Group Policy. Jeremy Moskowitz

Чтение книги онлайн.

СКАЧАТЬ you’ll see me write a lot about, “and this works for Windows Vista and later,” or in some places, like table listings, you’ll see “Valid for Vista+” – meaning that whatever I’m referencing will work on Vista (if you have it), but it will also work on Windows 7, almost always Windows 8, and onward to Windows 10.

      A Little about Me, This Book, PolicyPak, and Beyond

      Group Policy is a big concept with some big power. This book is intended to help you get a handle on this new power to gain control over your environment and to make your day-to-day administration easier. It’s filled with practical, hands-on examples of Group Policy usage and troubleshooting. It is my hope that you enjoy this book and learn from my experiences so you can successfully deploy Group Policy and manage your desktops to better control your network. I’m honored to have you aboard for the ride, and I hope you get as much out of Group Policy as I do.

      I’ve had and continue to have a long history with Group Policy.

      I’ve been writing about and speaking about Group Policy in my hands-on workshops for over 10 years.

      I’ve been one of about a dozen Group Policy MVPs, as anointed by Microsoft for 12 years.

      And, I’ve also founded a company called PolicyPak Software, which extends Group Policy to do more amazing things than what is possible with what is in the box alone. For instance, here are some of the things you can do with the products from PolicyPak:

      ● Manage just about any third-party application using Group Policy (like Java, Flash, Firefox, Lync [now Skype for Business], OpenOffice, and hundreds more).

      ● Craft exactly when and how Group Policy Admin Template template settings will be applied to users or computers.

      ● Keep Group Policy Preferences items working – even when the computer goes offline.

      ● Learn when a machine is in compliance and out of compliance with what you need it to be.

      ● Deploy almost all Group Policy directives over the Internet and on to machines that might never otherwise be able to get Group Policy.

      So, I’m going to try to walk a fine line here. With your permission, I am going to, from time to time, describe when something from PolicyPak could enhance a situation or solve a problem that cannot be solved out of the box. I’ll show you real examples of how to solve real problems.

      And I’m doing it not to sell you something, but if that happens, that’s okay, too. The point, really, is to demonstrate a problem or situation that might not have any other way out of it. So basically, if I didn’t explain that the “PolicyPak possibility” to fix a particular problem existed, you wouldn’t know about it and you’d still always be stuck in a rut.

      Meanwhile, as you read this book, it’s natural to have questions about Group Policy or managing your desktops. To form a community around Group Policy, I have a popular community forum that can be found at www.GPanswers.com.

      I encourage you to visit the website and post your questions to the community forum or peruse the other resources that will be constantly renewed and available for download. For instance, in addition to the forum at www.GPanswers.com, you’ll find these resources:

      ● Full downloadable PowerShell scripts from the PowerShell chapter

      ● Tips and tricks

      ● A third-party Group Policy Solutions Guide, and lots, lots more!

      If you want to meet me in person, book me for onsite training, or attend my live public Group Policy courses; my website at www.GPanswers.com has a calendar with upcoming events. I’d love to hear how this book met your needs or helped you out.

      Thanks again for being a part of the journey.

      Chapter 1

      Group Policy Essentials

      In this chapter, you’ll get your feet wet with the concept that is Group Policy. You’ll start to understand conceptually what Group Policy is and how it’s created, applied, and modified, and you’ll go through some practical examples to get at the basics.

      The best news is that the essentials of Group Policy are the same in all versions of Windows 2000 on. So as I stated in the introduction, if you’ve got Windows XP, Windows 7, Windows 8, Windows 10 – whatever – you’re golden.

      Learn the basics here, and you’re set up on a great path.

      That’s because Group Policy isn’t a server-driven technology. As you’ll learn in depth a little later, the magic of Group Policy happens (mostly) on the client (target) machine. And when we say “client,” we mean anything that can “receive” Group Policy directives: Windows 8, Windows XP, or even the server operating systems such as Windows Server 2016 or Windows Server 2008 R2; they’re all “clients” too.

      So, if your Active Directory Domain Controllers are a mixture of Windows Server 2008, Windows Server 2012, and/or Windows Server 2016, nothing much changes. And it doesn’t matter if your domain is in Mixed, Native, or another mode – the Group Policy engine works exactly the same in all of them.

      There are occasional odds and ends you get with upgraded domain types. When the domain mode is Windows 2003 or later schema, you’ll get something neat called WMI filters (described in Chapter 4, “Advanced Group Policy Processing”). Also note that in a Windows 2008 Functional mode domain level or later, the replication of the file-based part of a Group Policy Object (GPO) can be enhanced to use distributed file system (DFS) replication instead of system volume (SYSVOL) replication.

      Regardless of what your server architecture is, I encourage you to work through the examples in this chapter.

      So, let’s get started and talk about the essentials.

      Getting Ready to Use This Book

      This book is full of examples. And to help you work through them, I’m going to suggest a sample test lab for you to create. It’s pretty simple really, but in its simplicity we’ll be able to work through dozens of real-world examples to see how things work.

      Here are the computers you need to set up and what I suggest you name them (if you want to work through the examples with me in the book):

      DC01.corp.com This is your Active Directory Domain Controller. It can be any type of Domain Controller (DC). For this book, I’ll assume you’ve loaded Windows Server 2016 and later on this computer and that you’ll create a test domain called Corp.com.

      In real life you would have multiple Domain Controllers in the domain. But here in the test lab, it’ll be okay if you just have one.

      I’ll refer to this machine as DC01 in the book. We’ll also use DC01 as a file server and software distribution server and for a lot of other roles we really shouldn’t. That’s so you can work through lots of examples without bringing up lots of servers. Bringing up a modern DC requires the use of Server Manager. Check out the sidebar “Bringing Up a Windows Server as a Domain Controller” if you need a little guidance.

      Win10.corp.com СКАЧАТЬ