Microsoft® Windows® Group Policy Guide

Microsoft® Windows® Group Policy Guide

by The Microsoft Group Policy Team, Darren Mar-Elia, Derek Melber, William R. Stanek
Released June 2005
Publisher(s): Microsoft Press
ISBN: 9780735622173

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Expert guidance for taking advantage of Group Policy in Windows to simplify the management of hundreds—or thousands—of users.

Table of contents

  1. Microsoft® Windows® Group Policy Guide
  2. A Note Regarding Supplemental Files
  3.  
  4. About the Authors
  5. Foreword
  6. Introduction
  7. About This Book
    1. Document Conventions
    2. Companion CD
    3. Support Policy
    4. System Requirements
  8. I. Getting Started with Group Policy
    1. 1. Overview of Group Policy
      1. Understanding Group Policy
        1. What It Does
        2. How It Works
      2. Using and Implementing Group Policy
        1. Using Group Policy in Workgroups and Domains
        2. Working with Group Policy Objects
      3. Getting Started with Group Policy
        1. Understanding Group Policy Settings and Options
        2. Using Group Policy for Administration
      4. Understanding the Required Infrastructure for Group Policy
        1. DNS and Active Directory
        2. Applying Active Directory Structure to Inheritance
      5. Examining GPO Links and Default GPOs
        1. Understanding GPO Links
        2. Working with Linked GPOs and Default Policy
          1. Working with the Default Domain Policy GPO
          2. Working with the Default Domain Controllers Policy GPO
      6. Summary
    2. 2. Working with Group Policy
      1. Navigating Group Policy Objects and Settings
        1. Connecting to and Working with GPOs
        2. Applying Group Policy and Using Resultant Set of Policy
        3. RSoP Walkthrough
      2. Managing Group Policy Objects
        1. Managing Local Group Policy
          1. Accessing Local Group Policy on the Local Computer
          2. Accessing Local Group Policy on a Remote Machine
        2. Managing Active Directory–Based Group Policy
          1. Installing the GPMC
          2. Using the GPMC
          3. Connecting to Additional Forests
          4. Showing Sites in Connected Forests
          5. Accessing Additional Domains
          6. Setting Domain Controller Focus Options
      3. Creating and Linking GPOs
        1. Creating and Linking GPOs for Sites
        2. Creating and Linking GPOs for Domains
          1. Creating and Then Linking a GPO for a Domain
          2. Creating and Linking a Domain GPO as a Single Operation
        3. Creating and Linking GPOs for OUs
          1. Creating OUs in the GPMC
          2. Creating and Then Linking a GPO for an OU
          3. Creating and Linking an OU GPO as a Single Operation
      4. Delegating Privileges for Group Policy Management
        1. Determining and Assigning GPO Creation Rights
        2. Determining Group Policy Management Privileges
        3. Delegating Control for Working with GPOs
        4. Delegating Authority for Managing Links and RSoP
      5. Removing Links and Deleting GPOs
        1. Removing a Link to a GPO
        2. Deleting a GPO Permanently
      6. Summary
    3. 3. Advanced Group Policy Management
      1. Searching and Filtering Group Policy
        1. Filtering Policy Settings
          1. Filtering Techniques for Policy Settings
          2. Filtering Policy Settings by Operating System and Application Configuration
        2. Searching Policy Objects, Links, and Settings
          1. Search Techniques for Policy Objects, Links, and Settings
          2. Beginning Your Policy Object, Link, or Setting Search
        3. Filtering by Security Group, User, or Computer
      2. Managing Group Policy Inheritance
        1. Changing Link Order and Precedence
        2. Overriding Inheritance
        3. Blocking Inheritance
        4. Enforcing Inheritance
      3. Managing Group Policy Processing and Refresh
        1. Changing the Refresh Interval
        2. Enabling or Disabling GPO Processing
        3. Changing Policy Processing Preferences
        4. Configuring Slow Link Detection
          1. Slow Link Detection
          2. Configuring Slow Link Detection and Slow Link Policy Processing
          3. Configuring Slow Link and Background Policy Processing
        5. Refreshing Group Policy Manually
      4. Modeling and Maintaining Group Policy
        1. Modeling Group Policy for Planning Purposes
        2. Copying and Importing Policy Objects
          1. Copying Policy Objects and Their Settings
          2. Importing Policy Objects and Their Settings
        3. Backing Up GPOs
        4. Restoring Policy Objects
      5. Determining the Effective Group Policy Settings and Last Refresh
      6. Summary
  9. II. Group Policy Implementation and Scenarios
    1. 4. Deploying Group Policy
      1. Group Policy Design Considerations
        1. Active Directory Design Considerations
          1. Active Directory Database Storage Location
          2. Active Directory Operating System File Storage Location
          3. Replication
          4. Organizational Unit Design
          5. Site Design
        2. Physical Design Considerations
        3. Remote Access Connection Design Considerations
        4. GPO Application Design Considerations
          1. Site, Domain, and OU Linking
            1. GPOs Have Two Distinct Sections
            2. Interaction of GPO Application When Linked to Sites, Domains, and OUs
          2. Cross-Domain GPO Linking
          3. Synchronous and Asynchronous Processing
          4. Fast Logon Optimization
          5. GPO Inheritance Modification
        5. Additional GPO Design Considerations
          1. Monolithic vs. Functional
          2. Additional GPO Settings
      2. Controlling GPO Processing Performance
        1. Common Performance Issues
        2. Performance Tips
          1. Reduce the Number of Group Policy Objects
          2. Link GPOs to Organizational Units
          3. Disable Unused Sections of GPOs
          4. Optimize the Background Refresh Interval
          5. Configure a Reasonable Timeout for Scripts
          6. Configure Asynchronous Processing
          7. Limit Use of Loopback
          8. Filter GPOs Based on Group Membership
      3. Best Practices for Deploying GPOs
        1. Choosing the Best Level to Link GPOs
          1. GPOs Linked to Sites
          2. GPOs Linked to Domains
          3. GPOs Linked to OUs
        2. Resources Used by GPOs
        3. Software Installation
        4. Designing GPOs Based on GPO Categories
        5. Limit Enforced and Block Policy Inheritance Options
        6. When to Use Security Filtering
        7. When to Use WMI Filters
        8. Network Topology Considerations
        9. Limiting Administrative Privileges
        10. Naming GPOs
      4. Testing GPOs Before Deployment
        1. Migrating GPOs from Test to Production
        2. Migrating GPOs from Production to Production
        3. Using Migration Tables
          1. Domain-Specific GPO Settings
          2. Migration Table Structure
            1. Source Type
            2. Source Name
            3. Destination Name
      5. Summary
    2. 5. Hardening Clients and Servers
      1. Understanding Security Templates
        1. Default Security Templates
          1. Compatws.inf
          2. DC security.inf
          3. Iesacls.inf
          4. Securedc.inf
          5. Securews.inf
          6. Hisecdc.inf
          7. Hisecws.inf
          8. Notssid.inf
          9. Rootsec.inf
          10. Setup Security.inf
        2. Sections of the Security Template
          1. Account Policies
          2. Local Policies
          3. Event Log
          4. Restricted Groups
          5. System Services
          6. Registry
          7. File System
        3. Tools for Accessing, Creating, and Modifying Security Templates
          1. Security Templates Snap-in
          2. Security Configuration and Analysis Snap-in
          3. Security Configuration Wizard
        4. Using the Security Configuration Wizard
          1. Accessing the Security Configuration Wizard
          2. Sections of the Security Configuration Wizard
            1. Role-Based Service Configuration
            2. Network Security
            3. Registry Settings
            4. Audit Policy
          3. Incorporating Security Templates into Security Policies
          4. Best Practices for Using the Security Configuration Wizard
      2. Deploying Security Templates
        1. Importing Security Templates Into GPOs
        2. Using the Security Configuration and Analysis Tool
        3. Using the Secedit.exe Command-Line Tool
        4. Using the Security Configuration Wizard and the scwcmd Command
      3. General Hardening Techniques
        1. Closing Unnecessary Ports
        2. Disabling Unnecessary Services
        3. Tools Used in Hardening Computers
          1. Netstat
          2. Portqry
      4. Server Hardening
        1. Member Servers
          1. OU Design Considerations
          2. Member Server Security Environment Levels
          3. Security Settings for Member Servers
          4. Ports Required for Member Servers
        2. Domain Controllers
          1. Domain Controller Security Environment Levels
          2. Security Settings for Domain Controllers
          3. Ports Required for Domain Controllers
        3. File and Print Servers
        4. Web Servers
          1. Security Settings for Web Servers
          2. Ports Required for Web Servers
      5. Client Hardening
        1. Ports Required for Clients
        2. Restricted Groups for Clients
        3. Client Computers for IT Staff and Administrators
          1. Security Settings for IT Staff and Administrators
          2. Local Services and Software
          3. Local Group Configuration
        4. Client Computers for Help Desk Staff
          1. Security Settings for Help Desk Staff
          2. Local Group Configuration
      6. Troubleshooting
        1. Security Areas and Potential Problems
        2. Tools
          1. Secedit
          2. Security Configuration and Analysis
          3. Gpresult
          4. Resultant Set of Policy
      7. Summary
    3. 6. Managing and Maintaining Essential Windows Components
      1. Configuring Application Compatibility Settings
        1. Optimizing Application Compatibility Through Group Policy
        2. Configuring Additional Application Compatibility Settings
      2. Configuring Attachment Manager Settings
        1. Working with Attachment Manager
        2. Configuring Risk Levels and Trust Logic in Group Policy
      3. Configuring Event Viewer Information Requests
        1. Using Event Viewer Information Requests
        2. Customizing Event Details Through Group Policy
      4. Controlling IIS Installation
      5. Configuring Access to and Use of Microsoft Management Console
        1. Blocking Author Mode for MMC
        2. Designating Prohibited and Permitted Snap-ins
        3. Requiring Explicit Permission for All Snap-Ins
      6. Optimizing NetMeeting Security and Features
        1. Configuring NetMeeting Through Group Policy
      7. Enabling Security Center for Use in Domains
      8. Managing Access to Scheduled Tasks and Task Scheduler
      9. Managing File System, Drive, and Windows Explorer Access Options
        1. Hiding Drives in Windows Explorer and Related Views
        2. Preventing Access to Drives in Windows Explorer and Related Views
        3. Removing CD-Burning and DVD-Burning Features in Windows Explorer and Related Views
        4. Removing the Security Tab in Windows Explorer and Related Views
        5. Limiting the Maximum Size of the Recycle Bin
      10. Optimizing the Windows Installer Configuration
        1. Controlling System Restore Checkpoints for Program Installations
        2. Configuring Baseline File Cache Usage
        3. Controlling Rollback File Creation
        4. Elevating User Privileges for Installation
        5. Controlling Per-User Installation and Program Operation
        6. Preventing Installation from Floppy Disk, CD, DVD, and Other Removable Media
        7. Configuring Windows Installer Logging
      11. Optimizing Automatic Updates with Windows Update
        1. Enabling and Configuring Automatic Updates
        2. Controlling Auto Download and Notify for Install
          1. Setting the Automatic Updates Detection Frequency
          2. Optimizing Notify User Installs
          3. Optimizing Scheduled Installs
        3. Blocking Access to Automatic Updates
        4. Designating an Update Server
      12. Summary
    4. 7. Managing User Settings and Data
      1. Understanding User Profiles and Group Policy
      2. Configuring Roaming Profiles
        1. Configuring the Network Share for Roaming Profiles
        2. Configuring User Accounts to Use Roaming Profiles
      3. Optimizing User Profile Configurations
        1. Modifying the Way Local and Roaming Profiles Are Used
          1. Only Allow Local User Profiles
          2. Delete Cached Copies of Roaming Profiles
          3. Do Not Detect Slow Network Connection
          4. Log Users Off When Roaming Profile Fails
          5. Prompt User When Slow Link Is Detected
          6. Slow Network Connection Timeout for User Profiles
          7. Timeout for Dialog Boxes
          8. Wait for Remote User Profile
        2. Modifying the Way Profile Data Is Updated and Changed
        3. Modifying the Way Profile Data Can Be Accessed
        4. Limiting Profile Size and Included Folders
          1. Limiting Profile Size
          2. Limiting Folders Included in Profiles
      4. Redirecting User Profile Folders and Data
        1. Understanding Folder Redirection
        2. Configuring Folder Redirection
          1. Using Basic Folder Redirection
          2. Using Advanced Folder Redirection
          3. Configuring Setup, Removal, and Preference Settings for Redirection
      5. Managing Computer and User Scripts
        1. Working with Computer and User Scripts
        2. Configuring Computer Startup and Shutdown Scripts
        3. Configuring User Logon and Logoff Scripts
        4. Controlling Script Visibility
        5. Controlling Script Timeout
        6. Controlling Script Execution and Run Technique
      6. Summary
    5. 8. Maintaining Internet Explorer Configurations
      1. Customizing the Internet Explorer Interface
        1. Customizing the Title Bar Text
        2. Customizing Logos
        3. Customizing Buttons and Toolbars
      2. Customizing URLs, Favorites, and Links
        1. Customizing Home, Search, and Support URLs
        2. Customizing Favorites and Links
          1. Creating Individual Favorites and Links
          2. Importing Favorites and Links Lists
      3. Configuring Global Default Programs
      4. Optimizing Connection and Proxy Settings
        1. Deploying Connection Settings Through Group Policy
        2. Deploying Proxy Settings Through Group Policy
      5. Enhancing Internet Explorer Security
        1. Working with Security Zones and Settings
        2. Restricting Security Zone Configuration
        3. Deploying Security Zone Configurations
          1. Configuring the Internet Security Zone
          2. Configuring the Local Intranet Zone
          3. Configuring the Trusted Sites Security Zone
          4. Configuring the Restricted Sites Security Zone
        4. Importing and Deploying the Security Zone Settings
      6. Configuring Additional Policies for Internet Options
      7. Summary
    6. 9. Deploying and Maintaining Software Through Group Policy
      1. Understanding Group Policy Software Installation
        1. How Software Installation Works
        2. What You Need to Know to Prepare
        3. How to Set Up the Installation Location
        4. What Limitations Apply
      2. Planning the Software Deployment
        1. Creating Software Deployment GPOs
        2. Configuring the Software Deployment
      3. Deploying Software Through Group Policy
        1. Deploying Software with Windows Installer Packages
          1. Getting the Necessary Windows Installer File
          2. Deploying the Software Using a Windows Installer File
        2. Deploying Software with Non–Windows Installer Packages
          1. Creating the ZAP File
          2. Deploying the Software Using a ZAP File
      4. Configuring Advanced and Global Software Installation Options
        1. Viewing and Setting General Deployment Properties
        2. Changing the Deployment Type and Installation Options
        3. Defining Application Categories
        4. Adding, Modifying, and Removing Application Categories
        5. Adding an Application to a Category
        6. Performing Upgrades
          1. Patching or Installing an Application Service Pack
          2. Deploying a New Version of an Application
        7. Customizing the Installation Package with Transforms
        8. Controlling Deployment by Security Group
        9. Setting Global Deployment Defaults
      5. Deploying Microsoft Office and Service Packs
        1. Deploying Office Through Policy
          1. Choosing a Package Distribution Technique
          2. Using Transforms to Customize an Office Deployment
          3. Selecting a Deployment Mode
          4. Keeping Office Updated
        2. Deploying Windows Service Packs Through Policy
      6. Maintaining Deployed Applications
        1. Removing Deployed Applications
        2. Redeploying Applications
        3. Configuring Software Restriction Policies
          1. Getting Started with Software Restriction Policies
          2. Configuring Enforcement Policy
          3. Viewing and Configuring Designated File Types
          4. Configuring Trust Publishers Policy
          5. Configuring Disallowed and Unrestricted Applications
          6. Configuring Security Rules
            1. Using Certificate Rules
            2. Using Hash Rules
            3. Using Internet Zone Rules
            4. Using Path Rules
        4. Troubleshooting Software Installation Policy
          1. Troubleshooting Steps
          2. Common Software Installation Policy Problems
      7. Summary
    7. 10. Managing Microsoft Office Configurations
      1. Introducing Office Configuration Management
      2. Customizing Office Configurations
        1. Downloading and Installing the Tools
        2. Working with the Custom Installation Wizard
          1. Step 1: Create the Administrative Install of Office’s .msi File
          2. Step 2: Use the Custom Installation Wizard for Office Configuration
          3. Step 3: Deploy the Transformed Office Configuration
        3. Working with the Custom Maintenance Wizard
          1. Step 1: Update the Microsoft Office Configuration
          2. Step 2: Deploy the New Configuration of Office
        4. Preparing the Policy Environment
        5. Deploying Office Administrative Template Files
          1. Deploying Office Administrative Template Files for the First Time
          2. Updating Previously Deployed Office-Related Policy Templates
        6. Creating Office Configuration GPOs
        7. Managing Multiple Office Configuration Versions
      3. Managing Office-Related Policy
        1. Working with Office-Related Policy
        2. Examining Global and Application-Specific Settings
        3. Configuring Office-Related Policy Settings
        4. Preventing Users from Changing Office Configurations
          1. Understanding How to Prevent Office Configuration Changes
          2. Disabling Office Menu Items and Options Using Predefined Options
          3. Disabling Office Menu Items and Options Using Custom Options
            1. Step 1: Determining the Menu Item ID
            2. Step 2: Using a Custom Disable Policy
          4. Configuring Notification for Disabled Menu Items and Options
        5. Controlling Default File and Folder Locations
          1. Setting the Default Database Folder Location for Access 2003
          2. Setting the Default File Location for Excel 2003
          3. Setting Default Folder Locations for OneNote 2003
          4. Setting Default Folder Locations for Publisher 2003
          5. Setting Default Folder Locations for Word 2003
        6. Configuring Outlook Security Options
        7. Controlling Office Language Settings
        8. Troubleshooting Office Administrative Template Policy
      4. Summary
    8. 11. Maintaining Secure Network Communications
      1. Understanding IPSec Policy
        1. How IPSec Works
        2. How IPSec Policy Is Deployed
        3. When to Use IPSec and IPSec Policy
      2. Managing and Maintaining IPSec Policy
        1. Activating and Deactivating IPSec Policies
        2. Create Additional IPSec Policies
          1. Creating and Assigning the IPSec Policy
          2. Defining Security Rules and Actions
          3. Creating and Managing IP Filter Lists
          4. Creating and Managing Filter Actions
        3. Monitoring IPSec Policy
      3. Deploying Public Key Policies
        1. How Public Key Certificates Work
        2. How Public Key Policies Are Used
        3. Managing Public Key Policy
      4. Understanding Windows Firewall Policy
        1. How Windows Firewall Works
        2. How Windows Firewall Policy Is Used
      5. Managing Windows Firewall Policy
        1. Configuring IPSec Bypass
        2. Enabling and Disabling Windows Firewall with Group Policy
        3. Managing Firewall Exceptions with Group Policy
          1. Disabling the Use of Exceptions
          2. Allowing File and Printer Sharing Exceptions
          3. Allowing Remote Administration Exceptions
          4. Allowing Remote Desktop Exceptions
          5. Allowing UPnP Framework Exceptions
          6. Defining Program Exceptions
          7. Defining ICMP Exceptions
          8. Defining Port Exceptions
        4. Configuring Firewall Notification, Logging, and Response Requests
          1. Prohibiting Notifications
          2. Allowing Logging
          3. Prohibiting Unicast Responses to Multicast or Broadcast Requests
      6. Summary
    9. 12. Creating Custom Environments
      1. Loopback Processing
        1. Replace Mode
        2. Merge Mode
        3. Troubleshooting Loopback
      2. Terminal Services
        1. Controlling Terminal Services Through Group Policy on an Individual Computer
        2. Controlling Terminal Services Through Group Policy in a Domain
        3. Configuring Order of Precedence
        4. Configuring Terminal Services User Properties
          1. Best Practices
        5. Configuring License Server Using Group Policy Settings
          1. License Server Security Group
          2. Prevent License Upgrade
        6. Configuring Terminal Services Connections
          1. Limit Number of Connections
          2. Set Client Connection Encryption Level
          3. Secure Server (Require Security)
          4. Start a Program on Connection
          5. Set Rules for Remote Control to Terminal Services User Sessions
          6. Set Time Limit for Disconnected Sessions
          7. Set Time Limit for Active Terminal Services Sessions
          8. Terminate Session When Time Limits Are Reached
          9. Allow Reconnection From Original Client Only
        7. Managing Drive, Printer, and Device Mappings for Clients
          1. Allow Audio Redirection
          2. Do Not Allow COM Port Redirection
          3. Do Not Allow Client Printer Redirection
          4. Do Not Allow LPT Port Redirection
          5. Do Not Allow Drive Redirection
          6. Do Not Set Default Client Printer To Be Default Printer in a Session
        8. Controlling Terminal Services Profiles
          1. Set Path for TS Roaming Profiles
          2. TS User Home Directory
          3. Restrict Terminal Services Users To a Single Remove Session
          4. Only Allow Local User Profiles
          5. Delete Cached Copies of Roaming Profiles
      3. Group Policy over Slow Links
        1. Default Policy Application over Slow Links
          1. Policies That Apply over Slow Links
        2. Slow Link Behavior for RAS Connections
        3. Slow Link Detection Group Policy Settings
          1. Group Policy Slow Link Detection
          2. Slow Network Connection Timeout for User Profiles
          3. Do Not Detect Slow Network Connections
          4. Prompt User When Slow Link Is Detected
          5. Configure Slow Link Speed
        4. Additional Slow Link Detection Settings for Client-Side Extensions
      4. Summary
  10. III. Group Policy Customization
    1. 13. Group Policy Structure and Processing
      1. Navigating Group Policy Logical Structure
        1. Working with Group Policy Containers
        2. Examining Attributes of groupPolicyContainer Objects
        3. Examining the Security of groupPolicyContainer Objects
        4. Examining GPO Creation Permissions
        5. Viewing and Setting Default Security for New GPOs
          1. Viewing the defaultSecurityDescriptor Attribute
          2. Modifying the defaultSecurityDescriptor Attribute
      2. Navigating Group Policy Physical Structure
        1. Working with Group Policy Templates
        2. Understanding Group Policy Versioning
        3. Understanding Group Policy Template Security
      3. Navigating Group Policy Link Structure
        1. Examining Group Policy Linking
          1. Viewing the gPLink Attribute
        2. Examining Inheritance Blocking on Links
        3. Understanding Group Policy Security and Links
      4. Understanding Group Policy Processing
        1. Examining Client-Side Extension Processing
        2. Examining Server-Side Extension Processing
          1. Setting Storage for Wireless Network Policy
          2. Setting Storage for Folder Redirection Policy
          3. Setting Storage for Administrative Templates Policy
          4. Setting Storage for Disk Quota Policy
          5. Setting Storage for QoS Packet Scheduler Policy
          6. Setting Storage for Scripts
          7. Setting Storage for Internet Explorer Maintenance Policy
          8. Setting Storage for Security Policy
          9. Setting Storage for Software Installation Policy
          10. Setting Storage for IP Security Policy
        3. Understanding Policy Processing Events
        4. Asynchronous vs. Synchronous Policy Processing
        5. Tracking Policy Application
        6. Tracking Slow Link Detection
        7. Modifying Security Policy Processing
        8. Group Policy History and State Data
          1. Group Policy History Data
          2. Group Policy State Data
          3. Group Membership Data
      5. Navigating Local GPO Structure
        1. Understanding LGPO Creation and Application
        2. Understanding LGPO Structure
        3. Managing and Maintaining LGPOs
        4. Controlling Access to the LGPO
      6. Summary
    2. 14. Customizing Administrative Templates
      1. What Is an Administrative Template?
        1. Default .adm Files
        2. Working with .adm Files
        3. Default Installed .adm Files
        4. Tips for Importing .adm Files
        5. Adding .adm Files
        6. Removing .adm Files
        7. Managing .adm Files
          1. Controlling Updated Versions of .adm Files
            1. Turn Off Automatic Updates of ADM Files
            2. Always Use Local ADM Files for Group Policy Editor
          2. Tips for Working with .adm Files
          3. Operating System and Service Pack Release Issues
        8. Policies vs. Preferences
      2. Creating Custom .adm Files
      3. A Simple .adm File
      4. Using .adm File Language
        1. Structure of an .adm File
        2. #if version
        3. Syntax for Updating the Registry
          1. Class
          2. Keyname
          3. Valuename
          4. Valueoff/Valueon
        4. Syntax for Updating the Group Policy Object Editor Interface
          1. Strings
          2. Category
          3. Policy
          4. Part
            1. Checkbox
            2. Clienttext
            3. Combobox
            4. Dropdownlist
            5. Edittext
            6. Listbox
            7. Numeric
            8. Text
          5. Actionlist
        5. Additional Statements in the .adm Template
          1. Comments
          2. Required
          3. Maxlen
          4. Explain
          5. Supported
        6. .adm File String and Tab Limits
      5. Best Practices
      6. Summary
    3. 15. Security Templates
      1. Understanding the Security Template Structure
        1. Account Policies
        2. Local Policies
        3. Event Log
        4. Restricted Groups
        5. System Services
        6. Registry
        7. File System
      2. Where Security Template Settings Overlap with GPO Settings
      3. Working with Security Templates
        1. Security Templates Snap-In
        2. Raw Security Template INF Files
      4. Customizing Security Templates
        1. Copying Templates
        2. Creating New Security Templates
      5. Customizing Security Options
        1. Structure of the Sceregvl.inf File
        2. Customizing the Sceregvl.inf File
        3. Getting the Custom Entry to Show Up
      6. Customizing Services in the Security Templates
        1. Getting the Correct Service to Automatically Display
        2. Acquiring the Service Syntax for the Security Template File
        3. Manually Updating Services in the Security Template File
      7. Microsoft Solutions for Security Settings
      8. Summary
  11. IV. Group Policy Troubleshooting
    1. 16. Troubleshooting Group Policy
      1. Group Policy Troubleshooting Essentials
        1. Verifying the Core Configuration
          1. Verifying the Network Connection and Configuration
          2. Verifying the Computer Account and Trust
          3. Verifying Time Synchronization
          4. Verifying the Computer and User Account Configuration
        2. Verifying Key Infrastructure Components
        3. Verifying the Scope of Management
          1. Checking the GPO Status and Version
          2. Checking the GPO on the Logon Domain Controller
          3. Checking the GPO Link Status and Order
          4. Checking the GPO Permissions
          5. Checking the Loopback Processing Status of the GPO
          6. Checking for Slow Links
      2. Essential Troubleshooting Tools
        1. Working with Resultant Set of Policy
          1. Navigating the Summary Tab
          2. Navigating the Settings Tab
          3. Navigating the Policy Events Tab
          4. Navigating the Advanced View
        2. Viewing RSoP from the Command Line
        3. Verifying Server-Side GPO Health
          1. Checking the GPC and GPT for Errors
          2. Checking the SYSVOL Permissions
          3. Verifying Specific GPOs
          4. Navigating the GPO Details
        4. Managing RSoP Logs Centrally
          1. Getting Started with Group Policy Monitor
          2. Preparing the Group Policy Monitor Installation
          3. Deploying and Configuring Group Policy Monitor
          4. Viewing Group Policy Monitor Reports
          5. Examining Differences Between Refresh Intervals
          6. Managing Report Log Deletion
      3. Group Policy Logging
        1. Navigating the Application Event Logs
          1. Configuring the Level of Application Logging
          2. Understanding Group Policy Events
        2. Managing Userenv Logging
          1. Configuring the Level of Userenv Logging
          2. Examining the Userenv Logs
        3. Managing Logging for Specific CSEs
          1. Enabling Debug Logging for Windows Installer Policy
          2. Enabling Debug Logging for Folder Redirection Policy
          3. Enabling Debug Logging for Security Policy
      4. Summary
    2. 17. Resolving Common Group Policy Problems
      1. Solving GPO Administration Problems
        1. Domain Controller Running the PDC Emulator Is Not Available
        2. Not All Settings Show Up in the Group Policy Editor
          1. Custom Administrative Template Settings Are Not Visible
          2. Administrative Templates and Settings Depend on the Operating System Version
          3. Security Template Settings Are Not Taking Effect
          4. New Custom Security Settings Are Not Displayed
        3. Delegation Restrictions Within the GPMC
          1. Creating GPOs
          2. Linking GPOs
          3. Managing GPOs
          4. Editing GPOs
          5. Viewing GPOs
      2. Group Policy Settings Are Not Being Applied Due to Infrastructure Problems
        1. Domain Controllers Are Not Available
        2. Active Directory Database Is Corrupt
        3. Local Logon vs. Active Directory Logon
        4. SYSVOL Files Are Causing GPO Application Failure
          1. GPO Files Manually Modified Incorrectly
          2. SYSVOL Share Removed
          3. Incorrect Date and Time of GPO Files
        5. Problems with Replication and Convergence of Active Directory and SYSVOL
          1. Syncing Group Policy GPC and GPT
          2. Intrasite Replication
          3. Intersite Replication
        6. DNS Problems Causing GPO Application Problems
          1. DHCP Servers Allocating Incorrect DNS Information
          2. Manual Client Configuration Is Incorrect
          3. SRV Records Have Been Deleted
      3. Solving Implementation Problems
        1. Tracking Down Incorrect GPO Settings
          1. GPO Settings That Can Be Set to Enabled or Disabled
          2. Incorrect Setting Selected
          3. Computer Configuration vs. User Configuration Settings
        2. GPO Links Causing GPO Application Problems
          1. Linking GPOs to Multiple Containers
          2. Administering GPOs that are Linked to Multiple Containers
        3. Accounts Are Not Located in the Correct OU
          1. Reasons That Accounts Are Placed in the Incorrect OU
          2. Wrong Account in OU
        4. Trying to Apply Group Policy Settings to Groups
          1. Linking GPOs to OUs That Contain Only Groups
          2. Setting GPO Security Filtering to Apply GPO Settings to Groups
        5. Conflicting Settings in Two GPOs
        6. Modifying Default GPO Inheritance
          1. Enforcing GPOs
          2. Block Policy Inheritance
          3. Security Filtering
      4. Summary
  12. V. Appendixes
    1. A. Group Policy Reference
      1. Computer Configuration Reference
      2. User Configuration Reference
    2. B. New Features in Windows Server 2003 Service Pack 1
      1. Adprep
      2. Administrative Tools
      3. Internet Explorer Feature Control Settings
        1. Managing Feature Control Settings
        2. Configuring Policies and Preferences
        3. Internet Explorer Administration Kit/Internet Explorer Maintenance
      4. Internet Explorer URL Action Security Settings
        1. Changes to Internet Explorer URL Action Security Settings
      5. Resultant Set of Policy
        1. Changes to RSoP in SP1
        2. Administering Remote RSoP with GPMC SP1
        3. Delegating Access to Group Policy Results
      6. Post-Setup Security Updates
      7. Security Configuration Wizard
      8. Windows Firewall
        1. Changes to Windows Firewall
        2. Changes for Audit Logging
        3. Changes for Netsh Helper
        4. Windows Firewall New Group Policy Support
    3. C. GPMC Scripting
      1. GPMC Scripting Interface Essentials
        1. Understanding the GPMC Scripting Object Model
        2. Creating the Initial GPM Object
        3. Referencing the Domain to Manage
        4. Creating and Linking GPOs
        5. Automating Group Policy Security Management
      2. Using the GPMC’s Prebuilt Scripts
        1. Creating GPOs
        2. Deleting GPOs
        3. Finding Disabled GPOs
        4. Finding GPOs by Security Group
        5. Finding GPOs Without Active Links
        6. Setting GPO Creation Permissions
        7. Setting Other GPO Permissions
        8. Backing Up All GPOs
        9. Backing Up Individual GPOs
        10. Copying GPOs
        11. Importing GPOs
        12. Generating RSoP Reports
        13. Mirroring Your Production Environment
        14. GPMC Prebuilt Script Review
    4. D. Office 2003 Administrative Template Highlights
      1. Microsoft Access 2003
      2. Microsoft Excel 2003
      3. Microsoft FrontPage 2003
      4. Microsoft Clip Organizer 2003
      5. Microsoft InfoPath 2003
      6. Microsoft Office 2003
      7. Microsoft OneNote 2003
      8. Microsoft Outlook 2003
      9. Microsoft PowerPoint 2003
      10. Microsoft Project 2003
      11. Microsoft Publisher 2003
      12. Microsoft Visio 2003
      13. Microsoft Word 2003
  13. Index
  14. About the Authors
  15. Copyright

Product information

  • Title: Microsoft® Windows® Group Policy Guide
  • Author(s): The Microsoft Group Policy Team, Darren Mar-Elia, Derek Melber, William R. Stanek
  • Release date: June 2005
  • Publisher(s): Microsoft Press
  • ISBN: 9780735622173