:Group policy management:
1.Local Group policy management 2.Server Group policy management
Shortcut for open local policy Shortcut for open server group policy
(gpedit.msc) (gpmc.msc)
1Q: What is the group polices
Group polices set of rules for applying on users and computers .
2 Q : what is block inheritance
with the help of inheritance we can block or stop top level policies ,domain level policies or particular ou or particular domain .
3 Q : What is active directory container ?
Site or domain ,Ou,are contains of active directory services contains .
4 Q :what is delegation controller ?
when the administrator his assigning his specific privilege to the specific user ,for particular Ou,or domain that is called as delegation controller
5 Q: How to implement a group policy for local pc`s ll users at a time ?
Police name: No one can access the controller panel
Go to local pc
||
log on as admin
||
create 3 new users in your local pc
After go to run type gpedit.msc
||
under local computer policy
||
user configuration policy
||
expand administrative tam plants
||
select control panel
||
select prohibit access to the control panel
||
select enable
||
Apply
after open run and type gpupdate
6 Q : How to implement group policy for specific user ?
Policy name : Hidden my computer drives
Go to local computer
||
log on as admin
||
go to run type mmc (Microsoft management console)
||
click on file
||
click on add or remove snap in
||
select group policy object
||
click on add
||
click on browse
||
select user tab
||
select particular user
||
click ok
||
expand local computer policy
||
expand administrative templates
||
expand windows components
||
expand windows explorer
||
right side select hide these specific drive in my computer
||
enable select the particular drive
||
click ok
||
Apply
Go to run type gpupdate
For verification log off and log on with the particular user account ..
Note : By default we have 1600 group policies in server ..
7 Q: How to apply server group policy on ou level ?
Ex : ou= sales policy no one can access my computer c: drive
Go to run
||
Type gpmc.msc for (for groupolicy short cut )
||
Expand forest
||
Expand domain
||
Expand domain name
||
Expand created ou (eg :sales)
||
right click on sales
||
click on create a gpo this domain
||
Give the gpo name
||
Click ok
||
Right click on gpo
||
click on edit
||
under gpm editor
||
under user configuration
||
expand policies
||
expand admin templates
||
expand windows components
||
click on all settings
||
select hide this specific drive
||
dubble click on the policy
||
under the policy select specific option
||
select enable
||
Click apply
||
Click ok
Go tpo run type gpupdate
after for verification go to client pc login with any domain user the check the hidden drive is showing or not ..
8 Q: How to implement server group policy on domain level ?
domain name is sandeep.com policy is no one can access control panel
Go to server
||
log on as admin
||
go to run type gpmc.msc for group policy management
||
expand forest
||
expand domain
||
expand domain name
||
right click on domain name
||
click on create new gpo
||
click ok
||
right click on created gpo name
||
click on edit
||
expand user configuration
||
expand policies
||
expand admin templates
||
expand control panel
||
select prohibit to access the control panel
||
click on enable
||
click apply
||
click ok
go to run type gpupdate press enter
for verification go to any user try to access the control panel
Note : if your implementing on domain level that policy going to effect to that administrator also..
8 Q: How deniy specific policy to specific user ?
no one can access the control panel but specific user can access the control panel
Go to server computer
||
log on as admin
||
go to run type gpmc.msc fshort ut for group policy management
||
expand domain name
||
under the domain name
||
right click on no one can access the control panel
||
click on edit
||
click on action tab
||
click properties
||
click on security tab
||
select domain admin
||
check the deny
||
click Apply
||
click ok
After open run and type gpupdate press enter
for verification now try to access the control panel with administrator account
9 Q: Howto change the site name ?
Go To server computer
||
log in as admin
||
go to active directory sites and services
||
expand sites
||
select default forest site name
||
right click on and click on rename
||
apply
ok
10 Q: How implement a group policy on site level ?
Stpe 1
Go to server computer
||
log on as a admin
||
go to gpmc.msc
||
expand forest
||
expand domain
||
expand domain name
||
expand group policy object
||
right click on gp object
||
click on new
||
give the new gpo name
||
hide all the drives of my computer
||
click ok
||
click on all
||
under the gpedit
||
expand policies
||
expand admin templates
||
select all settings
||
click hide my computer all drives
||
enable
||
click Ok
||
apply
after open run type gpupdate press enter ..
Step 2
Go to gpmc.msc
||
right click on sites
||
click on show sites
||
check the box new site
||
expand sites
||
expand ny
||
right click on link on object gpo
||
hide all drives of my computers
Go to run type gpupdate press enter
for verification any computer try to check the my computer drives ..
No comments:
Post a Comment