filmov
tv
MCITP 70-640: Enforcing and Blocking Group Policy
Показать описание
This video will look at using the Group Policy options block and enforce. These options allow you to change the way Group Policy is processed in your domain; however this does make things more complex. This video also looks at ways that Group Policy can be deployed to minimize the need for enforce and blocking Group Policy.
Group Policy Processing
Group Policy is processed in the following order: local, site, domain, OU. If there are multiple Group Policies applied to the same OU, a link order is used to determine which Group Policy will have preference over the other. A Group Policy with a lower link order number takes priority over a Group Policy with a higher link order. For this reason, the Group Polices will be applied from highest link order or lowest link order.
Blocking Group Policy is useful when you have multiple Group Polices and you do not want settings to be inherited. Without the blocking option, you need to reverse any Group Policy settings applied previously. The problem when blocking is not used is that settings can be added later on. The administrator would need to reverse the new Group Policy settings later on if they did not want them.
Block Inheritance
Block inheritance is configured at the OU level. Once configured it blocks all the settings configured by Group Policy above it. This allows the administrator to start again without having to worry about what settings have already been configured.
Enforced
Individual Group Polices can be configured with the enforce option. This will ensure that the settings in the Group Policy are applied even if an OU is configured to block inheritance. To achieve this, the Group Policy with the enforce option is moved to the end of the processing order. In other words the processing order goes like this: local, site, domain, OU's and then enforced Group Polices in the order of OU's, domain and then site. In other words, the enforced Group Polices are moved to the end and applied in the reverse order that they would normally be applied in.
Group Policy Processing
The computer side of Group Policy is applied when the computer starts up. The user side of Group Policy is applied when the user logs in. This means that the user side of Group Policy will overwrite the computer side of Group Policy if there is a conflict. There are very few Group Policy settings that have the same name in the computer and user side of group policy. For this reason it is rare to have conflicts.
Demonstration
To block inheritance on an OU, right click the OU in Group Policy Management and select the option Block Inheritance.
To enforce a Group Policy, right click on the Group Policy and select the option Enforced.
It is recommended that you use the block and enforce options only when required. In a lot of cases you can avoid using these options by careful planning of your Group Policies.
References
"MCTS 70-640 Configuring Windows Server 2008 Active Directory Second Edition" pg 292-294
Group Policy Processing
Group Policy is processed in the following order: local, site, domain, OU. If there are multiple Group Policies applied to the same OU, a link order is used to determine which Group Policy will have preference over the other. A Group Policy with a lower link order number takes priority over a Group Policy with a higher link order. For this reason, the Group Polices will be applied from highest link order or lowest link order.
Blocking Group Policy is useful when you have multiple Group Polices and you do not want settings to be inherited. Without the blocking option, you need to reverse any Group Policy settings applied previously. The problem when blocking is not used is that settings can be added later on. The administrator would need to reverse the new Group Policy settings later on if they did not want them.
Block Inheritance
Block inheritance is configured at the OU level. Once configured it blocks all the settings configured by Group Policy above it. This allows the administrator to start again without having to worry about what settings have already been configured.
Enforced
Individual Group Polices can be configured with the enforce option. This will ensure that the settings in the Group Policy are applied even if an OU is configured to block inheritance. To achieve this, the Group Policy with the enforce option is moved to the end of the processing order. In other words the processing order goes like this: local, site, domain, OU's and then enforced Group Polices in the order of OU's, domain and then site. In other words, the enforced Group Polices are moved to the end and applied in the reverse order that they would normally be applied in.
Group Policy Processing
The computer side of Group Policy is applied when the computer starts up. The user side of Group Policy is applied when the user logs in. This means that the user side of Group Policy will overwrite the computer side of Group Policy if there is a conflict. There are very few Group Policy settings that have the same name in the computer and user side of group policy. For this reason it is rare to have conflicts.
Demonstration
To block inheritance on an OU, right click the OU in Group Policy Management and select the option Block Inheritance.
To enforce a Group Policy, right click on the Group Policy and select the option Enforced.
It is recommended that you use the block and enforce options only when required. In a lot of cases you can avoid using these options by careful planning of your Group Policies.
References
"MCTS 70-640 Configuring Windows Server 2008 Active Directory Second Edition" pg 292-294
0:17:34
MCITP 70-640: Enforcing and Blocking Group Policy
0:10:15
MCITP 70-640: Group Policy Optimization
0:10:19
MCITP 70-640: AGUDLP Group Strategy
0:10:55
MCITP 70-640: Configuring Group Policy
0:10:52
MCITP 70-640: Group Policy Filtering
0:17:47
MCITP 70-640: Troubleshooting Group Policy
0:11:12
MCITP 70-640: Group Policy Loopback Processing
0:08:58
MCITP 70-640: Group Policy Restricted Groups
0:15:44
MCITP 70-640: Default Local Groups
0:11:27
MCITP 70-640: Group Policy Preferences
0:06:11
MCITP 70-640: Group Policy Replication
0:11:13
MCITP 70-640: Group Strategy AGDLP
0:08:29
MCITP 70-640: Moving Operation Master Roles
0:11:24
MCITP 70-640: Installing Group Policy Tools
0:09:23
MCITP 70-640: Local Group Management with Preferences
0:07:57
MCITP 70-640: Windows File Auditing
0:14:23
MCITP 70-640: Group Policy Processing Order
0:06:34
MCITP 70-640:Delegation of Control
0:04:41
MCITP 70-640: Deny Domain Local Group
0:05:56
HOW TO USE ENFORCED & BLOCK INHERITANCE IN GROUP POLICY?
0:15:30
MCITP 70-640: Windows Security Settings and Security Templates
0:16:49
MCITP 70-640: Active Directory Password Polices
0:11:28
MCITP 70-640: Group Policy New Features
0:15:46
MCITP 70-640: Security Configuration Wizard
Комментарии