Microsoft Windows 2000 Server

Download Report

Transcript Microsoft Windows 2000 Server 

• Group Policies (the day after)
• Group Policy Preferences
• Powershell
• How can we keep track of what we have done
or changed?
• We can name the policy appropriately based
on function or grouping of settings
– Interactive_Logon_Policy
– Internet_Explorer_Policy
• The GPMC allows us to make comments
regarding a particular policy.
• What should we comment on?
– Who’s in charge of the GPO
– Who to call if there is a problem?
– Who is supposed to be affected by this GPO?
– Detailed information about what this GPO should
do
– Who will get fired if this doesn’t work 
• Comments…
• GPMCSelect PolicyEditRight click on
Policy name (see below)Properties
• Comments…
• Controlling how GPO’s run
– Disable local GPOs from applying
• CCPoliciesAdmin TemplatesSystemGroup
Policy
• Controlling how GPO’s run
– Disable Link Enabled Status
– Disable “half” of a Group Policy
• Will speed up processing (not very noticeable)
• Controlling how GPO’s run
– The Enforced Function
• Guarantees that policy settings within a GPO from a
higher level are always inherited by lower levels
• Right click on Policy and choose Enforce
• Group Policy Preferences (GPP) are essentially
an extension DLL (dynamic link library) that
does a bunch of stuff.
• Can be “undone” by the user
Computer Configuration
PreferencesWindows Settings
• Environment:
– Set user and system environment variables
– Change the Windows system path variable
• Files
– Copy files from point A to point B
• Server share to %Documents% on the local system
• Folders
– Create, delete or empty folders
• Network Shares
– Create shares on workstations or servers
• Shorcuts
– Place program or URL on desktops, startup folder,
Programs folders, etc etc.
Computer/User
ConfigurationPreferencesControl Panel
Common Control Panel Settings
• Local users and groups
– Create/change local users
– Modify local user passwords
– Change local user group membership
• Power Options
– Create power options for XP
– Create power plans for Vista and later
• Printers
– ComputerLocal/IP
– UserLocal/IP/Shared
• Microsoft ® shell environment
• Gives administrators more power and
command in the shell environment
– Hence…PowerShell?
• Active Directory Module for Windows®
Powershell allows for Active Directory specific
command-line and scripted operations
• Only available in Windows ® Server R2 and
Windows ® 7
• First, we need to understand naming formats
– Distinguished namecn=John Doe, OU=Sale_OU,
DC=MS1, DC=local
– RDNRelative Distinguished Name
• CNCommon Name
• DCDomain Component
• OUOrganizational Unit
– Fully Qualified Domain Name (FQDN)
• SVBlue1.ms1.local
• Growing resources daily
– http://technet.microsoft.com/enus/scriptcenter/powershell.aspx
– http://gallery.technet.microsoft.com/ScriptCenter/en-us/
– http://technet.microsoft.com/enus/library/dd378937(WS.10).aspx
• Creating an Active Directory user account:
– New-aduser
• How do I use it? Get HELP! No seriously gethelp
– Get-help new-aduser
– Get-help new-aduser –examples
– Get-help new-aduser –detailed
• new-aduser jdoe
• New-aduser “John Doe” –samaccountname
“jdoe” –Givenname “John” –Surname ……..
• Setting Passwords
– Set-ADAccountPassword –Identity jdoe -Reset NewPassword (ConvertTo-SecureString AsPlainText "p@ssw0rd" –Force)
• Change attributes for multiple users
– Get-ADUser -Filter 'Name -like "*"' -SearchBase
"OU=Sale_OU,DC=MS1, DC=Local" | Set-ADUser Description "Member of the Sales Department"
• Display user attributes
– Get-aduser jdoe
– Get-aduser jdoe –properties * | more
• Add groups and members
– Add-adgroupmember “Sale_Group”
– Add-adgroupmember “Sale_Group” –member
jdoe
• A great deal more online
• You can add comments to help document
GPOs
• Enforced Function overrules blocking of
inheritance
• You can disable “half” of a GPO
• GPP’s can be undone by the users
• Active Directory Module for Windows®
Powershell allows for command-line and
scripted operations