Archive for April, 2015

h1

Windows Group Policy…..

April 28, 2015

windows group policy

Just got a book from National Library entitled Windows Group Policy written by William R. Stanek. For my first introduction , Group Policy is a set of rules that you can apply throughout the enterprise. Although you can use Group Policy to manage servers and workstations running Windows 2000 or later , Group Policy has changed since it was first  implemented with Windows 2000. Group Policy settings enable you to control the configuration of the operating system and it’s components. You can also use policy settings to configure computer and user scripts , folder redirection , computer security , software installation , and more.

Now , I’m writing some description and notes about Chapter 2 – Deploying Group Policy of the book. Unlike Windows 2000, Windows XP Professional, and Windows Server 2003, Windows Vista and Windows Server 2008 use the Group Policy Client service to isolate Group Policy notification and processing from the Windows logon process. Separating Group Policy from the Windows logon process reduces the resources used for background processing of policy while increasing overall performance and allowing delivery and application of new Group Policy files as part of the update process without requiring a restart.

Each new version of the Windows operating system introduces policy changes. Sometimes these changes have made older policies obsolete on newer versions of Windows. In this case the policy works only on specific versions of the Windows
operating system, such as only on Windows XP Professional and Windows Server 2003. Generally speaking, however, most policies are forward compatible. This means that policies introduced in Windows 2000 can, in most cases, be used on
Windows 2000, Windows XP Professional, Windows Server 2003, Windows Vista, and Windows Server 2008. It also means that Windows XP Professional policies usually aren’t applicable to Windows 2000 and that policies introduced in Windows
Vista aren’t applicable to Windows 2000 or Windows XP Professional.

On a computer running Windows Vista, Windows Server 2008, or later versions, you’ll automatically see the new features and policies as well as standard features and policies when you use GPMC 2.0 or later to work with Group Policy. However, the new features and policies aren’t automatically added to Group Policy objects (GPOs). Don’t worry—there’s an easy way to fix this, and afterward you’ll be able to work with new features and policies as appropriate throughout your domain.

With the original file format used with policies, called ADM, policy definition files are stored in the GPO to which they relate. As a result, each GPO stores copies of all applicable policy definition files and can grow to be multiple megabytes in size. In contrast, with the ADMX format, policy definition files are not stored with the GPOs with which they are associated by default. Instead, the policy definition files can be stored centrally on a domain controller and only the applicable settings are stored within each GPO. As a result, GPOs that use ADMX are substantially smaller than their counterparts that use ADM. For example, while a GPO that uses ADM may be 4 megabytes (MB) in size, a GPO that uses ADMX may be only 4 kilobytes (KB) in size.

The way domain controllers replicate the SYSVOL depends on the domain functional level. When a domain is running at Windows 2000 native or Windows Server 2003 functional level, domain controllers replicate the SYSVOL using File Replication Service (FRS). When a domain is running at Windows Server 2008 functional level, domain controllers replicate the SYSVOL using Distributed File System (DFS).

The storage techniques and replication architectures for DFS and FRS are decidedly different. File Replication Service (Ntfrs.exe) stores FRS topology and schedule information in Active Directory and periodically polls Active Directory to retrieve updated information using Lightweight Directory Access Protocol (LDAP). Internally, FRS makes direct calls to the file system using standard input and output. When communicating with remote servers, FRS uses the remote procedure call (RPC) protocol.

Active Directory supports three levels of Group Policy objects:
1. Site GPOs Group Policy objects applied at the site level to a particular Active Directory site.
2.  Domain GPOs Group Policy objects applied at the domain level to a particular Active Directory domain.
3. Organizational Unit (OU) GPOs Group Policy objects applied at the OU level to a particular Active Directory OU.

Through inheritance, a GPO applied to a parent container is inherited by a child container. This means that a policy preference or setting applied to a parent object is passed down to a child object. For example, if you apply a policy setting in a domain, the setting is inherited by organizational units within the domain. In this case, the GPO for the domain is the parent object and the GPOs for the organizational units are the child objects. In an Active Directory environment, the basic order of inheritance goes from the site level to the domain level to the organizational unit level. This means that the
Group Policy preferences and settings for a site are passed down to the domains within that site, and the preferences and settings for a domain are passed down to the organizational units within that domain.

To end this chapter , I encouraged you all to read the rest of the description about Group Policy in this chapter 2 , and also the rest of the chapter about Group Policy in this book. It’s quite interesting to read about….

p/s:- This is an excerpt taken from the book – Windows Group Policy – Administrator’s Pocket Consultant written by William R. Stanek and published by Microsoft Press.