The Best Damn Windows Server 2003 Book Period- P62

The Best Damn Windows Server 2003 Book Period- P62:The latest incarnation of Microsoft’s server product,Windows Server 2003, brings manynew features and improvements that make the network administrator’s job easier.Thischapter will briefly summarize what’s new in 2003 and introduce you to the four membersof the Windows Server 2003 family: the Web Edition, the Standard Edition, theEnterprise Edition, and the Datacenter Edition.:The latest incarnation of Microsoft’s server product,Windows Server 2003, brings manynew features and improvements that make the network administrator’s job easier.Thischapter will briefly summarize what’s new in 2003 and introduce you to the four membersof the Windows Server 2003 family: the...
Nội dung trích xuất từ tài liệu:
The Best Damn Windows Server 2003 Book Period- P62576 Chapter 17 • Working with Group Policy in an Active Directory Environment Implementing Group Policy Now that you know how to evaluate the effects of group policy on the directory, it is time to start creating policy objects and applying policy to the environment. In this section, you will learn about the different places where you can create GPOs, and the tools to modify and manage them. The Group Policy Object Editor MMC The Group Policy Object Editor is a snap-in for the MMC. Because group policy can be applied at several locations, opening the Group Policy Object Editor can differ depending on where you want to apply group policy. From within an MMC, you can select the Group Policy Object Editor snap-in from the Add/Remove Snap-in window. When selecting the Group Policy Object Editor from the list of stand-alone snap-ins, the Group Policy Wizard will open, allowing you to select the scope of the group policy to work with. Clicking the Browse button in this wizard will open the Browse for a Group Policy Object window, shown in Figure 17.10.The first three tabs in the window allow you to search for GPOs of a specific type: Domain/OU, Site, and Computer.The fourth tab, selected in Figure 17.10, displays a list of all policy objects in the domain, regardless of location. Local computer policy objects will not show in this listing, because they are stored on the com- puter, not in the domain. Figure 17.10 Viewing all Group Policy Objects in the Domain To edit one of the existing GPOs stored in Active Directory, select the GPO from one of the tabs and click OK.This will take you back to the Group Policy Wizard. When you click Finish in the wizard, the Group Policy Object Editor will open in the MMC, and you can begin editing the GPO. Creating, Configuring, and Managing GPOs Loading the Group Policy Object Editor snap-in in an MMC will allow you to edit existing poli- cies in the network. When the domain is first created, there are three default policies created: Working with Group Policy in an Active Directory Environment • Chapter 17 577 I Default Site Policy I Default Domain Policy I Default Domain Controllers Policy You will probably want to create new policies and associate them with specific areas of thedirectory.Creating and Configuring GPOsThere are two ways to create new GPOs in the directory.You already know how to load the GroupPolicy Object Editor snap-in into the MMC, so let’s look at how to create a new GPO from theGroup Policy Wizard. In Figure 17.10, you saw the Browse for a Group Policy Object window that opens whenyou click the Browse button in the Group Policy Wizard. Next to the Look in drop-down menu,you will find the Create New Group Policy Object button. When you click this button, a newGPO will be created in the scope you have selected in the Look in menu. Creating the GPO inthis scope will automatically link the object to the container that was selected in the scope. Another way to open the GPO Editor and create a new GPO is from within the ActiveDirectory Sites and Services or Active Directory Users and Groups tools. Right-click theobject in the container list where you want the GPO to be created, and select Properties.Then,select the Group Policy tab in the Properties window to see what policies are already linked tothe container or to create a new object for the container. Figure 17.11 shows the Group Policy tabfor the IT Management container. In this example, there is only one object tied to this container.Tocreate and edit a new GPO, click the New button, give the policy a name, and then click Edit toopen the Group Policy Object Editor for the new GPO.Figure 17.11 Viewing the Group Policy Objects for a Container578 Chapter 17 • Working with Group Policy in an Active Directory Environment Naming GPOs All GPOs created in the directory should have unique names. Even though each GPO is associated with a specific container and could have the same name as another object in the tree, there will be much less confusion when troubleshooting if each GPO name is unique. GPO names can contain let- ters, numbers, and special characters, but the name cannot be longer than 255 characters. Any GPO name longer than 255 characters will be automatically truncated to the 255-character maximum. There are no other specific rules as to how to name each GPO. In the same way that you should name each object in the directory to match its function or purpose, you can consider the same approach when naming GPOs. If you have a set of policies that will impact a single container in the directory, such as an OU, you ...