thing about these labs also even though you're connected through your web browser you can do things like configure the bios you can install an operating system like the vms don't actually have to have connectivity to the internet for you to be able to connect to them through your web browser which i think is pretty cool and by the way i've added some new labs um to this list like uh cenos7 i don't think that's that's not the new one i can't remember exactly which ones now but i just added a couple new labs last week of course as soon as i go to say that i can't remember what they are that's how it goes of course i guess um but yeah we have a bunch of cool labs in here you guys can come in and run uh we have everything from active directory windows server we have linux oh this was it uh establishing a two-way trust this is a new lab and there was another one but i can't i don't know why i can't remember what it is right now but um yeah you guys can come in here and uh and work on these and practice your it stuff so pretty cool okay so i'm gonna go back into full screen mode oops i need to do it up here full screen and i'm going to type in the password try exploding it uh what does that mean okay someone is let me read the comments here uh oh okay got it so someone's saying i'm trying to reset my password pc when it fails to reset and someone said try exploding it yeah i don't think that's probably the best way to resolve that issue um yeah but i don't know what you mean by reset your pc i'm not sure how you say your name and milanish but yeah so herms is saying do you run gpforce on the update of the client uh vtor is correct you run gp update on the client because uh you're tr well yeah any client basically if you're configuring settings for a domain controller then you would run gpu update on the domain controller if you're running uh new settings for a client then you go to that client and you run gpupdate that tells the client that hey uh go over here to the domain controller grab the new policies and bring them back that's my cool hand drawing motions oh yeah so right i can use like whiteboards on this app this is a new live streaming app for me but i guess it wouldn't show up on youtube so that won't work all right let's see okay cool all right so i'm going to go ahead and log in now so i'm going to hit the control delete button and i'm going to say password ziggy's asking what type of file are we deploying i am deploying an msi so if we go back to the domain controller and we take a look at the share and i go to view uh let's see file name extensions here we go notepad plus plus 7.7.msi group policy can deploy msis and um you can't you're not going to be deploying exes you can package them as msi's it's it's frowned upon it's better to use a tool like sccm if that's what you're trying to do but yeah group policy you're going to get an msi and you're going to deploy it out that way and also not every msi is is good to is really designed to be deployed through good policy so deploying software is something you have to test and uh sometimes it's a little bit of trial and error because uh if the package isn't designed to be deployed through group policy it might not work like you expect all right so on our workstation we've ran group policy update and we've restarted it so let's see what happens so if i hit start right away i can see notepad plus plus has been installed on the computer so i can launch it and here's the software this is like a code editing tool that i used to be a fan of before i moved on to microsoft uh visual studio code which is what i won't get into that but i love i love visual studio code but that is how you can deploy software with a group policy object uh and a gpo and just kind of like understanding how to create file shares and making sure that file is accessible so same thing if i log into my member server type in the password and i'll click go the prices are included someone's asking how much it costs to get to the labs it's included in our membership we have a free seven-day trial so you could do it for seven days for free and just cancel your membership or you can sign up uh and if you after the seven days is 37 a month so here we go if we hit start here at the top of our member server we now have notepad plus plus all right now this software will never be installed on our domain controllers because the gpo is not linked to the domain controller's organizational unit and if you look in active directory the domain controller so you is above it's hierarchically above the uh domain computers are you right does that make sense so group policy objects flow down so um if we apply it to server academy it would apply to every organizational unit underneath server academy and therefore every computer account underneath server academy if we applied it to the root of the domain well then it would affect everything in here including domain controllers but since we linked it to domain computers it's only going to affect every user or every account within that ou and any sub ou so if we created a new organizational unit under domain computers like uh let's see i don't know member servers or workstations for example and inside of workstations we drag saws01 which is my windows 10 computer this gpo let me refresh this over here hit the refresh button server academy domain computers refresh refresh i'll reload the console let's see here do tools group policy management workstations so this gpo is also going to affect workstations okay because it's linked uh the oh the gpo is linked to the ou above that so always flows down okay right and that was in us dollars someone's bringing that up i don't know what it is in in euros but uh yes it is a silent install and i'm just looking at the other questions we got here yeah so obrich is asking if there's a score we can add a scoring ability and that's something that we will be bringing to the platform so he's saying you know he would run through the labs and he thinks he did it right but he wasn't entirely sure um that is spot on and we're going to be adding a scoring system so at the end of the lab you're going to actually find out if you passed or failed however you know that's an in-depth process so it's it's in progress but it's not going to become like next week or anything like that so um we're definitely working on that but it might take a little while okay so someone's asking how you uninstall it get to that really quick okay so if we go here we right click and we say edit and we go to policy software we right click on this and we say remove we will choose immediately uninstall the software from users and computers or we can say allow them to continue using it if you want to uninstall notepad plus plus you would check this checkbox and you would hit ok so that would be how you would do that but i'm just going to leave it there all right next thing that we're going to do is we're going to deploy a desktop background and i'm going to do this wrong the first time and i want to see if you guys can point it out in the comments what i'm doing wrong so we'll see if you guys can catch me um yeah if your replication is broken it's broken you've got big problems man uh rudy is saying the cause of gp is not replicating a second serve that could that could be a lot of issues it could be network connectivity um yeah you need to man that's that's really in-depth that's not something i can just like answer you need to figure out are you your dc's connected what's is there latency between them are they in different sites are they in different zones are they connected through vpn or are they just like on the same lab network um but yeah replication is a big pain uh to work through but uh yeah there's it's definitely too in-depth for me to just answer based off of that you know comment and really it's one of those things you just have to like start troubleshooting it's not something that i can just be like oh you're not replicating you need to do this or do that it's like you have to start checking all the boxes uh and making sure that you have connectivity um you know that your cis ball is healthy and things like that and then you can figure out you know what's going on could be permissions issues uh so that's that's an in-depth and very challenging problem that you have to deal with okay all right so let's see here so all right we're going to create a desktop wallpaper right so what i want to do is we're going to do this on a user basis we've already configured a gpo for our computers but now let's create a gpu that affects user settings so here we have my user account paul hill and i think i'm logged in as paul hill on this computer so if i right click on the windows 10 workstation i say task manager if i go under more details and i select users i can see i'm logged in as paul hill okay so i want to assign a desktop background for all my users that are in the domain users ou this is a common thing at your office they might want to have their company logo you know for all the computer backgrounds so what we're going to do is go to group policy we've identified the ou that we want to place the setting under and uh actually let's do it like this we want to apply it to the domain computers so i'm going to right click here and i'm going to say create a gpu on this domain and we're going to call it desktop wallpapers all right and we'll do not wallpapers with the s that should be wallpaper and let's right click and edit this gpo and we're going to go under user configuration our user yeah user configuration administrative templates desktop and desktop and it's a miracle that i remember that path because i always forget them all right we're going to right click desktop wallpaper and we're going to say edit and we're going to enable this path all right so we need to type in the the path uh we don't want to use a local path we want to use a server unc path so if we go back to the share we just need to use we're going to use this one server academy desktop png it's like this this logo we're just going to drag this under share and now if we go to backslash backslash sadc01 oops there we go and we go to share we can copy this path i like i'm a big fan of copy and paste i never type stuff in just because it's too much chance for air i'm going to select the file here oops and i'm going to hit f2 control a and ctrl c those are my uh shortcut secrets man that that's how you quickly copy something select the file f2 control a control c and you've copied the name now i'm going to go here and hit ctrl v and we've pasted the file share or the full path inside the file share for the desktop background so now if i hit apply we've configured the desktop wallpaper and it should work right but i've done something critically wrong so if you guys know what it is point it down in the chat i'm going to go to the windows 10 workstation and i'm going to run a gp update and we'll see why or if it does work or if it doesn't and this is also going to get us into a group policy troubleshooting so i'm going to say gpupdate4tashforce all right come on guys give me your best guess all right computer policy is updated and the user policy is updated but we didn't get any setting uh about the background but if we sign out sometimes you have to sign out for the background to apply usually you do so we'll sign out and sign back in so someone asked did i forget to enforce the gpo no i did not forget to enforce the gpo and uh that's great that you brought that up because i haven't talked about enforcing gpos enforcing a gpo means it will take precedence over other gpos it also means it'll affect active directory objects that are within a non-inheriting ou wow that really just kind of that's way too much for what we have time for uh today but uh you enforce the gpo by right-clicking and say enforced oh i guess my domain controller decided to reboot nice uh so that there's that and so i have to start this thing back up so if this ever happens in the labs uh which you probably will be turning off and on the vms all the time we're gonna hit power and i'm just gonna say really quick we're gonna say power turn off machine blah blah hit okay and then i'm just gonna hit start okay then we'll go back to full screen mode and this is what i was talking about like right now the operating system is booting but we still have connectivity to it super cool oh right so luke is talking about place a dollar sign behind the share name and then it's hidden that is a great tip awesome luke that's right that way if you don't want like anyone to be able to just act browse the server and access it uh it's not visible that's a great tip so herm said wrong backslash uh i'll we'll take a look at that when the server comes back online oh yeah and by the way logging back in still no desktop background so still not working someone's saying ping the server how do i get rid of a virus it's bad it slows my computer down um man dude you first do you have anti-virus you may end up just having to wipe your computer and install a new operating system might be the best way to do that unless it's infected your network but you definitely got to identify what kind of virus it is you need antivirus yeah so everyone can install software right but the thing is uh is luke the uh the software that we were trying to publish notepad plus plus was not necessarily confidential so that's why i don't generally take that exploration but like you were saying you know it's probably a best practice just to not make that stuff available to everyone i mean maybe it is i don't know maybe it's not maybe you want to have a uh a software folder where if people decide they need notepad plus plus they can download it from you instead of going to the internet and maybe getting it from a site that has a virus all right so someone's asking what rdp tour are you using this is the server academy it labs so when you're a member of server academy you have the labs page and we're using the group policy oh yeah this one manage your workstations with group policy so you click that button this tab opens up uh and then let me hide this bookmark bar so you guys can see better then you have access to all the labs this is the rdp tool i'm using so it's serveracademy.com all right so someone said try pasting the sadc so basically the full uh path to the file inside your web browser that's a great idea so let's do that so we're gonna go here we're gonna hit escape backslash backslash sadc01 backslash share and then we gotta find the file name uh let's see go to d share this is the oh i probably can't copy and paste so server academy desktop.png server academy desktop.png press enter and it loads so we know we have access to it that's a great troubleshooting step all right here's what we're going to do uh to start troubleshooting i'm going to hit cmd and i'm going to say i'm going to start that start command prompt correct yeah luke is saying for licenses you need to have that managed that's correct yeah so that's right when you're considering licensing and things like that you probably do want to restrict who can install it and who can't that way you don't have a sudden spike all right let's run gp result forward slash r this is a tool that you're going to be using a lot to figure out if group policy objects are applied to your computer and if so what settings are applying so if we go under user settings here and you remember in the group policy object we configured it under user settings right applied group policy objects is an a not applicable and that's a problem because the gpo is not being applied so go back to the domain controller and let me open group policy whoa it's 5 50 already oh my goodness this is crazy time is flying wow okay um okay uh so if i go to server academy domain computers we have the desktop wallpaper here and if i hit edit under user configuration if we go to administrative desktop desktop we configured the setting right here so it's configured under user configuration and is linked to domain computers so under saws01 the gpu is not being applied the reason all right i'm about to give it away [Music] okay so someone said run gp result forward sideshark great that is another great tool gp result oh no we already did that i thought they said i was thinking our stop we're gonna run a tool called rsop.msc and this will tell us what settings are being applied um oh so i gotta run this as okay yeah so it's not able to do it for the computer that's fine because we're looking for user settings all right so if we go under here uh under a windows sense we don't even have uh administrative templates here that's because there's no settings being applied all right so here we go time to talk about what is going on here um we've used oh by the way we used a couple tools we used rsop.msc that's a tool that you have to use when you're troubleshooting group policy and we use gpresult forward slash r and what we found is that the settings aren't being applied at all that tells me that the gpo is either linked in the wrong spot or the link isn't enabled or something's going on with the link so if we go to sadc01 we have the gpo linked under domain computers if i open active directory users and computers this is how you troubleshoot this by the way when the gpu is not being applied we're going to go and look under server academy.local server academy and let's expand domain computers inside domain computers i have sams 01 and sawso1 the problem is and i'm going to look uh we are using hyper-v for these vms but you can use esxi also i think we use vmware e6i for our centos 7 via virtual machines okay the problem is we have confused we've configured user settings but link the gpo to an ou that only contains computer accounts so if you remember in that slideshow uh if we're going to configure user settings we have to apply the gpo to nou that has user accounts all right so it's just a simple issue of linking it in the wrong spot so we're going to do is delete this link and we're going to move this link over to the domain domain users so if i right click link in existing gpo and we'll say desktop wallpaper so now we're linking this gpo which if i edit it it has the user configuration set up so user configuration desktop desktop and we have desktop wallpaper now it's linked to an ou with domain users and if i go to domain users paul dot hill is inside that which is the user account that i'm logged in here so what we're going to do is run gpupdate forward slash force so it'll go out and grab that new policy that we just configured uh saren is asking please upload this video i always do and uh if you're a member of server academy you'll be able to access it under the live room which i showed you guys earlier and i'll also upload it to youtube so if you're if you're not subscribed first of all make sure you subscribe that helps me out a lot but uh oops oh hold on a second i just made a big mistake hang on a second okay all right here we go here we go all right one second guys uh logitech let's see all right so okay let's see let's see if i can turn on my video okay we might have to do this um please so i just had a technical glitch i clicked the wrong button oh so that's funny all right let me see here and then okay here we go okay cool so i have to move some people over because i'm i click too many buttons too fast and i accidentally broke something on the other platform so i'm probably not gonna be able to fix that live so yeah so there we go all right cool so now we've updated the group policy object if we run gp result forward slash r now under applied group policy objects we now see desktop wallpaper okay so one of the main things you guys have to take away from this live stream is gp result forward slash r and rs or rs op rsop.msc so if i i think i can type that here maybe not uh yeah if i type rsop.msc here and i press enter okay hopefully you guys oh man ahmed is saying it or i hope i'm saying your name right it's 2 am that's crazy uh hopefully everyone made it over oh man i can't believe that's so terrible that's such a bummer because that's going to mess up the live stream recording oh well live and you learn but if we go under rsop we have administrative templates desktop and here we have the desktop wallpaper setting which is enabled and if we look here we can see the setting is configured but it's still not showing up yet if i hit close let me not save that i don't need to save that we'll say no what i need to do is log off and log back on so i'm going to hit the windows key and hit sign out okay i think i got this other platform back so i was just let me see if i can screen share really quick all right there we go i was clicking way too fast guys but it's back so hopefully you guys can see now all right so i just applied i just ran a gp update on my windows 10 computer and uh i'm logging out and logging back in so if i press the go button here hey kojo how's it going buddy hopefully i'm saying your name right now i have the desktop background that's applied to this computer okay so again this is only going to apply to my paul dot hill user account so if i log in to another server using a different user account like administrator if i log in it's not going to change the desktop background okay but if i was to log into this server i'm not sure if i'd have to run a gpu update first i don't think i would but let's try it because it should run the policy i also don't know if my user account has permissions to log into this account or this server but let's see here what happens let's hit go applying user settings that should mean it's grabbing the desktop wallpaper yeah so i logged in as paul dot hill i get the server academy uh desktop background if i sign out and by the way that's an old logo probably nobody cares but if i sign out and sign back in with my administrator user account and type in the password and hit go it's just going to show me the regular desktop background okay and that's because on the domain controller only uh paul dot hill was inside of this organizational unit where i applied the desktop wallpaper cool yeah i'm good i'm glad you're finding this interesting uh this was uh in pretty high demand so i wanted to make sure that i i brought this to you guys all right so what we've done is we've created group policy objects we've talked about gps gpu links uh we deployed some software we deployed a backer a desktop background and we did some troubleshooting right there's a lot more settings in here if you go under group policy the group policy editor you can do all these crazy settings i mean it's it's there's a lot of settings you can do you need windows settings security settings if we go under computer configuration a big one in here that you guys will probably need to understand or at least work with at some point is local policies security options uh you can do things like use a right assignment so you can say deny log on uh through remote desktop services so you can define what users you want to log in and which ones you don't want to be able to log in um you know deny logon as a service and then we have account policies we have the password policy you can define you know if you want to have password history which means the user changes their password uh you get you can make sure that it's not the same password they've already used before and things like that uh also password complexity uh how long the password should be you know you could say if you wanted to be ridiculous 120 oh i just let you do 120 characters i guess 14 is the max um but yeah so all these settings are configurable through group policy you can change the registry you can change windows firewall you can configure windows services whether they should start or stop there's a lot of things you can do with group policy and with the power of group policy objects you can really do it at scale you can affect your entire every computer inside your domain that could be thousands or tens of thousands computers with a single group policy object so group policy definitely a must have a skill you know if you're trying to work in the it field now for those of you who are not members i want to show you what we have for group policy as far as training uh yes i am tape i am recording these sessions and yes they will be uploaded if you go serveracademy.com gpo live i'm gonna put this in here ppo live if you go to that link um you guys can sign up for a free trial and get access to everything that we have that's the labs that i've been using and the courses so we have an active directory uh entire entire module dedicated to just active directory how to install it how to configure it set it up and how to administrate it and then we have a group policy administration module which is like what we did today but a lot more in depth so then there's other ones in here you guys can see that on the website and we have our curriculum that everything that we cover in here you guys can like jump to a specific module like for active directory uh installing adds server role and it just goes on um so if you guys are interested go to the link that i just posted on youtube and you guys can get access for the free trial uh thanks everyone for coming and hanging out i hope you guys enjoyed this training um again please give us a try at serveracademy.com gpo live and i look forward to seeing you guys uh over at the platform and if not then i'll see you guys at the next live stream okay

Info

Channel: Server Academy

Views: 32,526

Rating: undefined out of 5

Keywords: Server Academy, Windows Server, Active Directory, IT Training for Beginners

Id: SD9HtdYOmMs

Channel Id: undefined

Length: 56min 2sec (3362 seconds)

Published: Sat Oct 31 2020