MCITP 70-640: Group Policy Software Install Demonstration

Описание

This video looks at how to install, upgrade and remove software using Group Policy. The video also looks at how to set up a software share to store the install files and how software can be assigned and published.

Download the PDF handout for this video from http://ITFreeTraining.com/handouts/70-640/part3/gpsoftwaredeployment.pdf

GP Software Deployment
Before software is installed using Group Policy a test is done to see how fast the connection is. By default, if the connection is less than 500Kbps per second it will be considered slow. Group Policy will not install software over a slow link due to the time it would take to transfer the install files over the network. If you want to change the speed in which Group Policy tests for a slow link, this can be done at the following location.
Computer Configuration\Policies\Administrative Templates\System\Group Policy\Group Policy Slow Link Detection

Demonstration
In order to install software using Group Policy, the install files must be able to be read by the computer applying the Group Policy. The install files can be on the local computer but it is generally easier to put them on a file share. To share a folder, open the properties for that folder and select the sharing tab. For installing software, you only need to ensure that the read access is configured.

The settings for software installation in Group Policy are found in both user and computer configuration. They are found under Polices\Software Settings\Software Installation
To set up a new software deployment. Right click Software Installation and select, "new package".

A dialog will appear giving you the following options: published, assigned or advanced. Published will be greyed out for computer configuration. If you choose published, some options may not be changeable later on so it is recommenced to choose Advanced so all options can be changed later.

There are many options that can be configured in the properties for the software install some are listed below.

Uninstall the application when it falls out of the scope of management: If this option is ticked, the software will be uninstalled automatically when the Group Policy is no longer being applied to that user or computer.
Modifications tab: This tab allows you to assign an MST file to the package. An MST file can be created
to configure options in the MSI package. The manufacture of the software may have released an application that will create an MST file. An example can be found for Acrobat Reader at the following address. http://www.adobe.com/support/downloads/detail.jsp?ftpID=4950
Upgrades tab: On this tab you can upgrade existing packages.

If software has been published, it can be installed by opening Programs and Features in the control panel and then selecting the option, "install a program from the network".

If you want to redeploy an application, this can be done by right clicking the application, selecting all tasks and then selecting the option, "Redeploy application". You can also remove the application from all tasks if you want to. If you remove the application, you will get the option to allow the users to continue using the package or to remove the package straight away.

See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube.

References
"MCTS 70-640 Configuring Windows Server 2008 Active Directory Second Edition" pg 353 -- 361
"Upgrade an application" http://technet.microsoft.com/en-us/library/cc783421(v=ws.10).aspx
"Specifying Group Policy for Slow Link Detection" http://technet.microsoft.com/en-us/library/cc781031(v=ws.10).aspx

MCITP 70-640: Group Policy Software Install Demonstration скачать видео - Download

Похожие видео

MCITP 70-640: AppLocker

MCITP 70-640: AppLocker

AppLocker allows the administrator to control which applications are run on the computers in your domain. Check out http://itfreetraining.com for more of our always free training videos. The rules Applocker uses allow the scope of an application to be defined, like particular versions or newer version or can be narrowed down to a single application. AppLocker AppLocker was first added in Windows 7 and Windows Server 2008 R2 as a replacement for software restriction policies. Software restriction did not have any wizards and thus is hard to configure. AppLocker adds a wizard and is much easier to configure than Software restriction policies. Since it is aimed towards business, it only works on Windows operating systems that were targeted for business. For the client operating systems these are Windows 7 Enterprise/Ultimate and Windows 8 Enterprise. For server operating system these are Windows Server 2008 R2 Standard/Enterprise/Datacenter and Windows Server 2012 Standard/Datacenter. AppLocker Features Applocker can be used to monitor and control software. When AppLocker is in audit mode it will only report which software is run. If you put AppLocker in enforce mode this will allow the administrator to control which software is run. This allows a company to standardize which software is run and can be a tool used for software conformance. AppLocker Rules In order for AppLocker to work out which software is allow to run and which software should be blocked, AppLocker supports 3 different types of rules. Publisher: This rule relies on the executable being digitally signed. This allows Windows to determine the Vendor, Software Title and version of the software. Publisher rules allow you to create a rule that can work with new software that was not released when the rule was created. Hash: A hash rule puts the file through a mathematical formula to determine a value. Each file should create a different hash value, kind of like a fingerprint. This rule type can only match that executable and thus does not account for new versions of the software. Path: This checks the location the file was run from. For example, if the executable is located in the Program Files directory. Demonstration AppLocker requires the Application Identity service to be running on the client. If this is not running or stopped, AppLokcer will stop working. This service can be configured in Group Policy at the following location to start automatically. Computer Configuration\Polices\Windows Settings\Security Setting\System Service\Application Identity AppLocker is configured in Group Policy at the following location. Computer Configuration\Polices\Windows Settings\Security Settings\Application Control Polices\AppLocker To configure the default properties for AppLocker, select the option "Configure rule enforcement". Rules can be applied to executable, Windows Installer files and scripts. Once you enable the ones you want you can select AppLocker to run in Audit mode or Enforce mode. AppLocker has the option to automatically create rules. This will examine the computer and create rules based on the executables found on it. This step can be run on any computer, this includes a computer that cannot run AppLocker. You are best to run this on a computer that has the software installed on it that you use in your company so AppLocker can create the correct rules. You can also create default rules which will be used if no other rule matches. Without any default rules, if no match is found with the existing rules the software will not be allow to run. This can prevent software in the operating system from running. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 361 - 362 "AppLocker" http://technet.microsoft.com/en-us/library/dd723678

6 лет назад
Deploy Office 2010 with Group Policy

Deploy Office 2010 with Group Policy

http://www.petenetlive.com/KB/Article/0000464.htm - Deploy Office 2010 with Group Policy

7 лет назад
How to Install & Configure printer, Network Printer

How to Install & Configure printer, Network Printer

This Video is Show on How to Install & Configure printer, Network Printer, Configure Printer Through TCP\IP Port & Configuring Printer Through LPR Port. Print Server, Internet Printing.

4 лет назад
MCITP 70-640: Group Policy Software Installation Introduction

MCITP 70-640: Group Policy Software Installation Introduction

This video will provide an introduction and explain the concepts to what can be achieved using Group Policy for installation and managing software. The next video will go through how to configure Group Policy to install and manage software in your organization. Deployment Solutions A deployment solution should manage software throughout the software cycle. The software cycle includes the install, maintenance and retirement of the software. Group Policy is a free software solution. Other solutions like Microsoft Center Configuration Manager offer more features; however, they also cost money. GPSI Group Policy Software Installation (GPSI) is the system that Group Policy uses to install software. Software can be deployed per user or per computer. No additional software is required other than a Domain Infrastructure. Assigning and Publishing Software can be deployed by assigning or publishing. Publishing is available only to user configuration. Assigning and publishing is available for both user and computer configuration. Publishing user: Software that is published needs to be installed by the user using the control panel. If the software supports it, the software can also be installed automatically if the user opens a file that is supported by that application. Publishing to the user also supports the ZAP file discussed later on. Assigning computer: Software assigned to the computer is automatically installed on the computer before the user logs in. Assigning User: Software that is assigned to the user is installed when the user launches the shortcut for that application. MSI Microsoft Software Installer (MSI) is a package format used by Windows Installer. It is essentially a database that defines how to install the software. It also includes information like what features and options are available when the software is installed. It is the primary format used to install software using Group Policy. MST Windows Installer transform (MST) is essentially a modification and answer file for an MSI package. Using an MST file, any changes to the MSI package can be applied. The advantage of this is that MST files are very small. By using an MST file, it is possible to make a completely automated software install and perform actions like adding additional shortcuts and deciding which features should be installed. The manufacturer of your software may provide an application to create these MST files. MSP This is a patch file that only contains updates. It requires the original MSI package to be installed on the computer in order for it to be used. For this reason, the MSP file is usually smaller than the original MSI file. ZAP A ZAP file is a text file that contains instructions on how to install the software. An example of a ZAP file is shown below. ZAP files do not support elevation and Windows will only attempt to run the install script once. Software can only be installed by a ZAP file by publishing it to the user. Lastly ZAP files do not support removing of the software via Group Policy. Zap file example [Application] FriendlyName = "Program" SetupCommand = "\\FileServer\Share\setup.exe" /q See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second Edition" pg 353 -- 360 "Windows Installer" http://en.wikipedia.org/wiki/Windows_Installer "ZAP File" http://en.wikipedia.org/wiki/ZAP_File

6 лет назад
Printer installation and deployment with Active Directory ( GUI and Powershell )

Printer installation and deployment with Active Directory ( GUI and Powershell )

This video will guide you through installing and setting up printers in Active Directory using the GUI and Powershell script. All scripts used in ITedge presentations can be found here http://itedge.com.au/powershell-scripts

5 лет назад
MCITP 70-640: Group Policy Optimization

MCITP 70-640: Group Policy Optimization

This video will look at how Group Policy is configured, how you can get consistent results and what you can do to force Group Policy to be applied rather than wait for the next refresh. Download the PDF handout for this video from http://ITFreeTraining.com/handouts/70-640/part3/gpoptimization.pdf In this video This video will look at the following: Group policy change process Forcing replication Settings to speed up the process Manually forcing an update The Group Policy Process By default, Group Policy Management Console (GPMC) will attempt to make changes on the Domain Controller holding the PDC Emulator role. By having administrators change Group Policy in this location helps prevent conflicts when multiple administrators make changes. To change the Domain Controller used, right click the domain in the GPMC and select the option change Domain Controller. Active Directory Replication A single Group Policy has two parts. One part is stored in Active Directory and the other part is file based and stored in the SysVol folder. In order to force a replication of Active Directory, open Active Directory Sites and Services and expand down until the connections are found under NTDS Settings folder. To force a replication, right click the connection you want to force the replication on and select replicate now. To force a replication from the command prompt, run the following command from the Domain Controller that you want to force to replicate. RepAdmin /Syncall If you experience problems with replication, you can check for replication problems using the command DCDiag. To replicate the SysVol, use the following commands depending on which replication your domain is using. FRS NTFRSUTL ForceRepl Computer /r SetName /p DNSName e.g. NTFRSUTL ForceRepl nydc3 /r "Domain System Volume (SYSVOL share)" /p londc2.ITFreeTraining.local DFSR DFSRDiag SyncNow /Partner:RemoteComptuer /RGName:Name /Time:Duration e.g. DFSRDiag SyncNow /Partner:londc2 /RGName:"Domain System Volume" Group Policy Problems Sometimes Group Policy may be applied on a computer before the networking on the computer has had a chance to start up. Certain group policy settings are applied at start up and when the user logs in. If this has already occurred, Group Policy will not be correctly applied until the next system reboot or login depending on the setting. To ensure time is allowed for the networking on the computer to start before Group Policy is applied, you can configure the following option. Computer Configuration\Polices\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon If you use groups with Group Policy this can delay Group Policy deployment. If the group membership is changed and replication has not occurred, Group Policy will be deployed based on the old group membership. To ensure the correct Group Policy settings are deployed, force a replication of Active Directory after group membership has changed. Group Policy Refresh By default, a Group Policy refresh will happen a 90 minutes with a 30 minutes random interval added. If you want to change the timing you can do so at the following locations for computers and Domain Controllers. Computer Configuration\Polices\Administrative Templates\System\Group Policy\Group Policy refresh interval for computers Computer Configuration\Polices\Administrative Templates\System\Group Policy\Group Policy refresh interval for domain controllers GPUpDate GPUpDate will trigger a background update of Group Policy. This will not download new Group Policy and will not apply settings in Group Policy that have changed. If you add the /force parameter, this will download Group Policy and reapply all Group Policy settings even if they have not changed. If you add /User or /Computer to GPUpDate, this will limit the update to the user or computer settings of Group Policy. If you add /Logoff or /Boot to GPUpDate, this will cause the computer to reboot or the user to be logged off if required. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 255 "Force Replication Between Domain Controllers" http://technet.microsoft.com/en-us/library/cc816926(v=ws.10).aspx "Repadmin /syncall" http://technet.microsoft.com/en-us/library/cc835086(v=ws.10).aspx

6 лет назад
Deploying Adobe Reader with Group Policy

Deploying Adobe Reader with Group Policy

https://www.instructorpaul.com Please like and subscribe =) Deploying the Dreaded Adobe Reader with Group Policy I have seen a large amount of System Administrators struggle with deploying Adobe Reader with Group Policy. It isn't very difficult if you just know how! Watch this video to learn how! This video is from my Udemy Course Active Directory & Group Policy 2012: http://www.itflee.com/courses/ Everything about this video is 100% free and for you! My Website | http://www.itflee.com Video Timeline: 0:00 - Introduction 0:49 - Go to the Adobe public FTP server 0:59 - Download the latest Adobe Reader EXE 1:21 - Download the latest Adobe Reader MSP patch file 1:40 - Transfer the files to your Domain Controller 1:53 - Open Command Prompt and CD to the transferred files 2:41 - Extract the Adobe Reader executable 3:23 - Extract the extracted files 4:07 - Patch the MSP into the newly extracted files 4:51 - Verify the new installation MSI 5:12 - Copy the new folder to a share drive your target machines can access 5:24 - Setup / configure the Group Policy Object (GPO) 5:54 - Verify the software installs on your workstations 6:05 - Run a GPUpdate /force from Command Prompt and reboot your client machine

3 лет назад
Microsoft MCSA 2012 (70-410) - Overview of Group Policy

Microsoft MCSA 2012 (70-410) - Overview of Group Policy

http://www.howtonetwork.com/courses/microsoft/microsoft-mcsa-windows-server-2012/ - taster lesson from our MCSA course.

5 лет назад
MCITP 70-640: Operation Master Roles

MCITP 70-640: Operation Master Roles

Active Directory has five operations master roles otherwise known as FSMO roles. Check out http://itfreetraining.com for more of our always free training videos. These roles are assigned to one Domain Controller to ensure changes happen in only one location at a time. This ensures that the Active Directory database is kept consistent. This video goes through the five operations master roles. At the forest level, there is the Schema Master and Domain Naming Master. At the domain level, the 3 other operational roles are Infrastructure Master, PDC Emulator and RID Master. Schema Master 01:32 Domain Naming Master 03:01 RID Master 03:53 PDC Emulator 07:06 Infrastructure Master 11:03 Schema Master (Forest Wide) The Schema Master determines the structure and thus what can be stored in Active Directory. It contains details of every object that can be created and the attributes for that object. For example, if you want to add an attribute to every user in the forest (such as a field with the user's pay grade in it), you would add an attribute to the schema to accommodate this change. It is important to think carefully before making changes to the schema as changes to the schema can't be reversed but they can be disabled. If you want to test changes to the schema, create a new forest and make your changes there so the production environment is not affected. Domain Naming Master (Forest Wide) The Domain Naming Master is responsible for ensuring that two domains in the forest do not have the same name. Relative ID Master (RID Master) This master role allocates RID pools. A RID is a sequential number that is added to the end of a SID. A SID, or security identifier, is required for every Active Directory object. An example of a SID is shown here: S-1-5-21-1345645567-543223678-2053447642-1340. The RID is the last part of the SID, in this case 1340. The RID Master allocates a pool or block of RIDs to a Domain Controller. The Domain Controller uses the RID pool when Active Directory objects are created. The Domain Controller will request a new RID pool before it runs out. However, keep in mind that if you create a lot of Active Directory objects at once, the RID Master will need to be online to allocate new RID pools. If the Domain Controller runs out of RIDs and can't contact the RID Master, no objects in Active Directory can be created on that Domain Controller. PDC (Primary Domain Controller) Emulator Originally the PDC Emulator provided a bridge between Windows NT4 Domain Controllers and Windows Server 2000 Domain Controllers. Even if you do not have any NT4 Domain Controllers on your network, it still provides some services. The PDC Emulator forms the root of the time sync hierarchy in your domain. All other Domain Controllers will sync their time from this Domain Controller. Your clients and servers will in turn sync their time from their local Domain Controller. You should configure the PDC to sync its time from an external time source to ensure that it is accurate. When a user enters in a wrong password, the PDC Emulator may be contacted to find out if this password is in fact an updated password. Password changes are replicated to the PDC Emulator first and thus it is considered the final authority on correct and incorrect passwords. The PDC Emulator is contacted when changes to DFS (Distributed File System) are made. This can be switched off if the load on the PDC Emulator becomes too great. Infrastructure Master The Infrastructure Master is responsible for ensuring that objects that use multiple domain references are kept up to date and consistent. When you are in a single domain you don't need to worry about this. In a multiple domain environment with Windows Server 2000/2003 Domain Controllers, you must ensure that the Domain Controller that is holding the Infrastructure Master role is not a Global Catalog Server or all of the Domain Controllers will be Global Catalog Servers. If the Domain Controller is a Global Catalog Server this can cause objects in the domain not to update correctly. If you only have Windows Server 2008 Domain Controllers, you don't need to worry about whether the Infrastructure Master is on a Global Catalog Server or not.

6 лет назад
MCITP 70-640: Active Directory Under The Hood

MCITP 70-640: Active Directory Under The Hood

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. Active Directory utilizes two main standards. These are the X.500 standard and LDAP. This video looks at how the X.500 standard is used to store the Active Directory objects in the database. It also looks at how LDAP is used to access this data and the formatting LDAP uses. NTDS.DIT The Active Directory Database by default is stored in c:\windows\NTDS\ntds.dit. This file is based on the X.500 standard. Originally Active Directory was called NT Directory Services and this is where the file got its name. Each domain in Active Directory will have a separate database. Domain Controllers hold the copy of the database in the ntds.dit file and replicate changes to each other. If you have more than one domain, then each separate domain will have its own copy of the ntds.dit file. Organization Units In order to organize objects in Active Directory more easily, objects in Active Directory can be organized into Organization Units, also known as OUs. These OUs are like folders on your hard disk. LDAP Syntax LDAP uses a syntax that refers to the most significant part first followed by less significant or precise parts afterwards. This is the opposite of other systems, like filenames or paths. The main syntax of any LDAP command is like this example: CN=Joe, OU=Users, DC=ITFreeTraining, DC=Com. When an object can be defined uniquely, like in this example, it is called the distinguished name. Canonical Name (CN) This is the name of the object in Active Directory that you want to access. For example, if you wanted to access a user called Joe, you would use CN=Joe. Organization Unit (OU) Organization units in Active Directory are used to sort objects into different areas or folders. If you have multiple OUs, then start with the lowest in the tree and expand downwards. For example if a user was in Users\Acounts\Payable you would use OU=Users, OU=Accounts, OU=Payable. Domain Component (DC) This is the domain in which the object is located. For example DC=ITFreeTraining, DC=com.

7 лет назад
Help Desk Course: Software Deployment SCCM

Help Desk Course: Software Deployment SCCM

Join 26,000+ IT Learners https://jobskillshare.org

5 лет назад
Deploy Adobe Reader using Domain Group Policy

Deploy Adobe Reader using Domain Group Policy

This tutorial shows in detail how to deploy an automated Adobe Reader installation via GPO in a domain. Links: Page with 'direct download link' - http://helpx.adobe.com/acrobat/kb/quick-fix-install-download-reader.html Adobe X Customization Wizard - http://www.adobe.com/support/downloads/detail.jsp?ftpID=4950

7 лет назад
MCITP 70-640: Troubleshooting Group Policy

MCITP 70-640: Troubleshooting Group Policy

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. This video will look at how to troubleshoot which setting in Group Policy are applied by using the internal modeling tools and Resultant Set of Policy (RSOP). RSOP is the actual settings that are applied to the computer taking into account factors like WMI filters and groups. Download the PDF handout for this video from http://ITFreeTraining.com/handouts/70-640/part3/gptroubleshooting.pdf Group Policy Results The actual settings that are applied to a computer using Group Policy can be affected by many different things. For example, security, groups and WMI filters. The actual settings that are applied to a computer are known as the Resultant Set of Policy (RSOP). Windows has a number of tools that can read the RSOP data stored on a computer to help you troubleshoot Group Policy. Requirements In order to use the tools in this video you need to be logged in as an administrator and running Windows XP or above. If you plan on using the RSOP tools from remote, the remote computer will need ports 135, 445 open. Also the computer will need the WMI service to be running. To get results for a particular user, the user will have needed to logon to that computer once. They do not need to be logged on the computer when the tools are being run. Demonstration Group Policy results When you open Group Policy Management there is a section called Group Policy Results. To start the wizard, right click on Group Policy Results and select the option Group Policy Results Wizard. The wizard can be run on the local computer or a remote computer. If the user that you want to run the wizard on does not appear in the wizard you will need to login into that computer using that user. The user must have logged into that computer at least once. Once the wizard is complete, it will show you all the Group Policy settings that have been applied to that computer for that user and also any Group Policy related events from the event logs. To connect to a remote computer, make sure the service WMI Performance Adapter is running and the firewall is configured. To configure the firewall, open Windows Firewall with Advanced Configuration and make sure the following settings are enabled in in-bound rules. Firewall Settings that need to be enabled Remote Event Log Management (NP-in) Remote Event Log Management (RPC) Remote Event Log Management (RPC-EPMAP) Windows Management Instrumentation (WMI-in) Group Policy Modeling The modeling wizard allows you to simulate changes in Group Policy and Active Directory without making any changes. For example, if you want to test the effects of moving a user to a different part of Active Directory will have on their Group Policy settings, you can do this without having to move the user account. Other options you can choose include slow network connection, loopback processing, Security Groups and which site to use. Group Policy modeling is available in the GPMC. All you need to do to use it is right click on Group Policy Modeling and select Group Policy Modeling Wizard. GPResult When run, this gives you information about which settings were applied to the computer. The command supports the following parameters. /r use the RSOP data on the computer to generate results. /v verbose mode which provides more information. /Scope User | Computer To limit the results to user or computer settings. /x Output the results to XML /h Output the results to HTML See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 303 - 307 "Configure Firewall Port Requirements for Group Policy" http://technet.microsoft.com/en-us/library/jj572986.aspx "Use Resultant Set of Policy to Manage Group Policy" http://technet.microsoft.com/en-us/library/cc754269.aspx Keywords: Group Policy, RSOP, Active Directory,70-640,MCITP,MCTS,ITFreeTraining

6 лет назад
Deploying Printers with GPO.mp4

Deploying Printers with GPO.mp4

This is a quick tutorial on setting up a print server on Windows Server 2008 R2, then deploying the printers with Group Policy. More information available on technet: http://technet.microsoft.com/en-us/library/cc753109(v=ws.10).aspx

7 лет назад
Windows Server 2012 R2 Deploying Software Over the Network

Windows Server 2012 R2 Deploying Software Over the Network

Ever wondered how to install software programs over the network/Internet? Well, using Windows Server 2012 R2 it can be done in a few minutes. The following video should show you how in less than five minutes. For more visit: http://www.windows10.ninja http://www.2012r2.com

4 лет назад
MCITP 70-640: Group Policy New Features

MCITP 70-640: Group Policy New Features

This video looks at the new features in Group Policy that are available in Windows Server 2008 and Windows Server 2008 R2. Download the pdf handout for this video from http://ITFreeTraining.com/Handouts/70-640/Part3/GPNewFeatures.pdf Download subtitles. Can be enabled in the video. http://ITFreeTraining.com/Handouts/70-640/GPNewFeatures.srt New Features Windows Server 2008 adds the following features: comments, Starter Group Policy Objects, integration with Network Location Awareness, Preferences, and the new ADMX format. Windows Server 2008 R2 adds the ability for Group Policy to be administered from PowerShell. Group Policy Comments All Group Policy settings allow comments to be added. Comments allow an administrator to leave a comment for all Group Policy settings which help other administrators understand why the Group Policy was configured the way it was. Starter Group Policy Objects Starter Group Policy Objects is essentially a template. Once you create a Starter Group Policy Object you can copy this to a new Group Policy. Since part of Group Policy is called Administrative Templates this is probably why Microsoft uses the name Starter Group Policy Objects rather than calling it a template. The limitation with Starter Group Policy Objects is that they can only be used to configure Administrative Templates. Network Location Awareness Group Policy now integrates with the Network Awareness Services. This means that when a network becomes available, for example a VPN connection is established, a wireless network becoming available, or simply a network cable being plugged in, Group Policy will check for updates on the network. Previously Group Policy would only check at certain intervals and if the network was not available when it checked, then Group Policy may never be updated. Preferences Preferences was a 3rd party product that was integrated in Windows Server 2008 just before release. It adds a lot of flexibility to Group Policy allowing an administrator to configure settings like printers and drive mapping. Unlike Group Policy, the user is free to overwrite or delete what has been configured, however Preferences will attempt to reapply the settings at the next Group Policy Refresh. This means the user can remove settings like a mapped drive and replace it with another mapped drive if they wish. The major feature with Group Policy is that it allows targeting to particular groups, computer types, software, and hardware, just to name a few. PowerShell If you are running Windows Server 2008 R2 or Windows 7, you can perform Group Policy administration from PowerShell. Many functions are included like managing Group Policy settings and creating starter GPO's. ADM File The ADM file was used with Group Policy before Windows Server 2008 was released. The ADM file contains all the settings that are found under Administrative Templates. Each time a new Group Policy is created, the settings for the Group Policy is stored in the SysVol share. The ADM file is also stored with the Group Policy setting. This means that Group Policy using the ADM does not scale well as it makes the SysVol share very large. Also once a Group Policy is created it is linked to the one ADM file. The ADM file only supports one language so if multiple administrators were working on the same Group Policy one language would need to be agreed between all administrators. ADMX File The ADMX file replaces the old ADM file. It was first introduced in Windows Server 2008, however if you download the latest Group Policy Management software you can use the ADMX files in early Windows Servers. ADMX is an XML based format making it easy to edit. ADM is an in-house format so it is not as easy to work with as XML files are. The format is made up of two parts. The ADMX file defines the Group Policy settings. The ADML file contains the language to be used with the file. This means the ADMX file can easily be used with any language assuming an ADML file for the language exists. Both ADM and ADMX output the same files so regardless which format is used, they will be compatible with old and new clients. Please see http://itfreetraining.com/70-640/group-policy-new-features for the rest of the description References "Administrative Templates (ADMX) for Windows Server 2008 R2 and Windows 7" http://www.microsoft.com/en-au/download/details.aspx?id=6243 "What is an ADMX File?" http://pcsupport.about.com/od/fileextensions/f/admxfile.htm "How to Write a Simple .Adm File for Registry-based Group Policy" http://en.wikipedia.org/wiki/Administrative_Template "Group Policy" http://technet.microsoft.com/en-us/library/cc725828(v=ws.10).aspx "What's New in Group Policy" http://technet.microsoft.com/en-us/library/dd367853(v=ws.10).aspx

6 лет назад
MCITP 70-640: Configuring Group Policy

MCITP 70-640: Configuring Group Policy

Group Policy has over 3000 settings. This video looks at how to perform the basic configuration of Group Policy and how to find a setting that you require. Download the PDF handout for this video from http://ITFreeTraining.com/Handouts/70-640/Part3/Configuring_Group_Policy.pdf Download subtitles. Can be enabled in the video. http://ITFreeTraining.com/Handouts/70-640/Part3/Configuring_Group_Policy.srt Demonstration Interface Group Policy Management is done via the Group Policy Management Tool. This is found under administrative tools under the start menu. When a domain is created, two Group Polices will be created with it. These are the Default Domain Policy and the Default Domain Controllers Policy. It is important to understand that when Group Policy is created it is stored under Group Policy Objects. If you want to apply this Group Policy Object to an OU it must be linked. A single Group Policy can be linked as many times as required. If it is not linked to any OU's, it will not have any effect on any computers in the domain until it is linked. If you want to create a Group Policy Object and link it in one step, you can achieve this by right clicking on an OU and selecting the option "Create a GPO in the domain, and link it here". Demonstration GPO Editor Each Group Policy is divided into two parts, computer and user configuration. These sections are further sub divided into two more sections called Polices and Preferences. Later videos will look at the other sections, this video will look at the Administrative Templates under polices. This contains the majority of the Group Policy settings. Since there are so many settings under Administrative Templates there is an option to filter the setting. This is done by right clicking on Administrative Templates on any folder found under Administrative Templates and selecting the option "Filter On". Once the filter has been enabled, by right clicking any folder under Administrative Templates and selecting the option "Filter Options" you can configure which settings you want to look for. When configuring group policy settings, it is a good idea to read the help text associated with that Group Policy setting. Particular Group Policy settings require certain operating systems in order to work. Also Group Policy settings many rely on other Group Policy settings to be configured. Reading the help text will help you configure Group Policy correctly in order to meet your needs. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second Edition" pg 250-253 "Administrative Templates in Server 2008 R2 Group Policy Objects (GPO)"http://www.petri.co.il/administrative-templates-for-group-policy-objects.htm

6 лет назад
Allow Windows to Run Specified Programs Only

Allow Windows to Run Specified Programs Only

Allow Windows to Run Specified Programs Only If you ever wondered how to lock down your computer to restrict users to use only specified programs you want them to?. In this video I will show you how to change settings in Local Group Policy Editor, which allows you to set only specified programs to run. Open the run box and type: gpedit.msc (You will need Windows Professional or above) Navigate to User Configuration \ Administrative Templates \ System. On the right window pain double click on Run only specified Windows applications. Click Enable Now click on show button and add in programs you only want user to be able to use on that computer. WARNING: PLEASE BE CAREFUL WITH USING GROUP POLICY EDITOR. YOU COULD DAMAGE YOUR COMPUTER OPERATING SYSTEM. USE THIS GUIDE AT OWN RISK AND DO NOT USE UNLESS YOU KNOW WHAT YOU ARE DOING. Need help and advise with your computer? why not join our free forum. http://www.briteccomputers.co.uk/forum

3 лет назад
Deploy Java Installation using Domain Group Policy

Deploy Java Installation using Domain Group Policy

Learn how to deploy automated java (or other software) installation on a domain using the Group Policy Objects (GPO) in Active Directory. See an actual installation happen on a test system.

7 лет назад
Tutorial - How To Deploy Printers To Specific Users/Groups Using Active Directory Group Policy

Tutorial - How To Deploy Printers To Specific Users/Groups Using Active Directory Group Policy

In this tutorial video we are going to go through the steps necessary to deploy printers in an Active Directory, targeting specific users/groups for specific printers. Step-by-step instructions with screenshots of the entire process are available here: http://wp.me/p3okOp-gM Music from bensound.com http://www.bensound.com/royalty-free-music

3 лет назад
Group Policy (Part 1 of 4) - Basic Settings and Auditing

Group Policy (Part 1 of 4) - Basic Settings and Auditing

Group Policy (Part 1 of 4) - Group Policy Overview, Basic Group Policy Settings and Auditing

7 лет назад
Windows Server 2008: install software through Active Directory's group policy

Windows Server 2008: install software through Active Directory's group policy

This is a video about how to install software through group policy. I install Firefox 3.0 through a MSI (Microsoft Installer Package) that is accessible through a local share. To do this it requires a GPO (group policy object) be applied on the domain (Server with active directory). You may assign the program to specific users or computers so that it will be installed. You can also publish the software so that the user may decide to install the software. You can do this on Server 2008 domain controller and Windows 7, but it also available for 2003, 2000, XP, or Vista. Providing training videos since last Tuesday. http://www.technoblogical.com Thanks for watching.

9 лет назад
Windows Server 2008: create group policy for Active Directory

Windows Server 2008: create group policy for Active Directory

How to create a GPO (group policy object) on a server 2008 domain controller. I create them, link them to an OU (organizational unit) and show how to find what settings are affected by it. It's one of the many features of active directory that controls your user's environment. Providing training videos since last Tuesday. http://www.technoblogical.com Thanks for watching.

9 лет назад
MCITP 70-640: Installing Group Policy Tools

MCITP 70-640: Installing Group Policy Tools

This video looks at installing Remote Server Administration Tools in order to administer Group Policy from a Windows 7 Client. The video also looks at how to centralize the ADMX file. ADMX files define Group Policy and having them in a centralized store makes it easy to support when changes are made. Download the PDF handout for this video from http://ITFreeTraining.com/Handouts/70-640/Part3/GPInstalling.pdf Download subtitles, can also be enabled in the video. http://ITFreeTraining.com/Handouts/70-640/Part3/GPInstalling.srt Group Policy Management Console (GPMC) Group Policy is performed using the Group Policy Management Console or GPMC. This is included in Windows Server 2008 however you do not need to have a single Windows Server 2008 server on the network to utilize the new features. If you are using an older client operating system, the GPMC can be downloaded from the Microsoft website. As long as you have an up to date version of the GPMC, you will have access to the features. If you are running Windows Server 2008, GPMC can be added as a feature in Server Manager. ADMX In order to define a Group Policy setting (what is does, what the interface looks like, etc.) a configuration file is required. Previously an ADM file was used to define Group Policy setting. The ADM file was limited to one language and was in Microsoft proprietary format making it difficult for a user to create their own. The new ADMX format is based on the XML format making it easy to change. It is paired with an AMDL file. The ADML provides the language meaning and a single ADMX file can support multiple languages. ADMX Locations Each Group Policy created with ADM had to have the ADM files stored with the Group Policy which is stored in the SysVol folder. This caused the SysVol folder to get quite large. ADMX files are stored on the local computer under C:\Windows\PolicyDefinitions. They do not need to be stored in the SysVol. If you want to centralize them all you need to do is copy the file to SysVol\Domain\Policies\PolicyDefinitions The GPMC will check this location automatically and use whatever ADMX files are located there. Unlike ADM files, the ADMX file only needs to be stored once as it is shared between all Group Policies. To find out where the ADMX files are currently being read from, open GPMC and hover the mouse pointer over Administrative Templates. This will tell you if the ADMX files are being read from the local computer or the central store. Demonstration The GPMC console can be download as a standalone install or part of the Remote Server Administration Tools (RSAT). The links for the downloads are below. If you install RSAT, the GPMC will not appear in the start menu after the install. To have it added, open control panel, select "Programs" and then then select "Turn Windows Features On or Off" from under Programs and Features. The GPMC is found under Remote Server Administration Tools, Feature Administration Tools, Group Policy Management Tools. The latest version of the ADMX templates are available from the Microsoft web site. The link for this is below. Once installed, copy the directory PolicyDefinitions local in C:\Program files (x86)\Microsoft Group Policy\win72008r2 to SysVol\Domain\Polices. The directory will include all the available languages as well so if you do not need additional languages, it is worth going through the PolicyDefinitions folder and deleting any extra languages. GPMC Downloads http://www.microsoft.com/en-us/download/details.aspx?id=21895 RSAT Downloads "Windows 8" http://www.microsoft.com/en-au/download/details.aspx?id=28972 "Windows 7" http://www.microsoft.com/en-us/download/details.aspx?id=7887 "Vista" http://www.microsoft.com/en-us/download/details.aspx?id=21090 ADMX Downloads "Windows Server 2008 r2 and Windows 7" http://www.microsoft.com/en-au/download/details.aspx?id=6243 See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 268-270 "Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1)" http://www.microsoft.com/en-us/download/details.aspx?id=7887 "Administrative Templates (ADMX) for Windows Server 2008 R2 and Windows 7" http://www.microsoft.com/en-au/download/details.aspx?id=6243 "How to create a Central Store for Group Policy Administrative Templates in Window Vista" http://support.microsoft.com/kb/929841

6 лет назад
MCITP 70-640: Group Policy Processing Order

MCITP 70-640: Group Policy Processing Order

In your domain you are more than likely going to have multiple Group Policies applied at different levels throughout your domain. This videos looks at which order the Group Polices will be applied in when multiple Group Policies are in use. Download the PDF handout for this video from http://ITFreeTraining.com/handouts/70-640/part3/gpprocessingorder.pdf Processing Order The order that Group Policy is applied in is: Local, Site, Domain, and OU. A Group Policy has the ability to overwrite any settings that were applied before. For this reason, the local Group Policy is the weakest of the Group Policies since all Group Policies at the site, domain and OU are free to overwrite any settings configured by the local Group Policy. You could also say that the OU's Group Policy is the highest priority or strongest Group Policy as it can over write local, site and domain Group Policy settings. Sub OU's are applied after the parent OU so the child OU has priority over the parent OU. Demonstration To edit the local Group Policy on a computer, run "Edit Group Policy" from the start menu. To edit Group Policy at the domain level run "Group Policy Management". If you are using a client operating system the GPMC will need to be download and installed. It is available from the Microsoft web site. Using the GPMC you can configured a Group Policy by right clicking on an OU and selecting "Create a GPO in this domain, and link it here". A Group Policy Object can also be created in Group Policy Objects, however it will be essentially inactive until it is linked to an OU. If want to link a Group Policy Object at the site level, the Group Policy first needs to be created under Group Policy Objects. Once it is created you next need to right click "sites" and select the option "show sites". This will allow you to choose which sites will be visible in the GPMC. Once the site is visible, right click it and select the option "Link an Existing GPO". Settings used in this video User Configuration\Polices\Administrative Templates\Desktop\Desktop\Desktop Wallpaper User Configuration\ Polices\Administrative Templates\Desktop\Remove Recycle Bin icon from desktop Computer Configuration\Polices\Windows Settings\Internet Explorer Maintenance\connection\Proxy Settings User Configuration\ Polices\Administrative Templates\Control Panel\Prohibit access to the Control Panel See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 280-282 "Group Policy Management Console with Service Pack 1" http://www.microsoft.com/en-us/download/details.aspx?id=21895

6 лет назад
MCITP 70-640: Group Policy Filtering

MCITP 70-640: Group Policy Filtering

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. There are a number of different options in Group Policy that allows you to target Group Policy to particular users and computers. This video looks at WMI filters and security that can be applied to target Group Policy settings that you configure. The video also looks at how you can disable parts of Group Policy to speed up the processing on your clients. Sorting by OU's One way of applying Group Policy is to sort the users and computers into different OU's. A typical way of doing this is to separate the users and computers into physical locations, departments and operating systems. The problem with this approach is that an administrator needs to sort these objects initially and when change occur. For example, if users change job titles and operating systems are upgraded. By using filters in Group Policy you can automate this process. Demonstration All the Group Policy filtering options are available from Group Policy Management Console. Once you select a Group Policy Object you can configure additional filtering options for it. User/Computer Configuring Enabling/Disabling If you select the details tab, the option GPO status allows you to enable or disable the GPO as well as only have the user or computer configuration enabled. If you are only using one part of the configuration for the GPO, it is worth while disabling the other configuration. Disabling configuration like this will speed up the processing of the GPO on the client. Security Filtering On the scope tab you can configure particular groups to be allowed the ability to apply the Group Policy object. Adding groups here effectively changes the permissions of the Group Policy Object giving that group access to apply the Group Policy. The same effect can be achieved by editing the security of the Group Policy Object directly, however Security Filtering does provide an easier interface if all you want to do is see who has the ability to apply the Group Policy or add or remove access. WMI Filter Windows Management Instrumentation (WMI) allows software to retrieve information about the client. For example, information about the operating system, hardware and software installed can be retrieved using WMI. Using WMI filters, you can target a Group Policy Object to particular characteristics of a computer. You can only assign one WMI filter per Group Policy Object, however you can make it as complex as you wish. Using WMI filters in your domain especially complex WMI filters this can slow down the time Group Policy takes to apply. To create a WMI query, Select WMI Filters in the left panel of Group Policy Management under your domain and paste in your WMI query. An example of a WMI query is listed below. Select * FROM Win32_OperatingSystem WHERE Caption="Microsoft Windows XP Professional" AND CSDVersion="Service Pack 3" Once you have a WMI query configured, you can assign one WMI filter to the Group Policy Object on the scope tab. A free WMI explorer. http://www.ks-soft.net/hostmon.eng/wmi/index.htm Delegation The delegation tab effectively shows some of permissions of the Group Policy Object. In order for the Group Policy to be applied to a client it requires read and apply group policy permissions. To gain access the security properties press the advanced button. If you want to prevent the group policy for being applied, select the deny option for apply group policy. Deny permissions should only be applied when necessary. In most cases there is another solution which does not require deny permissions. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second Edition" pg 285 -- 291

6 лет назад
MCTS 70-680: Event forwarding source initiated subscriptions

MCTS 70-680: Event forwarding source initiated subscriptions

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. This video looks at forwarding events from one computer to another using source initiated subscription. Source initiated subscription is when the computer that has events to transfer determines when to transfer these events to the collecting computer. The previous video looked at collector initiated subscription, which is when the collecting computer contacts the forwarding computer at regular intervals to see if it has events that it needs to transfer. Previous Video on event forwarding using collector initiated subscriptions http://www.youtube.com/watch?v=sZj_9e3AHFk Demo configuring the forwarding computer 01:56 Demo configuring the collector 05:24 Configuring the collector computer To configure the collector computer to receive events from the forwarding computer, run the following two commands: WinRM QuickConfig WECUtil QC Answer y to all the questions. WinRM will configure the WinRM service and the firewall. WECUtil will configure the service that is used to collect events sent from the forwarder. The next step is to configure a subscription on the collector computer. This is done inside the event viewer on the collector computer. Right click on subscriptions in the event viewer and select create subscription. Make sure that source computer initiated is selected. The rest of the options determine which events will be transferred from the forwarding computer. The subscription in this case acts like a filter determining which events to collect and which events to ignore. Configuring the forwarding computer Run the following command on the forwarding computer: WinRm QuickConfig Answer y to both questions. This will configure the service and also the firewall settings. Group Policy The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting: Computer configuration-Administrative templates-Windows components-Event forwarding-Configure the server address, refresh interval, and issue certificate authority of a target subscription manager. The syntax is as follows when using the default protocol HTTP and default port: Server=HTTP://FQDN Use the full URL when using HTTPS or different ports: Server=HTTPS://FQDN:5986/wsman/SubscriptionManager/WEC FQDN is the fully qualified domain name, for example, ITFreeTraining.com WECUtil command line WECutil supports a number of different command line options which are listed below. WECUtil ES Lists the subscriptions. The name of the subscription can be used in later commands. WECUtil GS (Subscription name) /f:XML This outputs the subscription configuration. If you want XML format add /f:XML. (Greater than sign) filename can also be added to direct the output to a file. WECUtil CS (Filename) This will create a new subscription using the configuration in the filename.

7 лет назад
How KaiOS Is Becoming the 3rd Major Mobile OS

How KaiOS Is Becoming the 3rd Major Mobile OS

Sponsored by Brilliant. The first 200 get 20% off their subscriptions at http://brilliant.org/TechAltar Google has just invested $22 million into an operating system called KaiOS. Can it become the 3rd major mobile platform? (The Story Behind - Ep. 36) [[[ SOCIAL MEDIA ]]]: http://twitter.com/TechAltar http://instagram.com/TechAltar http://facebook.com/TechAltar [[[ MY VIDEO GEAR ]]]: https://kit.com/TechAltar/video-gear [[[ ATTRIBUTIONS ]]]: Music by Epidemic Sound: http://epidemicsound.com #TheStoryBehind #Analysis #KaiOS

4 месяцев назад
MCITP 70-640: Group Policy Restricted Groups

MCITP 70-640: Group Policy Restricted Groups

Restricted Groups allows the administrator to configure local groups on client computer. For example, you could add a helpdesk support group to all clients on your desktop. This video looks at how to configure local groups on your client computer using Group Policy rather than visiting each computer to make the changes. Download the PDF handout for this video from http://ITFreeTraining.com/handouts/70-640/part3/gprestrictedgroups.pdf A Common Problem Many companies want to give technicians administrator access to the clients they are supporting. The easiest way to do this is to add the technicians to the Domain Admins group, however this would give the technicians more access than they require. The best way to grant the technicians access to the client computers is to add the group to the local administrator group on the client computer. This way the technicians has only the access they required. This can be achieved manually or using scripts, however in a large environment you will want to use Group Policy to manage local groups as once setup, new computers are configured automatically. Demonstration To configure Restricted groups, go to the following settings, right click it an select add group. Computer Configuration\Polices\Windows Settings\Security Settings\Restricted Groups. There is two different procedures depending if you want to reset all the local group membership or if you want to add users or groups to what is already configured in the group. Resetting local group members Right click on Restricted groups and select the option add group. In this case enter in the local group that you want to reset. For example, administrators. In the next dialog, the top section says Members of this groups. Add whichever groups or users that you want to be a member of group. If you are resetting groups like the Administrators group, these groups may have members like Domain Admins, make sure you add these groups back in if you want to keep them. Note: The local administrator account will always be present, you cannot remove it. Adding to a local group Right click on Restricted groups and select the option add group. When asked to add a group when in the group that you want to add to local group. For example, ITFreeTraining\Helpdesk Administrators. In the next dialog, add the local group to the bottom part titled "This group is a member of". For example, to change the local administrators group add Administrators in the bottom part. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second Edition" pg 319-324

6 лет назад