SlideShare uma empresa Scribd logo

Windows Server 2008 R2 Group Policy Changes

Eduardo Castro
Eduardo Castro

En esta presentacion vemos los cambios que posee Windows 2008 R2 en cuanto a politicas de grupo. Presentacion utilizada en el evento realizado el 15 de diciembre.

Tecnologia
1 de 40
Ing. Eduardo Castro, PhD Comunidad Windows Grupo Asesor en Informática ecastro@grupoasesor.net
ecastro@grupoasesor.net Topics Quick review of new GP features in Windows Server 2008 & Windows Vista SP1. In depth understand what Group Policy changes have been made to Windows 7 Takeaway GP in Windows 7 / Windows Server 2008 R2 is incremental, not major change
How Group Policy works now... Windows Group Policy Service Process Group Policy Templates Vista/Windows Server 2008 GP now runs in a Part of Winlogon ADM Templates ADM templates ADM shared service ADM ADM Templates now in difficult to manage ADM ADM Hardened Service, more ADMX reliable Local GPOs (ADMX, ADMX files ADM ADML) Multiple flexibility with a single local Limited Local Settings Group Policy Settings GPOs GPOLGPO’s Over 800 policy settings in ~1,800 new policy changes LGPO Local Computer Local Computer Policy with Windows Vista LGPO Policy XP Admin Admin/Non-Admin Group Policy Extended GP for new Windows Vista features coverage Incomplete User User Specified Group Policy Network Location missing key means Awareness scenarios of Limited awareness (NLA) Templates and Group Policy Central NLA service provides the latest changing network Replication Store network information ADMX conditions query or register with Applications can Centralized repository ADML Journal Wrap NLA for network change indications for ADMX anyone? Bloated SysVol DC Created in the Sysvol Troubleshootin Group Policy Logging SYSVOL? l Policie DC SysVo + gAdministrative log on DC s + GUID Applications and Services log in each domain ADM + Userenv log + Policy XML based event logs New Replicator with Definitions ADMX, ADML Files GP Result New Tools - GPOLogView FRS/DFS-R DFS-R
ecastro@grupoasesor.net What is new? GP PowerShell features Adding to GP scripts extensions PowerShell cmdlets to perform GP operations Starter GPOs in-box in Windows 7 Best practices that map to the security guide ADMX enhancements GP Preferences enhancements GP Preferences, new in Windows Server 2008 New items added to support new OS functionality
ecastro@grupoasesor.net PowerShell Scripting inside GP Extend current reach of GP Script Extension to include PowerShell for logon/logoff, startup/shutdown scripts Powershell Cmdlets for GPMC operations Full lifecycle: create, link, rename, backup, copy, remove Enables interesting new scenarios for customers Powershell Cmdlets that write and read registry settings to GPO(s) Values can be written to either Policy or Preferences Settings can accept more value types
ecastro@grupoasesor.net Import-module GroupPolicy get-help *-gp* New Get Set •New-GPLink •Get-GPInheritance •Set-GPInheritance •New-GPO •Get-GPO •Set-GPLink •New-GPStarterGPO •Get-GPOReport •Set-GPPermissions •Get-GPPermissions •Set-GPPrefRegistryValue •Get-GPPrefRegistryValue •Set-GPRegistryValue •Get-GPRegistryValue •Get-GPResultantSetofPolicy •Get-GPStarterGPO Remove Misc • Remove-GPLink • Backup-GPO • Remove-GPO • Copy-GPO • Remove- • Import-GPO GPPrefRegistryValue • Rename-GPO • Remove- • Restore-GPO GPRegistryValue
Backup all GPOs in current • Backup-GPO –all –path domain to directory ‘C:BackupFiles’ Get RSOP for local • Get-GPResultantSetofPolicy - computer and logged on ReportType -html -Path user in html form D:ConfigDocumentsReports • $reg_keypath = ‚HKCUSoftwarePoliciesMicrosoftWindowsControl PanelDesktop‛ Compare values across • $A =get-GPRegistryValue –Name GPO1 –key $reg_keypath – ValueName ScreenSaveTimeOut GPO’s • $B =get-GPRegistryValue –Name GPO2 –key $reg_keypath – ValueName ScreenSaveTimeOut • $A[0].equals($B[0]) Grant permission to •Get-ADGroupMember DlgtdAdmins | where {$_.objectclass -eq "user"} | %{Set-GPPermissions - ‘Apply’ to a GPO for all Name 'Test GPO' -PermissionLevel Apply -TargetName users belonging to a group $_.SamAccountName -TargetType User}
ecastro@grupoasesor.net Easy experience out-of-the-box Embody best practices that map to Microsoft security guide 8 System Starter GPOs: User and Computer case Available for Vista and XP SP2 Enterprise Client (EC) and Specialized Security Limited Functionality (SSLF) System vs Custom Static / Editable ADMX / Security Settings
ecastro@grupoasesor.net New UI: More intuitive, integrated help content, no more tabs Support for: REG_MultiSZ REG_QWORD
ecastro@grupoasesor.net Preference Settings Not true “Policy” More control of desktop – more settings! Not limited to policy-aware applications Ease of administration through rich UI Better targeting New in Windows 7 Support for new Power Plan settings Support for new Schedule task triggers, actions, etc.
ecastro@grupoasesor.net
ecastro@grupoasesor.net Group Policies Group Policy Preferences (Native / Managed) • Users can change • Setting are enforced, settings user cannot change • Multiple items per settings GPO • Settings revert back to • Can write registry original setting settings to more than • Highest precedence HKCU, HKLM hives • Work only on specific • Granular Targeting of registry location individual items
ecastro@grupoasesor.net Drive Mappings Regional Settings Printer Mappings Shortcuts Start Menu Internet Explorer Settings
ecastro@grupoasesor.net Local Users and Groups Services Network Shares Environment Variables
ecastro@grupoasesor.net Familiar Experience Clearer to understand and find Easy to manage Better control of individual settings – Red/Green Powerful browsers Avoids typing errors Configure settings quicker
ecastro@grupoasesor.net 29 different targeting options Boolean AND, OR, IS, IS NOT Wildcard support “WSBNE*” Target on the item, not just the GPO
Robust targeting 29 types Item level targeting, Boolean logic (And, Or, Not) not GPO level Collections Intuitive UI No need to learn query languages
ecastro@grupoasesor.net Apply once and do not reapply Remove when no longer applicable Create – Replace - Update - Delete More than just Enable vs Disable
ecastro@grupoasesor.net Active Directory: Windows 2000 Console - Group Policy Manager Console - Snap-in Part of the Remote Server Admin Tool (link and end) One Windows 7 client or Windows Server 2008 R2 Terminal Server Client - Client Side Extensions (CSE’s)
ecastro@grupoasesor.net Client Side Extensions Windows Update/WSUS SMS / SCCM Download and Install Logon Script (ironically) SOE Image Client Side Extensions not installed? Nothing happen
ecastro@grupoasesor.net 3000 Total ADMX settings 300 new ADMX settings IE more than 90 new Bitlocker Taskbar Power Terminal Services rebranded “Remote Desktop Services” Settings Spreadsheet
ecastro@grupoasesor.net 12 settings added under Security Options Restrict NTLM (multiple) Kerberos encryption types Local System null session fallback Only supported on Windows 7 & Windows Server 2008 R2 Settings Spreadsheet
ecastro@grupoasesor.net Wireless Network (IEEE 802.11) Policies Public Key Policies Certificate Services Client - Certificate Enrollment Policy BitLocker Drive Encryption Network Access Protection Enforcement Clients: Removed RAQ EC and TS Gateway Enforcement Clients: Added RD Gateway QEC Application Control Policies – AppLocker More info Advanced Audit Policy Configuration More info Name Resolution Policy
ecastro@grupoasesor.net The GP team recommends this strongly FRS Issues File Based Replication Does not self heal Does not tell you when its broken DFS-R for SYSVOL requires: Windows 2008 Domain Functional All Windows Server 2008 DC’s minimum http://blogs.technet.com/notesfromthefield/archive/2008/04/27/upgrading-your-sysvol-to-dfs-r- replication.aspx
ecastro@grupoasesor.net Have heard up to 11,000 GPOs Not best practice GPMC has perf issues loading Management difficulties Troubleshooting difficulties Migration difficulties Recommendation: Consolidate AGPM is tested up to 2000 GPOs
ecastro@grupoasesor.net What about any server dependencies? Are there any schema changes required? What about the Vista Central Store? Will ADMX create an impact on my policies?
ecastro@grupoasesor.net Does policy itself replicate any differently? Is it actually stored any differently? Do you still use the same tools to diagnose replication issues like Ultrasound (FRS)? With the move from Winlogon to a service does this mean users can deny policy applying? Any impact for co-existence between Windows Server 2003 GP and Windows Server 2008 and onwards?
ecastro@grupoasesor.net Will I have to recreate all the policies again for Windows 7? Can I drop ADM files into the Central Store? Do we have plans to provide an updated GPMC/GPOE to support Windows XP administrative PC’s with ADMX and the Central Store? Is it a good idea to separate Vista GPO from the Windows XP GPO's through new OUs or filtering with WMI? Is there any way to restrict editing GPOs from certain OS versions ? i.e.: restrict editing from anything below W2K3 ?
ecastro@grupoasesor.net Guidance Firewall Policy Will apply the most permissive rule Best Practice: Separate Policy for Windows Vista/7 machines IPSEC Policy Old UI for pre-Vista New UI for Vista Best Practice: Separate Policy for Windows Vista machines Three methods for policy separation Grouping (Read/Apply control) Separate OU with GPO link WMI Filter Select * FROM <WMI_CLASS> WHERE <WMI Property>=<value> Select * FROM Win32_OperatingSystem WHERE Caption="Microsoft Windows XP Professional" AND CSDVersion="Service Pack 2"
ecastro@grupoasesor.net Guidance Auditing Policy Totally different in XP to Vista and Windows 7/2008 R2 Fine Grained (Vista/W7) as opposed to clumsy and awful (XP) Separate it
www.microsoft.com/teched www.microsoft.com/learning Sessions On-Demand & Microsoft Certification & Training Community Resources http://microsoft.com/technet http://microsoft.com/msdn Resources for IT Professionals Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources
ecastro@grupoasesor.net Link to Group Policy TechNet page http://www.microsoft.com/technet/grouppolicy Group Policy Team Blog http://blogs.technet.com/grouppolicy Deploying Group Policy Using Windows Vista http://go.microsoft.com/fwlink/?LinkId=77080 Group Policy Settings Reference Windows Vista http://go.microsoft.com/fwlink/?LinkId=54020 Step-by-Step Guide to Managing Multiple Local Group Policy Objects http://go.microsoft.com/fwlink/?LinkId=73434 How to troubleshoot Group Policy using Event logs http://go.microsoft.com/fwlink/?LinkId=74139
ecastro@grupoasesor.net http://bit.ly/gprocks ADM Template Editor http://www.sysprosoft.com/adm_summary.shtml Enhanments http://www.policypak.com/ ILT Editor http://www.gruppenrichtlinien.de/index.html?/Tools/ilteditor.htm
WCL308: MDOP: Managing GPOs with Advanced Group Policy Management (AGPM) 3.0 WCL18-HOL Managing Windows Internet Explorer 8 Security Settings in the Enterprise WCL11-HOL Microsoft Desktop Optimization Pack: Advanced Group Policy Management WCL20-HOL Deploy and Manage Windows Internet Explorer 8
Make sure you pick up your copy of Windows Server 2008 R2 RC from the Materials Distribution Counter Learn More about Windows Server 2008 R2: www.microsoft.com/WindowsServer2008R2 Technical Learning Center (Orange Section): Highlighting Windows Server 2008 and R2 technologies • Over 15 booths and experts from Microsoft and our partners
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recomendados

Windows server 2012 and group policy
Windows server 2012 and group policyWindows server 2012 and group policy
Windows server 2012 and group policy
Ravi Kumar Lanke
 
70 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 04100970 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 041009
Coffeyville Community College
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy Concepts
Rob Dunn
 
Group Policy Windows Server 2008
Group Policy Windows Server 2008Group Policy Windows Server 2008
Group Policy Windows Server 2008
Unitek Eduation
 
Group Policy Preferences, Templates, And Scripting
Group Policy Preferences, Templates, And ScriptingGroup Policy Preferences, Templates, And Scripting
Group Policy Preferences, Templates, And Scripting
Microsoft TechNet
 
Mcts chapter 7
Mcts chapter 7Mcts chapter 7
Mcts chapter 7
Sadegh Nakhjavani
 
Group policy preferences
Group policy preferencesGroup policy preferences
Group policy preferences
Rob Dunn
 
Group policy Best Practices
Group policy Best PracticesGroup policy Best Practices
Group policy Best Practices
Rob Dunn
 

Recomendados

Windows server 2012 and group policy
Windows server 2012 and group policyWindows server 2012 and group policy
Windows server 2012 and group policy
Ravi Kumar Lanke
 
70 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 04100970 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 041009
Coffeyville Community College
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy Concepts
Rob Dunn
 
Group Policy Windows Server 2008
Group Policy Windows Server 2008Group Policy Windows Server 2008
Group Policy Windows Server 2008
Unitek Eduation
 
Group Policy Preferences, Templates, And Scripting
Group Policy Preferences, Templates, And ScriptingGroup Policy Preferences, Templates, And Scripting
Group Policy Preferences, Templates, And Scripting
Microsoft TechNet
 
Mcts chapter 7
Mcts chapter 7Mcts chapter 7
Mcts chapter 7
Sadegh Nakhjavani
 
Group policy preferences
Group policy preferencesGroup policy preferences
Group policy preferences
Rob Dunn
 
Group policy Best Practices
Group policy Best PracticesGroup policy Best Practices
Group policy Best Practices
Rob Dunn
 
Chapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group PolicyChapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group Policy
Raja Waseem Akhtar
 
Group Policy Management Makes Your Life Easier
Group Policy Management Makes Your Life EasierGroup Policy Management Makes Your Life Easier
Group Policy Management Makes Your Life Easier
Spiceworks Ziff Davis
 
Securing Windows with Group Policy
Securing Windows with Group PolicySecuring Windows with Group Policy
Securing Windows with Group Policy
Josh Rickard
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Md. Abdul Barek
 
Group policy management window server 2008r2
Group policy management window server 2008r2Group policy management window server 2008r2
Group policy management window server 2008r2
IGZ Software house
 
Group Policy
Group PolicyGroup Policy
Group Policy
Chris Watson
 
Ad group policy1
Ad group policy1Ad group policy1
Ad group policy1
denogx
 
Window 2003 server group policy AD
Window 2003 server group policy ADWindow 2003 server group policy AD
Window 2003 server group policy AD
sentmery5
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10
Global Knowledge Training
 
Advanced Cluster Settings
Advanced Cluster Settings Advanced Cluster Settings
Advanced Cluster Settings
Rundeck
 
usbblocking in desktop laptop
usbblocking in desktop laptopusbblocking in desktop laptop
usbblocking in desktop laptop
sakthivel25
 
group policies in windows 2008 server
group policies in windows 2008 servergroup policies in windows 2008 server
group policies in windows 2008 server
kgotthold
 
What is active directory
What is active directoryWhat is active directory
What is active directory
Adeel Khurram
 
Active Directory
Active Directory Active Directory
Active Directory
Sandeep Kapadane
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
Nishad Sukumaran
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
thebigredhemi
 
Active directory basics
Active directory basicsActive directory basics
Active directory basics
Sanjeev Gupta
 
Shadow copy
Shadow copyShadow copy
Shadow copy
Sanjeev Gupta
 
iSCSI introduction and usage
iSCSI introduction and usageiSCSI introduction and usage
iSCSI introduction and usage
Lingshan Zhu
 
Windows Server 2003 Active Directory Component Poster
Windows Server 2003 Active Directory Component PosterWindows Server 2003 Active Directory Component Poster
Windows Server 2003 Active Directory Component Poster
Tũi Wichets
 
Windows server 2003
Windows server 2003Windows server 2003
Windows server 2003
Miguel Diliegros
 
Introduccion A Windows Server 2003
Introduccion A Windows Server 2003Introduccion A Windows Server 2003
Introduccion A Windows Server 2003
guestde4364
 

Mais conteúdo relacionado

Mais procurados

Chapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group PolicyChapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group Policy
Raja Waseem Akhtar
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Md. Abdul Barek
 
Ad group policy1
Ad group policy1Ad group policy1
Ad group policy1
denogx
 
Window 2003 server group policy AD
Window 2003 server group policy ADWindow 2003 server group policy AD
Window 2003 server group policy AD
sentmery5
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10
Global Knowledge Training
 
usbblocking in desktop laptop
usbblocking in desktop laptopusbblocking in desktop laptop
usbblocking in desktop laptop
sakthivel25
 

Mais procurados (11)

Chapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group PolicyChapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group Policy
 
Group Policy Management Makes Your Life Easier
Group Policy Management Makes Your Life EasierGroup Policy Management Makes Your Life Easier
Group Policy Management Makes Your Life Easier
 
Securing Windows with Group Policy
Securing Windows with Group PolicySecuring Windows with Group Policy
Securing Windows with Group Policy
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
 
Group policy management window server 2008r2
Group policy management window server 2008r2Group policy management window server 2008r2
Group policy management window server 2008r2
 
Group Policy
Group PolicyGroup Policy
Group Policy
 
Ad group policy1
Ad group policy1Ad group policy1
Ad group policy1
 
Window 2003 server group policy AD
Window 2003 server group policy ADWindow 2003 server group policy AD
Window 2003 server group policy AD
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10
 
Advanced Cluster Settings
Advanced Cluster Settings Advanced Cluster Settings
Advanced Cluster Settings
 
usbblocking in desktop laptop
usbblocking in desktop laptopusbblocking in desktop laptop
usbblocking in desktop laptop
 

Destaque

Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
thebigredhemi
 
Active directory basics
Active directory basicsActive directory basics
Active directory basics
Sanjeev Gupta
 
Windows Server 2003 Active Directory Component Poster
Windows Server 2003 Active Directory Component PosterWindows Server 2003 Active Directory Component Poster
Windows Server 2003 Active Directory Component Poster
Tũi Wichets
 
Introduccion A Windows Server 2003
Introduccion A Windows Server 2003Introduccion A Windows Server 2003
Introduccion A Windows Server 2003
guestde4364
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 Overview
Steven Wilder
 
Windows Server 2008 R2
Windows Server 2008 R2Windows Server 2008 R2
Windows Server 2008 R2
Rishu Mehra
 
Chapter01 Introduction To Windows Server 2003
Chapter01 Introduction To Windows Server 2003Chapter01 Introduction To Windows Server 2003
Chapter01 Introduction To Windows Server 2003
Raja Waseem Akhtar
 

Destaque (14)

group policies in windows 2008 server
group policies in windows 2008 servergroup policies in windows 2008 server
group policies in windows 2008 server
 
What is active directory
What is active directoryWhat is active directory
What is active directory
 
Active Directory
Active Directory Active Directory
Active Directory
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
 
Active directory basics
Active directory basicsActive directory basics
Active directory basics
 
Shadow copy
Shadow copyShadow copy
Shadow copy
 
iSCSI introduction and usage
iSCSI introduction and usageiSCSI introduction and usage
iSCSI introduction and usage
 
Windows Server 2003 Active Directory Component Poster
Windows Server 2003 Active Directory Component PosterWindows Server 2003 Active Directory Component Poster
Windows Server 2003 Active Directory Component Poster
 
Windows server 2003
Windows server 2003Windows server 2003
Windows server 2003
 
Introduccion A Windows Server 2003
Introduccion A Windows Server 2003Introduccion A Windows Server 2003
Introduccion A Windows Server 2003
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 Overview
 
Windows Server 2008 R2
Windows Server 2008 R2Windows Server 2008 R2
Windows Server 2008 R2
 
Chapter01 Introduction To Windows Server 2003
Chapter01 Introduction To Windows Server 2003Chapter01 Introduction To Windows Server 2003
Chapter01 Introduction To Windows Server 2003
 

Semelhante a Windows Server 2008 R2 Group Policy Changes

Win Connections Group Policy Changes ( Harold W)
Win Connections Group Policy Changes ( Harold W)Win Connections Group Policy Changes ( Harold W)
Win Connections Group Policy Changes ( Harold W)
Harold Wong
 
Whats new in Citrix XenApp 6
Whats new in Citrix XenApp 6Whats new in Citrix XenApp 6
Whats new in Citrix XenApp 6
gadi_fe
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage
Petros Koutroumpis
 
CEC XenApp 6 Policies Stephane Thirion Activlan
CEC XenApp 6 Policies Stephane Thirion ActivlanCEC XenApp 6 Policies Stephane Thirion Activlan
CEC XenApp 6 Policies Stephane Thirion Activlan
sthirion
 
Informatica big data relational topics and presentation
Informatica big data relational topics and presentationInformatica big data relational topics and presentation
Informatica big data relational topics and presentation
Janardhan Reddy
 
Microsoft Offical Course 20410C_11
Microsoft Offical Course 20410C_11Microsoft Offical Course 20410C_11
Microsoft Offical Course 20410C_11
gameaxt
 

Semelhante a Windows Server 2008 R2 Group Policy Changes (20)

Win Connections Group Policy Changes (Harold W)
Win Connections Group Policy Changes (Harold W)Win Connections Group Policy Changes (Harold W)
Win Connections Group Policy Changes (Harold W)
 
Win Connections Group Policy Changes ( Harold W)
Win Connections Group Policy Changes ( Harold W)Win Connections Group Policy Changes ( Harold W)
Win Connections Group Policy Changes ( Harold W)
 
Whats new in Citrix XenApp 6
Whats new in Citrix XenApp 6Whats new in Citrix XenApp 6
Whats new in Citrix XenApp 6
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage
 
Citrix group policy troubleshooting for xen app and xendesktop
Citrix group policy troubleshooting for xen app and xendesktopCitrix group policy troubleshooting for xen app and xendesktop
Citrix group policy troubleshooting for xen app and xendesktop
 
Nagios Conference 2012 - Mike Guthrie - Nagios XI 2012
Nagios Conference 2012 - Mike Guthrie - Nagios XI 2012Nagios Conference 2012 - Mike Guthrie - Nagios XI 2012
Nagios Conference 2012 - Mike Guthrie - Nagios XI 2012
 
Citrix TechEdge 2014 - Citrix Group Policy Troubleshooting for XenApp and Xen...
Citrix TechEdge 2014 - Citrix Group Policy Troubleshooting for XenApp and Xen...Citrix TechEdge 2014 - Citrix Group Policy Troubleshooting for XenApp and Xen...
Citrix TechEdge 2014 - Citrix Group Policy Troubleshooting for XenApp and Xen...
 
CEC XenApp 6 Policies Stephane Thirion Activlan
CEC XenApp 6 Policies Stephane Thirion ActivlanCEC XenApp 6 Policies Stephane Thirion Activlan
CEC XenApp 6 Policies Stephane Thirion Activlan
 
Citrix Group Policy Troubleshooting for XenApp and XenDesktop
Citrix Group Policy Troubleshooting for XenApp and XenDesktopCitrix Group Policy Troubleshooting for XenApp and XenDesktop
Citrix Group Policy Troubleshooting for XenApp and XenDesktop
 
Windows Server 2008 (Active Directory Yenilikleri)
Windows Server 2008 (Active Directory Yenilikleri)Windows Server 2008 (Active Directory Yenilikleri)
Windows Server 2008 (Active Directory Yenilikleri)
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
 
Networking Concepts and Tools for the Cloud
Networking Concepts and Tools for the CloudNetworking Concepts and Tools for the Cloud
Networking Concepts and Tools for the Cloud
 
Db2 analytics accelerator on ibm integrated analytics system technical over...
Db2 analytics accelerator on ibm integrated analytics system technical over...Db2 analytics accelerator on ibm integrated analytics system technical over...
Db2 analytics accelerator on ibm integrated analytics system technical over...
 
Informatica big data relational topics and presentation
Informatica big data relational topics and presentationInformatica big data relational topics and presentation
Informatica big data relational topics and presentation
 
Gitops Hands On
Gitops Hands OnGitops Hands On
Gitops Hands On
 
Puppet and the Model-Driven Infrastructure
Puppet and the Model-Driven InfrastructurePuppet and the Model-Driven Infrastructure
Puppet and the Model-Driven Infrastructure
 
State Zero: Middle Tennessee Electric Membership Corporation
State Zero: Middle Tennessee Electric Membership CorporationState Zero: Middle Tennessee Electric Membership Corporation
State Zero: Middle Tennessee Electric Membership Corporation
 
MTEMC’s State 0 Changes with 1700+ Versions Intact
MTEMC’s State 0 Changes with 1700+ Versions IntactMTEMC’s State 0 Changes with 1700+ Versions Intact
MTEMC’s State 0 Changes with 1700+ Versions Intact
 
Microsoft Offical Course 20410C_11
Microsoft Offical Course 20410C_11Microsoft Offical Course 20410C_11
Microsoft Offical Course 20410C_11
 

Mais de Eduardo Castro

Mais de Eduardo Castro (20)

Introducción a polybase en SQL Server
Introducción a polybase en SQL ServerIntroducción a polybase en SQL Server
Introducción a polybase en SQL Server
 
Creando tu primer ambiente de AI en Azure ML y SQL Server
Creando tu primer ambiente de AI en Azure ML y SQL ServerCreando tu primer ambiente de AI en Azure ML y SQL Server
Creando tu primer ambiente de AI en Azure ML y SQL Server
 
Seguridad en SQL Azure
Seguridad en SQL AzureSeguridad en SQL Azure
Seguridad en SQL Azure
 
Azure Synapse Analytics MLflow
Azure Synapse Analytics MLflowAzure Synapse Analytics MLflow
Azure Synapse Analytics MLflow
 
SQL Server 2019 con Windows Server 2022
SQL Server 2019 con Windows Server 2022SQL Server 2019 con Windows Server 2022
SQL Server 2019 con Windows Server 2022
 
Novedades en SQL Server 2022
Novedades en SQL Server 2022Novedades en SQL Server 2022
Novedades en SQL Server 2022
 
Introduccion a SQL Server 2022
Introduccion a SQL Server 2022Introduccion a SQL Server 2022
Introduccion a SQL Server 2022
 
Machine Learning con Azure Managed Instance
Machine Learning con Azure Managed InstanceMachine Learning con Azure Managed Instance
Machine Learning con Azure Managed Instance
 
Novedades en sql server 2022
Novedades en sql server 2022Novedades en sql server 2022
Novedades en sql server 2022
 
Sql server 2019 con windows server 2022
Sql server 2019 con windows server 2022Sql server 2019 con windows server 2022
Sql server 2019 con windows server 2022
 
Introduccion a databricks
Introduccion a databricksIntroduccion a databricks
Introduccion a databricks
 
Pronosticos con sql server
Pronosticos con sql serverPronosticos con sql server
Pronosticos con sql server
 
Data warehouse con azure synapse analytics
Data warehouse con azure synapse analyticsData warehouse con azure synapse analytics
Data warehouse con azure synapse analytics
 
Que hay de nuevo en el Azure Data Lake Storage Gen2
Que hay de nuevo en el Azure Data Lake Storage Gen2Que hay de nuevo en el Azure Data Lake Storage Gen2
Que hay de nuevo en el Azure Data Lake Storage Gen2
 
Introduccion a Azure Synapse Analytics
Introduccion a Azure Synapse AnalyticsIntroduccion a Azure Synapse Analytics
Introduccion a Azure Synapse Analytics
 
Seguridad de SQL Database en Azure
Seguridad de SQL Database en AzureSeguridad de SQL Database en Azure
Seguridad de SQL Database en Azure
 
Python dentro de SQL Server
Python dentro de SQL ServerPython dentro de SQL Server
Python dentro de SQL Server
 
Servicios Cognitivos de de Microsoft
Servicios Cognitivos de de Microsoft Servicios Cognitivos de de Microsoft
Servicios Cognitivos de de Microsoft
 
Script de paso a paso de configuración de Secure Enclaves
Script de paso a paso de configuración de Secure EnclavesScript de paso a paso de configuración de Secure Enclaves
Script de paso a paso de configuración de Secure Enclaves
 
Introducción a conceptos de SQL Server Secure Enclaves
Introducción a conceptos de SQL Server Secure EnclavesIntroducción a conceptos de SQL Server Secure Enclaves
Introducción a conceptos de SQL Server Secure Enclaves
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Windows Server 2008 R2 Group Policy Changes

  • 1. Ing. Eduardo Castro, PhD Comunidad Windows Grupo Asesor en Informática ecastro@grupoasesor.net
  • 2.
  • 3. ecastro@grupoasesor.net Topics Quick review of new GP features in Windows Server 2008 & Windows Vista SP1. In depth understand what Group Policy changes have been made to Windows 7 Takeaway GP in Windows 7 / Windows Server 2008 R2 is incremental, not major change
  • 4. How Group Policy works now... Windows Group Policy Service Process Group Policy Templates Vista/Windows Server 2008 GP now runs in a Part of Winlogon ADM Templates ADM templates ADM shared service ADM ADM Templates now in difficult to manage ADM ADM Hardened Service, more ADMX reliable Local GPOs (ADMX, ADMX files ADM ADML) Multiple flexibility with a single local Limited Local Settings Group Policy Settings GPOs GPOLGPO’s Over 800 policy settings in ~1,800 new policy changes LGPO Local Computer Local Computer Policy with Windows Vista LGPO Policy XP Admin Admin/Non-Admin Group Policy Extended GP for new Windows Vista features coverage Incomplete User User Specified Group Policy Network Location missing key means Awareness scenarios of Limited awareness (NLA) Templates and Group Policy Central NLA service provides the latest changing network Replication Store network information ADMX conditions query or register with Applications can Centralized repository ADML Journal Wrap NLA for network change indications for ADMX anyone? Bloated SysVol DC Created in the Sysvol Troubleshootin Group Policy Logging SYSVOL? l Policie DC SysVo + gAdministrative log on DC s + GUID Applications and Services log in each domain ADM + Userenv log + Policy XML based event logs New Replicator with Definitions ADMX, ADML Files GP Result New Tools - GPOLogView FRS/DFS-R DFS-R
  • 5. ecastro@grupoasesor.net What is new? GP PowerShell features Adding to GP scripts extensions PowerShell cmdlets to perform GP operations Starter GPOs in-box in Windows 7 Best practices that map to the security guide ADMX enhancements GP Preferences enhancements GP Preferences, new in Windows Server 2008 New items added to support new OS functionality
  • 6. ecastro@grupoasesor.net PowerShell Scripting inside GP Extend current reach of GP Script Extension to include PowerShell for logon/logoff, startup/shutdown scripts Powershell Cmdlets for GPMC operations Full lifecycle: create, link, rename, backup, copy, remove Enables interesting new scenarios for customers Powershell Cmdlets that write and read registry settings to GPO(s) Values can be written to either Policy or Preferences Settings can accept more value types
  • 7. ecastro@grupoasesor.net Import-module GroupPolicy get-help *-gp* New Get Set •New-GPLink •Get-GPInheritance •Set-GPInheritance •New-GPO •Get-GPO •Set-GPLink •New-GPStarterGPO •Get-GPOReport •Set-GPPermissions •Get-GPPermissions •Set-GPPrefRegistryValue •Get-GPPrefRegistryValue •Set-GPRegistryValue •Get-GPRegistryValue •Get-GPResultantSetofPolicy •Get-GPStarterGPO Remove Misc • Remove-GPLink • Backup-GPO • Remove-GPO • Copy-GPO • Remove- • Import-GPO GPPrefRegistryValue • Rename-GPO • Remove- • Restore-GPO GPRegistryValue
  • 8. Backup all GPOs in current • Backup-GPO –all –path domain to directory ‘C:BackupFiles’ Get RSOP for local • Get-GPResultantSetofPolicy - computer and logged on ReportType -html -Path user in html form D:ConfigDocumentsReports • $reg_keypath = ‚HKCUSoftwarePoliciesMicrosoftWindowsControl PanelDesktop‛ Compare values across • $A =get-GPRegistryValue –Name GPO1 –key $reg_keypath – ValueName ScreenSaveTimeOut GPO’s • $B =get-GPRegistryValue –Name GPO2 –key $reg_keypath – ValueName ScreenSaveTimeOut • $A[0].equals($B[0]) Grant permission to •Get-ADGroupMember DlgtdAdmins | where {$_.objectclass -eq "user"} | %{Set-GPPermissions - ‘Apply’ to a GPO for all Name 'Test GPO' -PermissionLevel Apply -TargetName users belonging to a group $_.SamAccountName -TargetType User}
  • 9.
  • 10. ecastro@grupoasesor.net Easy experience out-of-the-box Embody best practices that map to Microsoft security guide 8 System Starter GPOs: User and Computer case Available for Vista and XP SP2 Enterprise Client (EC) and Specialized Security Limited Functionality (SSLF) System vs Custom Static / Editable ADMX / Security Settings
  • 11. ecastro@grupoasesor.net New UI: More intuitive, integrated help content, no more tabs Support for: REG_MultiSZ REG_QWORD
  • 12.
  • 13. ecastro@grupoasesor.net Preference Settings Not true “Policy” More control of desktop – more settings! Not limited to policy-aware applications Ease of administration through rich UI Better targeting New in Windows 7 Support for new Power Plan settings Support for new Schedule task triggers, actions, etc.
  • 15. ecastro@grupoasesor.net Group Policies Group Policy Preferences (Native / Managed) • Users can change • Setting are enforced, settings user cannot change • Multiple items per settings GPO • Settings revert back to • Can write registry original setting settings to more than • Highest precedence HKCU, HKLM hives • Work only on specific • Granular Targeting of registry location individual items
  • 16. ecastro@grupoasesor.net Drive Mappings Regional Settings Printer Mappings Shortcuts Start Menu Internet Explorer Settings
  • 18. ecastro@grupoasesor.net Familiar Experience Clearer to understand and find Easy to manage Better control of individual settings – Red/Green Powerful browsers Avoids typing errors Configure settings quicker
  • 19. ecastro@grupoasesor.net 29 different targeting options Boolean AND, OR, IS, IS NOT Wildcard support “WSBNE*” Target on the item, not just the GPO
  • 20. Robust targeting 29 types Item level targeting, Boolean logic (And, Or, Not) not GPO level Collections Intuitive UI No need to learn query languages
  • 21. ecastro@grupoasesor.net Apply once and do not reapply Remove when no longer applicable Create – Replace - Update - Delete More than just Enable vs Disable
  • 22. ecastro@grupoasesor.net Active Directory: Windows 2000 Console - Group Policy Manager Console - Snap-in Part of the Remote Server Admin Tool (link and end) One Windows 7 client or Windows Server 2008 R2 Terminal Server Client - Client Side Extensions (CSE’s)
  • 23. ecastro@grupoasesor.net Client Side Extensions Windows Update/WSUS SMS / SCCM Download and Install Logon Script (ironically) SOE Image Client Side Extensions not installed? Nothing happen
  • 24.
  • 25. ecastro@grupoasesor.net 3000 Total ADMX settings 300 new ADMX settings IE more than 90 new Bitlocker Taskbar Power Terminal Services rebranded “Remote Desktop Services” Settings Spreadsheet
  • 26. ecastro@grupoasesor.net 12 settings added under Security Options Restrict NTLM (multiple) Kerberos encryption types Local System null session fallback Only supported on Windows 7 & Windows Server 2008 R2 Settings Spreadsheet
  • 27. ecastro@grupoasesor.net Wireless Network (IEEE 802.11) Policies Public Key Policies Certificate Services Client - Certificate Enrollment Policy BitLocker Drive Encryption Network Access Protection Enforcement Clients: Removed RAQ EC and TS Gateway Enforcement Clients: Added RD Gateway QEC Application Control Policies – AppLocker More info Advanced Audit Policy Configuration More info Name Resolution Policy
  • 28. ecastro@grupoasesor.net The GP team recommends this strongly FRS Issues File Based Replication Does not self heal Does not tell you when its broken DFS-R for SYSVOL requires: Windows 2008 Domain Functional All Windows Server 2008 DC’s minimum http://blogs.technet.com/notesfromthefield/archive/2008/04/27/upgrading-your-sysvol-to-dfs-r- replication.aspx
  • 29. ecastro@grupoasesor.net Have heard up to 11,000 GPOs Not best practice GPMC has perf issues loading Management difficulties Troubleshooting difficulties Migration difficulties Recommendation: Consolidate AGPM is tested up to 2000 GPOs
  • 30. ecastro@grupoasesor.net What about any server dependencies? Are there any schema changes required? What about the Vista Central Store? Will ADMX create an impact on my policies?
  • 31. ecastro@grupoasesor.net Does policy itself replicate any differently? Is it actually stored any differently? Do you still use the same tools to diagnose replication issues like Ultrasound (FRS)? With the move from Winlogon to a service does this mean users can deny policy applying? Any impact for co-existence between Windows Server 2003 GP and Windows Server 2008 and onwards?
  • 32. ecastro@grupoasesor.net Will I have to recreate all the policies again for Windows 7? Can I drop ADM files into the Central Store? Do we have plans to provide an updated GPMC/GPOE to support Windows XP administrative PC’s with ADMX and the Central Store? Is it a good idea to separate Vista GPO from the Windows XP GPO's through new OUs or filtering with WMI? Is there any way to restrict editing GPOs from certain OS versions ? i.e.: restrict editing from anything below W2K3 ?
  • 33. ecastro@grupoasesor.net Guidance Firewall Policy Will apply the most permissive rule Best Practice: Separate Policy for Windows Vista/7 machines IPSEC Policy Old UI for pre-Vista New UI for Vista Best Practice: Separate Policy for Windows Vista machines Three methods for policy separation Grouping (Read/Apply control) Separate OU with GPO link WMI Filter Select * FROM <WMI_CLASS> WHERE <WMI Property>=<value> Select * FROM Win32_OperatingSystem WHERE Caption="Microsoft Windows XP Professional" AND CSDVersion="Service Pack 2"
  • 34. ecastro@grupoasesor.net Guidance Auditing Policy Totally different in XP to Vista and Windows 7/2008 R2 Fine Grained (Vista/W7) as opposed to clumsy and awful (XP) Separate it
  • 35. www.microsoft.com/teched www.microsoft.com/learning Sessions On-Demand & Microsoft Certification & Training Community Resources http://microsoft.com/technet http://microsoft.com/msdn Resources for IT Professionals Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources
  • 36. ecastro@grupoasesor.net Link to Group Policy TechNet page http://www.microsoft.com/technet/grouppolicy Group Policy Team Blog http://blogs.technet.com/grouppolicy Deploying Group Policy Using Windows Vista http://go.microsoft.com/fwlink/?LinkId=77080 Group Policy Settings Reference Windows Vista http://go.microsoft.com/fwlink/?LinkId=54020 Step-by-Step Guide to Managing Multiple Local Group Policy Objects http://go.microsoft.com/fwlink/?LinkId=73434 How to troubleshoot Group Policy using Event logs http://go.microsoft.com/fwlink/?LinkId=74139
  • 38. WCL308: MDOP: Managing GPOs with Advanced Group Policy Management (AGPM) 3.0 WCL18-HOL Managing Windows Internet Explorer 8 Security Settings in the Enterprise WCL11-HOL Microsoft Desktop Optimization Pack: Advanced Group Policy Management WCL20-HOL Deploy and Manage Windows Internet Explorer 8
  • 39. Make sure you pick up your copy of Windows Server 2008 R2 RC from the Materials Distribution Counter Learn More about Windows Server 2008 R2: www.microsoft.com/WindowsServer2008R2 Technical Learning Center (Orange Section): Highlighting Windows Server 2008 and R2 technologies • Over 15 booths and experts from Microsoft and our partners
  • 40. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.