ManagingYourDomainEnvironmentMoreEffectively.pdf
(
570 KB
)
Pobierz
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
Managing a Domain Environment
More Effectively
Managing a Domain Environment More Effectively
Table of Contents
Managing a Domain Environment More Effectively................................................................ 1
Exercise 1 Create a Basic GPO using GPMC ...................................................................................................................2
Exercise 2 Use PowerShell to back-up your GPOs .........................................................................................................3
Exercise 3 Control GPOs Using GPMC and AGPM .........................................................................................................4
Exercise 4 Adding Workflow to GPOs using AGPM .......................................................................................................5
Exercise 5 Auditing with AGPM .....................................................................................................................................7
Exercise 6 Searching with AGPM ...................................................................................................................................8
Managing a Domain Environment More Effectively
ManagingaDomainEnvironmentMore
Effectively
Objectives
After completing this lab, you will be better able to:
Create Group Policy Objects (GPOs) using the Group Policy Management
Console (GPMC)
Use PowerShell to expedite the backup of your GPO environment
Link GPOs using GPMC
Control GPOs using Advanced Group Policy Management (AGPM)
Add workflow (check-in, check-out and rollback) to GPOs by using AGPM
Control auditing and mail flow of GPO activity through AGPM
Stamp production GPOs with non-default security settings using AGPM
Search GPOs using the AGPM console
Scenario
Group policy is natively inherent in a Windows domain environment. However,
auditing and controlling group policy as well as rolling back to a previous version
is not – Enter AGPM. In this set of labs you will learn how to utilize Group Policy
and AGPM subsequently giving you greater control over your already existing
complex environment. Topics include creation and deployment, check-in and –
out, import and export, mail audit integration, search, ACL override, and even a
bit of PowerShell scripting.
Estimated Time to
Complete This Lab
60 Minutes
Computers used in this
Lab
ADMIN-PC- Amy
ADMIN-PC- Damen
ADMIN-PC- Giggi
ADMIN-PC- Justin
Client-PC- Amy
Client-PC- Giggi
Exchange
Server
The password for the Administrator account on all computers in this lab is:
Password!
Page 1 of 8
Managing a Domain Environment More Effectively
Exercise 1
Create a Basic GPO using GPMC
Scenario
This exercise will walk you through creating a standard GPO with the standard GPMC and linking the GPO to an
existing Organizational Unit (OU). It will also test the GPOs results.
Tasks
Detailed Steps
a.
Log in to
ADMIN-PC
as the user
amy.fish
with the password
Password!
.
b.
Double click the
Group Policy Management
shortcut on the desktop.
c.
Navigate to
Group Policy Management | Forest: tailspintoys.com | Domains |
tailspintoys.com | Group Policy Objects
.
d.
Right click on the
Group Policy Objects
node and choose
New
.
e.
In the Name textbox enter
IE Full Screen
and click
OK
.
f.
Right click on the newly create
IE Full Screen
GPO and choose
Edit
.
g.
Navigate to
Computer Configuration | Policies | Administrative Templates |
Windows Components | Internet Explorer | Enforce Full Screen Mode
.
h.
Right click
Enforce Full Screen Mode
and choose
Edit
.
i.
Complete the following
task on:
ADMIN-PC- Amy
1.
Create the GPO
Choose the radio option
Enabled
and click
OK
.
j.
Close the
GPO Editor
.
a.
Still logged in to
ADMIN-PC
as
amy.fish
, using
GPMC
, navigate to the newly
created GPO;
Group Policy Management | Forest: tailspintoys.com | Domains |
tailspintoys.com | Group Policy Objects | IE Full Screen
.
b.
Drag and drop
IE Full Screen
on top of the
Workstations
OU.
c.
When prompted
Do you want to link the GPOs that you have selected to this
organizational unit?
Click
OK
.
Complete the following
task on:
ADMIN-PC- Amy
2.
Link the GPO
a.
Log in to
CLIENT-PC
as
amy.fish
with the password
Password!
.
b.
Click on the
Start
button and in the search box type the following:
gpupdate /force
Note
: Normally you would not need to carry out the above step as machines apply
GPOs at various intervals, however in order to expedite this timer, the above
command will force an immediate refresh.
c.
Click on the
Internet Explorer
shortcut in the task bar.
Note
: A successful execution of this lab will return a blank IE page. This is the
expected result. What you want to look for is the fact that IE has no menus and is
runninginwhatisreferredtoas“fullscreenmode”.
Complete the following
task on:
CLIENT-PC- Amy
3.
Test the GPO Link
Page 2 of 8
Managing a Domain Environment More Effectively
Exercise 2
Use PowerShell to back-up your GPOs
Scenario
Once you start building your domain infrastructure to include GPOs it will be important to backup these GPOs.
Included in the Group Policy Management feature is a set of PowerShell cmdlets to help you script GPO
management, in this case backup.
In this exercise you will use the Windows PowerShell Environment to back up your existing GPOs for safe storage
and disaster recovery.
Tasks
Detailed Steps
a.
Log in to
SERVER
as the user
amy.fish
with the password
Password!
.
b.
Click on the
Windows PowerShell
shortcut on the task bar.
c.
At the PowerShell prompt type the following:
import-module grouppolicy
Note
: Executing the above code will not return any results by default. It will simply
present you with a second command prompt.
To test the module has been successfully imported you can type:
Get-command –module grouppolicy
Note
: This will return a list of all of the Group Policy cmdlets – IF – the module is
successfully imported. If the module is not successfully imported, PowerShell will not
return any results.
In order to execute any GPO PowerShell cmdlets, you must import the module every
time you open PowerShell. Further, the module cmdlets are only available on a
machine that has the Group Policy Management Feature installed.
d.
At the PowerShell prompt type:
backup-gpo –all –path c:\gpo-backup –comment“PowerShellBackup”
Note
: Prior to running the backup-gpo cmdlet, the path where you want to save the
backup MUST already exist.
e.
Click on
Start
and navigate to
Computer
.
f.
Double click Local Disk
C
.
g.
Double click
gpo-backup
.
Note
: You should have various subdirectories, identified by GUIDs, in c:\gpo-backup.
Each subdirectory will contain two XML files and a DomainSysvol/GPO structure
defining the GPO setting(s).
After you have a successful backup, you can easily run the cmdlet:
restore-gpo
Note
: Or alternatively restore GPOs using GPMC.
If you wish to use the restore-gpo cmdlet, you must first ensure you import the
grouppolicy module as described above in step 3.
Complete the following
task on:
SERVER
1.
Use PowerShell to
backup GPOs
Page 3 of 8
Plik z chomika:
kond82
Inne pliki z tego folderu:
ManagingYourDomainEnvironmentMoreEffectively.pdf
(570 KB)
Inne foldery tego chomika:
2368A - Zarządzanie Środowiskiem systemu Microsoft Windows Server 2003
BLACK & WHITE
Cad Decor 2 Działa
Cad Decor 2.0 Bazy fullpack(hsp)
COLOR MANAGEMENT
Zgłoś jeśli
naruszono regulamin