You have selected free tutorial of the Microsoft Corporation for the Microsoft Technology Associate (MTA) :
98-365: MTA: Windows Server Administration Fundamentals :
Module 3: Understanding Active Directory :
Understand group policy.
a role is similar to a job role with a company, a feature is similar to a job responsibility
performed by a specific role. Many of the features of Server 2008 are required for certain
roles to function properly. When installing some roles, you may be prompted to include specific
features during your installation. Following are the new features available in Server 2008:
• .NET 3.0 Framework
• Windows Desktop Experience
• Network Load Balancing
• Group Policy Management
• Remote Server Administration Tools
• Windows PowerShell
• Windows Server Backup Features
Group Policy is a method for implementing specific configurations for users and computers
within an AD domain. Group Policy settings are contained in Group Policy objects, which are
linked to the following AD service containers: sites, domains, and organizational units.
Microsoft Windows-based operating systems have an advantage because of their flexibility
and manageability. Administrators have the ability to lock down the Microsoft operating
systems by placing some rules or policies onto the domain.
Administrators can configure many different options to suit the network environment
and help follow corporate policies. However, having the flexibility to configure the
network and the Windows operating system comes at a price—generally, end users on a
network have the ability to configure many options that they should not be changing. For
example, TCP/IP configuration and security policies should remain consistent for all client
computers. In fact, end users really don’t need to be able to change these types of settings in
the first place because many end users do not understand the purpose of these settings.
Windows Server 2012 R2 group policies are designed to provide system administrators
with the ability to customize end-user settings and to place restrictions on the types
of actions those users can perform. Group policies can be easily created by system
administrators and then later applied to one or more users or computers within the environment. Although they ultimately do affect registry settings, it is much easier to
configure and apply settings through the use of Group Policy than it is to make changes to
the registry manually. To make management easy, Microsoft has given administrators the
ability to change all Group Policy settings from within one Microsoft Management Console
(MMC) snap-in called the Group Policy Management Console (GPMC).
Group policies have several potential uses. I’ll cover the use of group policies for
software deployment, and I’ll also focus on the technical background of group policies and
how they apply to general configuration management.
Group Policy Settings
Group Policy settings are based on Group Policy administrative templates. These templates
provide a list of user-friendly configuration options and specify the system settings to which
they apply. For example, an option for a user or computer that reads Require A Specific
Desktop Wallpaper Setting would map to a key in the registry that maintains this value.
When the option is set, the appropriate change is made in the registry of the affected users
Windows Server 2012 R2 comes with several administrative template files
that you can use to manage common settings. Additionally, system administrators and
applications developers can create their own administrative template files to set options for
Most Group Policy items have three different settings options:
- Enabled Specifies that a setting for this GPO has been configured. Some settings require values or options to be set.
- Disabled Specifies that this option is disabled for client computers. Note that disabling an option is a setting. That is, it specifies that the system administrator wants to disallow certain functionality.
- Not Configured Specifies that these settings have been neither enabled nor disabled. Not Configured is the default option for most settings. It simply states that this group policy will not specify an option and that other policy settings may take precedence.