Module9: Quản lý môi trường người dùng bằng chính sách nhóm

70-290 Tài liệu dành cho học viên MODULE 9: QUAN LÝ MÔI TRƯỜNG NGƯỜI DÙNG BẰNG CHÍNH SÁCH NHÓM Bài tập I_ Tạo đối tượng chính sách nhóm Tao GPO va lién két t61 OU Acapulco # Active Di

Trang 1

70-290 Tài liệu dành cho học viên

MODULE 9: QUAN LÝ MÔI TRƯỜNG NGƯỜI DÙNG BẰNG CHÍNH

SÁCH NHÓM

Bài tập I_ Tạo đối tượng chính sách nhóm

Tao GPO va lién két t61 OU Acapulco

# Active Directory Users and Computers

G te Beton See See Lew

+ (y Saved Queries

ay nutraders.msft To improve Group Policy management, upgrade to the Group Policy

; Sexysic EDUEATION CORPORATION

3 a Ta Group Policy Objects higher in the fist have the hghest púodiy,

G3 Users This st obtained from: LONDON-DC nvtraders msft

Cte )| A+ | FEES U |

Options | Delete | Broperties | Bown

Chon nút New để vừa tạo mới vừa liên kết tới OU Acapulco

To improve Group Policy management, upgrade to the Group Policy Management Console (GPMC)

đi ` DuientGroupPofcy 0biectLiks for Acapulco

| Group Policy Object Links | No Overtide Disabled |

Trang 2

Rcapulco Standard Ðesktop 2 Propertiles _?Ix

€@ CREATOR OWNER

€F2 Domain Admins (NWTRADERS \Domain Admins)

Fi Enterprise Admins (NWTRADERS\Enterprise Admins)

€@ ENTERPRISE DOMAIN CONTROLLERS

Domain Admins (NwTRADERS\Domain Admins} ^Í

€72 Erterprise Admins (NWTRADERS\ Enterprise Admins) PENTER

G NWTRADERS Marketing Personnel (NWTRADERS\G NWTR:

Create All Child Objects oO Oo

Delete All Child Objects 0 O

<Bipply Group Policy Hnm #-

Trang 3

Tài liệu dành cho học viên

a

70-290

ñcapulco Properties

General | Managed By | Object | Security] COM

Te neve Sew oe nee: upgrade to the Group Policy

Chọn thiết lap ngan chan vao cac tng dung 16-bit

7A Group Policy Object Editor

Ble Action View Help

3

=

Prevent access to 16-bit applications Pr

&)- 5 Software Settings (+) C3) Windows Settings

Trang 4

Xoa bod thé Hardware khoi Windows Explorer

Ble Action Yew Help

(Gy Software Settings id Remove Fie menu from Windows Explorer Nol

2 By Windows Settings 24 Remove “Map Network Drive” and "Disconnect Network Drive” Nai

& (2) Administrative Templates TM Remove Search button from Windows Explorer

& GB User Configuration bi Remove Windows Explorer's default context menu Nol f9 Ey Software Settings SW Hides the Manage Rem on the Windows Explorer context menu Nol

b Na y2 Pid Allow ority per user cơ approved sheŠ exterzions Nol

5 LY Windows Explorer nã Heo

SQ] Microsoft Management Console a Ratsowe if to change thew aniisation sting Nol

Xoá bỏ các liên kếtvà quyên truy cập vào Windows Update

Ve hut eae) emer tty

Ji 2 & Software Settings

& C1 Windows Settings

@ (5) Administrative Templates

S gi User Configuration

& (9 Software Settings

& Windows Settings

Trang 5

on Group Policy Object Editor

Fe Acion Yow Hep

2 6B) Comnprter Configuration Remove usee’s folders From the Start Menu Not configured

Remove common program groups from Start Menu Not configured

(Ey Adminestrative Templates Remove My Documerts kon from Start Menu Not configured

4d Remove Documents menu from Start Meru

(Ly Software Settings

& Qj Windows Settings

x Remove user's folders Froen the Start Menu Not configured

ad Remove links and access to Windows Update Enabled

id Remove comenon progr den groups from Start Menu Not corfigured

3d Remove My Documents icon from Start Menu Not configured

ed Remove Docurents mmenu from Start Menu Not configured

ay Remove programs on Settings mera Not configured

iW Remove Network Connections From Start Menu Enabled

Bd Remove Favorites menu from hat Menu Not configured

wid Retnove Search mera from Start Menu

Bai tap 2 Tạo đối tượng chính sách nhóm cho việc chuyển hướng thư mục Vao Properties cua OU users dé tao GPO

Trang 6

General | Managed By| Object | Securty | COM+ (

To improve Group Policy management, upgrade to the Group Policy les Console (GPMC})

& [Acapulco Accouting Folder Redirection! ~}

Group Policy Objects higher in the list have the highest priority

This ee hn LONDON-DC ravtraders msft

Trang 7

eee case ene nae Lee OOS anagement Console (GF pag ;

| | Description

€22 Domain Admins (NWTRADERS\Domain Admins)

CF Enterprise Admins (NWTRADERS\Enterprise Admins}

(72 ENTERPRISE DOMAIN CONTROLLERS

$F Acapulco Accouting

BP ames 6 J há

Now [Ad Permissions for Authenticated Users: re me

l Select Users, Computers, or Groups Mp3

cee sMSIG-EDUCATION CORPORATION

1 [Users Groups, ot Built-in security principals Object Types

From this location:

|natraders maft Locations |

Cho Full Control

Trang 8

capulco Accouting Folder Redirection Properties

General] Links Security | WMI Fiter

VSIS, EDUCATION ‘CORPORATION

(7 CREATOR OWNER

Í? Enterptise Admin: (NM/TRADERS1Erlopylee Aori)

€@ ENTERPRISE DOMAIN CONTROLLERS

Apply Group Policy ¬ xị For special permissions of for advanced settings, Advanced

Click OK chon ntt edit

Chon properties>chon Basic, chi duéng.dan toi thu muc share chtra thu muc My Documents

Reisen Policy Object Editor

File Action View Help

&)-4§@ User Configuration ——

#' Software Settings Setting: “| Basic - Redirect everyone's folder to the same location _¥|

7 ÔN Appksion Data ~ Target folder location

en | Create a folder for each user under the root path zi

) Bf) Internet Explorer Mainl ~” ——

3-S] Adriietrsive Temol & Powdered Aeonuning Dat

Trang 9

ux

( Leave the folder in the new location when policy is removed

“Redirect the folder back to the local userprofile location

y is temoved

iy Pictures Picierennes

[ee cecil ay

Bai tap 3 Tao GPO cho cac may laptops

Click phai OU Laptops > Properties >thé Group Policy nút New nhập tên cho GPO

4? Active Directory Users and Computers

<} file Action View Window Help |

Trang 10

Chọn setting nhắc øõ mật khâu khi tro lai tir Hibernate

Ble Action Yew Hep

Prompt for password on resume

a Ly Wirdows Settings Soeahiiarneke 7 3u bsad

S £ User Configuration Deplsy Properties ——¬

©) (ly Windows Settings — =

¬ sa Bt beast Microsoft Windows XP

= Ll Administrative Templates | profescional or Windows Server 2003

& &) Windows Components

«ge WSIC EDUCATION CORPORATION

This settings slows you to configure cherk computers to alvesy's lock when resuming from 3 Nbarnate or suxpend

If you enable this setting, the chant ccenputer ts loched when & & resumed Fron a suspend ce hebernate state

If you disable or do nt configure this setting, users can decide & their computer is automatically locked or not after performing 8 resume operation

Supported orc At least Microsoft Windows XP Professional or Windo

Previogs Setting | NEw Setting |

Trang 11

' ¡a Broup Pol(cy 0bịJect Edftor

Fie Action Yew Hep _

ee\ mi ga @

35 Acapulco Laptop Settings [LONDOr ==

4} Computer Configuration Setting | Explain

(2) Software Settings

% ] Windows Settings SW Synchionize all offline fles when logging on

& 3 Administrative Templates ˆ

& (3 Administrative Templates Nicabled

Va enable đông bộ hóa khi log off

iq Group Policy Object Editor

File Action View Help

user configuration of Offline Files

: ý Non-def auÈ server disconrwect actions

ad Remove ‘Make Available Offline’

Initial reminder balloon lifetime Not configured

“4 Reminder balloon ifetime Not configured

AM Prohibit ‘Make Available Offline’ for these file and folders Not configured

#t4 Do not automatically make redirected folders available offline Not configured

Trang 12

& Active Dire ctory Users and Computers

CỐ Ele Action View Window Hợp

Vào New nhập tên cho GPO

f Active Directory Users and Computers

nh General | Raed Object | Sami COM+ Ging Cid |

& (3) Saved Queries

[ Group Policy Object Links | No Overide | Disabled |

spuise Fron Setting: ¥

Group Policy Objects higher in the fst have the highest priority

This fist obtained from: LONDON-DC rvtraders, msft

Trang 13

8 ©) Software Settings Prevent use of Offline Files folder

® CC] Windows Settings “ax| 2a Prohibit user configuration of Offline Files

_& (Ay Administrative Templates Cesplay Properties Synchronize al offline fies when logging on

t a Settings At least Microsoft Vindows 2000 Syrxheonize offine files before suspend

sí đc : Action on server disconnect

2 GQ) Windows Components | Disables the Offline Files folder

(3) Start Menu and Taskbe

&) QQ Desktop This setting disables the “View Files”

tê button on the Offline Files tab As 6

8) C2] Cortrol Panel resuk, users cannot use the Offline

() Shared Folders Fies folder to view or open copies of

=)- 2) Netwo network files stored on their

Sy Offline | computer Also, they cannot use the

yrs Folder to view characteristks of

+ TA offline Files, such as their server

@) CC] System status, type, or location

or Prohibit ‘Make Available Offline’ for these file and folders

Click nút close để kết thúc

Trang 14

mm AE :-

To improve Group Policy management, upgrade to the Group Policy

Eifion conrorarion

ent toup Pe

Group Policy Object Links | NoOvemde Disabled |

Group Policy Objects higher in the list have the highest priority

This st obtained from: LONDON-DC nwtraders.msft

New | Add | Est | Us|

Qptions | Delete | Properties | own

Baitap5 Tao bao cao group policy modeling

M6 Group Policy Management

S Group Policy Management Group Policy Modeling

SA Forest: ruvtraders.msft Contents |

Trang 15

Thes vazard helps you simulate a poboy deployment for

planning and testing purposes By spect ying the domar controler, users securty gioup membership location, and WMI fiter status, pou can model the resulting set of pobcy of

Trang 16

Œroup Poltcy Hodeling Wlzard

Domain Controller Selection x

You must specify 6 domain controller to use for performing the senudaton

a aco ate

Show domain controfers m this domart

| rentraders enh „

Process the simulation on this domain controller:

<Back Í[ New> | Carcet |

Chon Next

xroup Policy Modeling Wizard

User and Computer Selection g

Nabe le ghê prerasgi le đục nh conor ay osama eat ic lama

information) and computer [oc a container with computer information)

Example user or computer) NWTRADERS administrator Simulate pokey settings for the folovang:

T~ Skip to the final page of this wizard without cofecting addtional data

<Back |[ Nets] Cancel |

Chon Next

Trang 17

Group Policy Modeling Wizard

Advanced Simulation Options

You can select additional options for your simedation

Group Policy Modeling Wizard

WMI Filters for Users s

You can include Windows Management [rstruraerdetAor: (VMI] fiers in pour sanuation

os

WMI fitlers can be inked to Group Pokcy otiects (GPO) If a fiter is inked to a GPO then that GPO appbes only to those users who meet the criteris speciied in the fiter

Assume that the selected user meets the criteria for the following ters:

VSIC EDUCATION CORPORATION

Trang 18

Group Policy Modeling Wizard LỆ ý xi

Vaic EHUCATION CORPORATIONE

To make changes to pour selections, chek Back To process the simulation, cick Next

Loopback mode Replace Site name Defadtfrst-Ste-Name User secusty groups Authenticated Users

Everpore NWTRADERS\G NWTRADERS Accounting Perso

Compete: secunty groups Aatherticated Users

Trang 19

+ sroup Policy Management

53 fle Action View Window Help

a re a escogas Group Policy Modeling

Bai tap 6 Tạo báo cáo các kêt quả của chính sách nhóm

Dùng Group policy Management để tạo

®+ Group Policy Management

[FE Group Policy Management Group Policy Results

GX Forest: nwtraders.msft Contents |

Trang 20

Group Policy Results Wizard lw

= Welcome to the Group Policy

eI Results Wizard

a

This weard helps you ascertain the pokey settings for a

specific user or computer, The wizaed wall query the user's

Compates and report tive cesulting set of pobcy currently

SATION CORPORATION

To contre, chek Next

Chon this computer

Group Policy Results Wizard gi xị

VSIC EDUCATION CORPORATIONE=

Select the computer for whech you want to dieplay pobcy settings

<Back [ New> | Cancel |

Chon Current User

Trang 21

Group Policy Results Wizard x!

T Dg not display user policy settings in the resus (display computer policy settings only)

< Back New > Cancel |

Chon Next

Group Pollcy Resulits Wlzard

vais EBUCATION CORPORATIONES

To make changes to your selectioris, cick Back To gather the poicy settings, cíck Next,

User name NWTRADERS VAdmirestr ator

Display user pokey settings Yes

Display computer poicy settings Yes

Chon Finish đề kếtthúc

Trang 22

To close this vazard and view the resus, click Firush

xoup Poltcy Aesults Wfzard

Hg Ble action Yew Window thp _=i#l>]

“ An py eet Administrator on LONDON-DC

= = GD Donne ow % š Sumenaey | Serings | Pokey Everts | x

+ Lj Kes [= aaa ; : ˆ

= LY Group Policy Resuts NWTRADERS\Administrator on NWTRADERS\LONDON-DC

Summary bee General hee

Doman tetioders met Ste Dolak Fant SteNarme Lait tene Gesup Poley wast peocested 2/20/20? 43+22)P Group Policy Objects bode

Name Link Location Revision

Defeat Doman Cortrolers Pobey = pavtraddees malt/Doman Cortrofers = AD {7} Sysvel [7]

Securty Group Meeberthip when Group Policy was applind show

Tiêu đề	Quản lý môi trường người dùng bằng chính sách nhóm
Trường học	VSIC Education Corporation
Thể loại	Tài liệu

Định dạng
Số trang	22
Dung lượng	3,75 MB