ManagingYourDomainEnvironmentMoreEffectively.pdf

(570 KB) Pobierz
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
Managing a Domain Environment
More Effectively
839335714.046.png
Managing a Domain Environment More Effectively
ManagingaDomainEnvironmentMore
Effectively
Objectives
After completing this lab, you will be better able to:
Create Group Policy Objects (GPOs) using the Group Policy Management
Console (GPMC)
Use PowerShell to expedite the backup of your GPO environment
Link GPOs using GPMC
Control GPOs using Advanced Group Policy Management (AGPM)
Add workflow (check-in, check-out and rollback) to GPOs by using AGPM
Control auditing and mail flow of GPO activity through AGPM
Stamp production GPOs with non-default security settings using AGPM
Search GPOs using the AGPM console
Scenario
Group policy is natively inherent in a Windows domain environment. However,
auditing and controlling group policy as well as rolling back to a previous version
is not – Enter AGPM. In this set of labs you will learn how to utilize Group Policy
and AGPM subsequently giving you greater control over your already existing
complex environment. Topics include creation and deployment, check-in and –
out, import and export, mail audit integration, search, ACL override, and even a
bit of PowerShell scripting.
Estimated Time to
Complete This Lab
60 Minutes
Computers used in this
Lab
ADMIN-PC- Amy
ADMIN-PC- Damen
ADMIN-PC- Giggi
ADMIN-PC- Justin
Client-PC- Amy
Client-PC- Giggi
Exchange
Server
The password for the Administrator account on all computers in this lab is:
Password!
Page 1 of 8
839335714.048.png 839335714.001.png 839335714.002.png 839335714.003.png 839335714.004.png 839335714.005.png 839335714.006.png 839335714.007.png 839335714.008.png
 
Managing a Domain Environment More Effectively
Exercise 1
Create a Basic GPO using GPMC
Scenario
This exercise will walk you through creating a standard GPO with the standard GPMC and linking the GPO to an
existing Organizational Unit (OU). It will also test the GPOs results.
Tasks
Detailed Steps
a. Log in to ADMIN-PC as the user amy.fish with the password Password! .
b. Double click the Group Policy Management shortcut on the desktop.
c. Navigate to Group Policy Management | Forest: tailspintoys.com | Domains |
tailspintoys.com | Group Policy Objects .
d. Right click on the Group Policy Objects node and choose New .
e. In the Name textbox enter IE Full Screen and click OK .
f. Right click on the newly create IE Full Screen GPO and choose Edit .
g. Navigate to Computer Configuration | Policies | Administrative Templates |
Windows Components | Internet Explorer | Enforce Full Screen Mode .
h. Right click Enforce Full Screen Mode and choose Edit .
i.
Complete the following
task on:
ADMIN-PC- Amy
1.
Create the GPO
Choose the radio option Enabled and click OK .
j.
Close the GPO Editor .
a. Still logged in to ADMIN-PC as amy.fish , using GPMC , navigate to the newly
created GPO; Group Policy Management | Forest: tailspintoys.com | Domains |
tailspintoys.com | Group Policy Objects | IE Full Screen .
b. Drag and drop IE Full Screen on top of the Workstations OU.
c. When prompted Do you want to link the GPOs that you have selected to this
organizational unit? Click OK .
Complete the following
task on:
ADMIN-PC- Amy
2.
Link the GPO
a. Log in to CLIENT-PC as amy.fish with the password Password! .
b. Click on the Start button and in the search box type the following:
gpupdate /force
Note : Normally you would not need to carry out the above step as machines apply
GPOs at various intervals, however in order to expedite this timer, the above
command will force an immediate refresh.
c. Click on the Internet Explorer shortcut in the task bar.
Note : A successful execution of this lab will return a blank IE page. This is the
expected result. What you want to look for is the fact that IE has no menus and is
runninginwhatisreferredtoas“fullscreenmode”.
Complete the following
task on:
CLIENT-PC- Amy
3.
Test the GPO Link
Page 2 of 8
839335714.009.png 839335714.010.png 839335714.011.png 839335714.012.png 839335714.013.png 839335714.014.png 839335714.015.png 839335714.016.png 839335714.017.png 839335714.018.png 839335714.019.png 839335714.020.png 839335714.021.png 839335714.022.png 839335714.023.png 839335714.024.png 839335714.025.png 839335714.026.png 839335714.027.png 839335714.028.png
 
Managing a Domain Environment More Effectively
Exercise 2
Use PowerShell to back-up your GPOs
Scenario
Once you start building your domain infrastructure to include GPOs it will be important to backup these GPOs.
Included in the Group Policy Management feature is a set of PowerShell cmdlets to help you script GPO
management, in this case backup.
In this exercise you will use the Windows PowerShell Environment to back up your existing GPOs for safe storage
and disaster recovery.
Tasks
Detailed Steps
a. Log in to SERVER as the user amy.fish with the password Password! .
b. Click on the Windows PowerShell shortcut on the task bar.
c. At the PowerShell prompt type the following:
import-module grouppolicy
Note : Executing the above code will not return any results by default. It will simply
present you with a second command prompt.
To test the module has been successfully imported you can type:
Get-command –module grouppolicy
Note : This will return a list of all of the Group Policy cmdlets – IF – the module is
successfully imported. If the module is not successfully imported, PowerShell will not
return any results.
In order to execute any GPO PowerShell cmdlets, you must import the module every
time you open PowerShell. Further, the module cmdlets are only available on a
machine that has the Group Policy Management Feature installed.
d. At the PowerShell prompt type:
backup-gpo –all –path c:\gpo-backup –comment“PowerShellBackup”
Note : Prior to running the backup-gpo cmdlet, the path where you want to save the
backup MUST already exist.
e. Click on Start and navigate to Computer .
f. Double click Local Disk C .
g. Double click gpo-backup .
Note : You should have various subdirectories, identified by GUIDs, in c:\gpo-backup.
Each subdirectory will contain two XML files and a DomainSysvol/GPO structure
defining the GPO setting(s).
After you have a successful backup, you can easily run the cmdlet:
restore-gpo
Note : Or alternatively restore GPOs using GPMC.
If you wish to use the restore-gpo cmdlet, you must first ensure you import the
grouppolicy module as described above in step 3.
Complete the following
task on:
SERVER
1.
Use PowerShell to
backup GPOs
Page 3 of 8
839335714.029.png 839335714.030.png 839335714.031.png 839335714.032.png 839335714.033.png 839335714.034.png 839335714.035.png 839335714.036.png 839335714.037.png 839335714.038.png 839335714.039.png 839335714.040.png 839335714.041.png 839335714.042.png 839335714.043.png 839335714.044.png 839335714.045.png
 
Zgłoś jeśli naruszono regulamin