Group Policy. Jeremy Moskowitz
Чтение книги онлайн.
Читать онлайн книгу Group Policy - Jeremy Moskowitz страница 6
Название: Group Policy
Автор: Jeremy Moskowitz
Издательство: John Wiley & Sons Limited
Жанр: Зарубежная образовательная литература
isbn: 9781119035688
isbn:
Win10management.corp.com This machine belongs to you – the IT pro who runs the show. You could manage Active Directory from anywhere on your network, but you’re going to do it from here. This is the machine you’ll use to run the tools you need to manage both Active Directory and Group Policy. I’ll refer to this machine as WIN10MANAGEMENT. As the name implies, you’ll run Windows 10 from this machine. Note that you aren’t “forced” or “required” to use a Windows 10 machine as your management machine – but you’ll be able to “manage it all” if you do.
You can see a suggested test lab setup in Figure 1-1.
Note that from time to time I might refer to some machine that isn’t here in the suggested test lab, just to illustrate a point. However, this is the minimum configuration you’ll need to get the most out the book.
To save space in the book, we’re going to assume you’re using a Windows 10 machine as your management machine. You can also use a Windows 8 or 7 management machine as well and be able to work through pretty much everything in the book, barring a few new things that got born in Windows 8.1 and are still present on a Windows 10 management machine. If you’re forced by some draconian corporate edict to use a Windows Vista or Windows XP (or earlier) machine as a management machine, you’ll have to refer to previous editions of the book to get the skinny about using them.
Figure 1-1: Here’s the configuration you’ll need for the test lab in this book. Note that the Domain Controller can be 2000 or above, but Windows Server 2016 is preferred to allow you to work through all the examples in this book.
For working through this book, you can build your test lab with real machines or with virtual hardware. Personally, I use VMware Workstation (a pay tool) for my testing. However, Microsoft’s Hyper-V is a perfectly decent choice as well. Indeed, Hyper-V is now available built into Windows 8 and later. So, you could bring up a whole test lab to learn Windows 10 – on your Windows 10 box! What a mindblower! Here’s an (older) overview of Windows 8’s Hyper-V if you care to use it: http://tinyurl.com/3r99nr9. Note there are also other alternatives, such as Parallels Desktop and VMware Fusion (both of which run on a Mac) and Oracle VM VirtualBox.
In short, by using virtual machines, if you don’t have a bunch of extra physical servers and desktops around, you can follow along with all the examples anyway.
I suggest you build your test lab from scratch. Get the original media or download each operating system and spin up a new test lab.
Here is where to find trial downloads for Windows 7, Windows 8.1, Windows 10, and Windows Server 2016:
www.microsoft.com/en-us/evalcenter/evaluate-windows-8-1-enterprise
Microsoft usually also makes prebuilt virtual hard disk (VHD) images for use with Virtual PC and now, more recently, Hyper-V. It’s your choice of course, but I prefer to fresh-build my lab instead of using the preconfigured VHD files.
And that’s what I’ll be doing for my examples in this book. If the URLs I’ve specified change, I’m sure a little Googling, er, Bing-ing will Bing it, er, bring it right up.
Because Group Policy can be so all-encompassing, I highly recommend that you try the examples in a test lab environment first before making changes for real in your production environment.
Bringing Up a Windows Server as a Domain Controller
The DCPROMO.EXE you knew and loved is dead as of Windows Server 2012.
Before continuing, ensure that your server is already named DC01. If it isn’t, rename it and reboot before continuing. Additionally, ensure that DC01 has a static IP address and is configured to use itself as the DNS server.
Now, you’ll need to use the Server Manager’s “Add Roles and Features Wizard” to add the roles required to make your server a DC. It’s not hard. Here’s a sketch of the steps.
First, fire up Server Manager, which is the leftmost icon when you’re on the server. Next, click Dashboard and select “Add roles and features,” as seen here.
Then you’ll be at the “Add Roles and Features Wizard,” as seen here.
Click Next to visit the Installation Type screen and select “Role-based or feature-based installation.” Then click Next.
At Server Selection, click “Select a server from the server pool” and select your only machine: DC01.
At Server Roles, select Active Directory Domain Services, as seen here, and say yes when prompted to load the additional items, which must come along for the ride.
At the Features screen, click Next.
At the AD DS screen, click Next.
At the Confirmation screen, select “Restart the destination server automatically if required” and then click Install.
Next, Active Directory components will be installed on DC01 along with the GPMC. When done, you’ll be able to select “Promote this server to a domain controller,” as seen here.
At this point it should be pretty familiar. At the Deployment Configuration page, select “Add a new forest” and type Corp.com as the root domain name. Click Next.
At the Domain Controller Options page, leave the defaults as is. Provide a Directory Services Restore Mode (DSRM) password. I recommend p@ssw0rd. (My suggested password in all my books is p@ssw0rd. That’s a lowercase p, the at sign, an s, an s, a w, a zero, then r, and d.) Click Next to continue.
At the DNS Options page, you might get a warning; click Next.
At the Additional Options page, leave the defaults and click Next.
At the Paths page, leave the defaults as is and click Next.
At the Review Options page, click Next.
At the Prerequisites Check page, make sure there are no showstoppers. Finally, click Install on that same page.
The computer should restart automatically and reboot.
Congrats! You have your first Domain Controller!
Getting Started with Group Policy
Group Policy is a big, big place. And you need a road map. Let’s try to get a firm understanding of what we’re about to be looking at for the next СКАЧАТЬ