Scribd
Upload
28 views3 pages

Group Policy Part1

Uploaded by

teyesi4982
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
28 views3 pages

Group Policy Part1

Uploaded by

teyesi4982
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

group policy:-group policy consist of user and computer settings that is

implemented when
user is logon or logoff or system is shutdown or restart.

GPO(group policy object):- all settings of group policy are store in it

[Link] gpo:it is apply to local system


[Link] gpo: it is appy to domain network
[Link] gpo:- it derived from other gpo

[Link] policy:-

server manager-->tools--->group policy management--->expand forest,domain and


domain name
--->right click on default domain policy--->edit--->computer configuration---
>policies
--->windows setting--->security setting--->account policy--->password policy--
>select
the setting that you want-->close---

right click on default domain policy-->enforce

open run--->gpupdate /force

[Link] lockout policy:-for security purpose if any body try wrong password then
account
will be lock for some time.

server manager-->tools--->group policy management--->expand forest,domain and


domain name
--->right click on default domain policy--->edit--->computer configuration---
>policies
--->windows setting--->security setting--->account policy--->account lockout
policy-->
double click on account lockout threshold (2) and set the time-->close

right click on default domain policy-->enforce

open run--->gpupdate /force

to unlock user before time by server administrator

server manager--->tools--->active directory user and computer--->users-->right


click on

username -->properties--->account--->check unlock account--->apply -->ok

[Link] restriction policy:- to restrict some software for user and computer

server manager-->tools--->group policy management--->expand forest,domain and


domain name
--->right click on default domain policy--->edit--->computer configuration---
>policies
--->windows setting--->security setting--->software restriction policy-->right
click
on software restriction policy-->new software restriction policy--> right click on
aditional rule--->new path rule--browse c:\programme files\internet explorar* --
>apply ok

note:how to create gpo and link to domain

server manager-->tools--->group policy management--->expand forest,domain and


domain name
-->right click on group policy object-->new-->give gpo name -->ok(then right click
on gpo
that you created and select edit and give the policy that you want).

to link a gpo

right click on domain name-->link an existing gpo--->select gpo name that you
create-->ok

[Link] redirection policy:-it is used to redirect the content of a particular


folder to
a server location so that user has no headache of loss data due to their
workstation(computer)
failure.

to configure folder redirection policy

a)share a folder or drive where you want to redirect data

b)turn on network discovery(start 4 services)


server manager-->tools-->services-->
function discovery resource publication
dns client
ssdp discovery
upnp device host

c)now configure folder redirection:-

server manager-->tools-->group policy management-->right click on domain name--


>create a
gpo in this domain and link it here--->give gpo name(folder redirection)--.ok
--->right click on gpo that you created --->edit--->user configuration---
>policies-->
windows setting--->folder redirection--->right click on foldername(desktop)--
>properties
--->select basic redirect everyone folder to same location and give root
path(\\[Link](server ip)\folderredirection)-->ok-->yes

right click on gpo name-->enforce

run gpupdate /force

note:- if administrator not able to open file of other user click on security tab--
>browse -->change-->advanced-->find now-->select administrator-->ok-->ok

You might also like