MCITP 70-640: Group Policy Software Install Demonstration

Описание

This video looks at how to install, upgrade and remove software using Group Policy. The video also looks at how to set up a software share to store the install files and how software can be assigned and published.

Download the PDF handout for this video from http://ITFreeTraining.com/handouts/70-640/part3/gpsoftwaredeployment.pdf

GP Software Deployment
Before software is installed using Group Policy a test is done to see how fast the connection is. By default, if the connection is less than 500Kbps per second it will be considered slow. Group Policy will not install software over a slow link due to the time it would take to transfer the install files over the network. If you want to change the speed in which Group Policy tests for a slow link, this can be done at the following location.
Computer Configuration\Policies\Administrative Templates\System\Group Policy\Group Policy Slow Link Detection

Demonstration
In order to install software using Group Policy, the install files must be able to be read by the computer applying the Group Policy. The install files can be on the local computer but it is generally easier to put them on a file share. To share a folder, open the properties for that folder and select the sharing tab. For installing software, you only need to ensure that the read access is configured.

The settings for software installation in Group Policy are found in both user and computer configuration. They are found under Polices\Software Settings\Software Installation
To set up a new software deployment. Right click Software Installation and select, "new package".

A dialog will appear giving you the following options: published, assigned or advanced. Published will be greyed out for computer configuration. If you choose published, some options may not be changeable later on so it is recommenced to choose Advanced so all options can be changed later.

There are many options that can be configured in the properties for the software install some are listed below.

Uninstall the application when it falls out of the scope of management: If this option is ticked, the software will be uninstalled automatically when the Group Policy is no longer being applied to that user or computer.
Modifications tab: This tab allows you to assign an MST file to the package. An MST file can be created
to configure options in the MSI package. The manufacture of the software may have released an application that will create an MST file. An example can be found for Acrobat Reader at the following address. http://www.adobe.com/support/downloads/detail.jsp?ftpID=4950
Upgrades tab: On this tab you can upgrade existing packages.

If software has been published, it can be installed by opening Programs and Features in the control panel and then selecting the option, "install a program from the network".

If you want to redeploy an application, this can be done by right clicking the application, selecting all tasks and then selecting the option, "Redeploy application". You can also remove the application from all tasks if you want to. If you remove the application, you will get the option to allow the users to continue using the package or to remove the package straight away.

See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube.

References
"MCTS 70-640 Configuring Windows Server 2008 Active Directory Second Edition" pg 353 -- 361
"Upgrade an application" http://technet.microsoft.com/en-us/library/cc783421(v=ws.10).aspx
"Specifying Group Policy for Slow Link Detection" http://technet.microsoft.com/en-us/library/cc781031(v=ws.10).aspx

MCITP 70-640: Group Policy Software Install Demonstration скачать видео - Download

Похожие видео

MCITP 70-640: AppLocker

MCITP 70-640: AppLocker

AppLocker allows the administrator to control which applications are run on the computers in your domain. Check out http://itfreetraining.com for more of our always free training videos. The rules Applocker uses allow the scope of an application to be defined, like particular versions or newer version or can be narrowed down to a single application. AppLocker AppLocker was first added in Windows 7 and Windows Server 2008 R2 as a replacement for software restriction policies. Software restriction did not have any wizards and thus is hard to configure. AppLocker adds a wizard and is much easier to configure than Software restriction policies. Since it is aimed towards business, it only works on Windows operating systems that were targeted for business. For the client operating systems these are Windows 7 Enterprise/Ultimate and Windows 8 Enterprise. For server operating system these are Windows Server 2008 R2 Standard/Enterprise/Datacenter and Windows Server 2012 Standard/Datacenter. AppLocker Features Applocker can be used to monitor and control software. When AppLocker is in audit mode it will only report which software is run. If you put AppLocker in enforce mode this will allow the administrator to control which software is run. This allows a company to standardize which software is run and can be a tool used for software conformance. AppLocker Rules In order for AppLocker to work out which software is allow to run and which software should be blocked, AppLocker supports 3 different types of rules. Publisher: This rule relies on the executable being digitally signed. This allows Windows to determine the Vendor, Software Title and version of the software. Publisher rules allow you to create a rule that can work with new software that was not released when the rule was created. Hash: A hash rule puts the file through a mathematical formula to determine a value. Each file should create a different hash value, kind of like a fingerprint. This rule type can only match that executable and thus does not account for new versions of the software. Path: This checks the location the file was run from. For example, if the executable is located in the Program Files directory. Demonstration AppLocker requires the Application Identity service to be running on the client. If this is not running or stopped, AppLokcer will stop working. This service can be configured in Group Policy at the following location to start automatically. Computer Configuration\Polices\Windows Settings\Security Setting\System Service\Application Identity AppLocker is configured in Group Policy at the following location. Computer Configuration\Polices\Windows Settings\Security Settings\Application Control Polices\AppLocker To configure the default properties for AppLocker, select the option "Configure rule enforcement". Rules can be applied to executable, Windows Installer files and scripts. Once you enable the ones you want you can select AppLocker to run in Audit mode or Enforce mode. AppLocker has the option to automatically create rules. This will examine the computer and create rules based on the executables found on it. This step can be run on any computer, this includes a computer that cannot run AppLocker. You are best to run this on a computer that has the software installed on it that you use in your company so AppLocker can create the correct rules. You can also create default rules which will be used if no other rule matches. Without any default rules, if no match is found with the existing rules the software will not be allow to run. This can prevent software in the operating system from running. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 361 - 362 "AppLocker" http://technet.microsoft.com/en-us/library/dd723678

6 лет назад
These Ancient Relics Are So Advanced They Shouldn't Exist...

These Ancient Relics Are So Advanced They Shouldn't Exist...

First 500 people get a free 2 month trial of Skillshare http://skl.sh/thoughty3 JOIN The PRIVATE Thoughty2 Club & Get Exclusive Perks! http://bit.ly/t2club SUBSCRIBE - New Video Every Two Weeks http://bit.ly/thoughty2 BECOME A PATRON and support Thoughty2: https://www.patreon.com/thoughty2 Thoughty2 Merchandise: https://shop.thoughty2.com/ Thoughty2 Facebook: http://bit.ly/thoughtyfb Thoughty2 Instagram: http://bit.ly/t2insta Thanks to The Patreon Research Team: David Davenport, Michael Mulligan, Jeff Li, Anais Namahoro, Noa

1 лет назад
RAID and Storage Solutions

RAID and Storage Solutions

This video will look at a number of different storage solutions. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. These include software and hardware based systems. A storage solution is a system that allows more drives to be combined together for performance or redundancy reasons. Download the PDF handout http://ITFreeTraining.com/handouts/se... What's in this video The following storage solutions will be looked at in this video. Software vs Hardware: The advantages to using hardware over a software solution. JBOD: Just a bunch of disks. Allows different sized drives to be combined together to form the one drive. Spanning: Allows multiple drives to be combined of different sizes. RAID: Redundant Array of Inexpensive Disks is a system that allows multiple drives to be combined to form the one drive. Windows Storage Spaces: This is a new system implemented in Windows Server 2012 that allows multiple drives to be combined together. Logical Volume Manager: Is an alternative storage system used by operating systems like Linux. Software vs Hardware Hardware based systems typically cost more than a software solution as software solutions usually come with the operating system free of charge. A lot of motherboards now come with free hardware based solutions. You will find that if you purchase a server this may come with some hardware based solutions. Some servers may require additional hardware in the server or a higher model may need to be purchased to gain access to some hardware based solutions. The biggest advantage of a hardware solutions is that the operating system sees the drive as a single physical drive. This means the operating system can be booted from this drive. Some software based solutions do not support booting of the operating system. Software solutions may also support some additional features not supported by hardware. For example a software based solutions may allow for multiple files containing the same data to use the same physical space on the drive. Enterprise hardware solutions will often offer additional features as well but do cost more. For example, enterprise hardware solutions will have a web interface allowing access to additional features. JBOD Just a Bunch of Disks allows multiple drives to be combined together. This includes different sized drives and different types. For example you could combine solid state drives and mechanical drives together. JBOD does not offer any performance increase and if one of the drives was to fail you would lose all the data on all the drives. Spanning Spanning is similar to JBOD however it combines free space on multiple drives together into the one drive. The advantage of spanning is that it allows space that may have otherwise been lost to be used. Spanning does not provide any speed advantages and also does not offer any redundancy. If a drive that is used in spanning was lost, then all the data in the spanned set would be lost. RAID Redundant Array of Inexpensive Disks is a system which allows multiple drives to be combined together to form the one drive. The drives need to be the same size in order to be used. If one drive is larger than the others, typically it still can be used, however the extra space will be left unused. Depending on which RAID solution is used will determine if there are any redundancy or speed advantages. The more expensive RAID solutions may allow drives to be added to the RAID, increasing the amount of space in the RAID. A lot of RAID solutions do not offer this feature and thus if you want to change the size of the RAID you need to destroy the RAID and recreate it. Description to long for YouTube. Please see the following link for the rest of the description. http://itfreetraining.com/server#stor... See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "Installing and Configuring Windows Server 2012 Exam Ref 70-410" pg 49-55 "RAID" http://en.wikipedia.org/wiki/RAID "Nested RAID levels" http://en.wikipedia.org/wiki/Nested_R... "Step-by-step for Storage Spaces Tiering in Windows Server 2012 R2" http://blogs.technet.com/b/josebda/ar... "Logical Volume Manager (Linux)" http://en.wikipedia.org/wiki/Logical_...)

5 лет назад
Deploying Microsoft LAPS (Local Administrator Password Solution)

Deploying Microsoft LAPS (Local Administrator Password Solution)

http://www.petenetlive.com/KB/Article/0001059.htm Deploying Microsoft LAPS (Local Administrator Password Solution)

4 лет назад
POP3 vs IMAP - What's the difference?

POP3 vs IMAP - What's the difference?

What is POP and IMAP? How does email work? This is an animated video explaining the difference between POP and IMAP. These are email protocols that are used to retrieve email from an email client, such as Microsoft Outlook. Should I choose POP or IMAP? Which one is better?

10 месяцев назад
Deploy Office 2010 with Group Policy

Deploy Office 2010 with Group Policy

http://www.petenetlive.com/KB/Article/0000464.htm - Deploy Office 2010 with Group Policy

8 лет назад
MCITP 70-640: Active Directory Under The Hood

MCITP 70-640: Active Directory Under The Hood

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. Active Directory utilizes two main standards. These are the X.500 standard and LDAP. This video looks at how the X.500 standard is used to store the Active Directory objects in the database. It also looks at how LDAP is used to access this data and the formatting LDAP uses. NTDS.DIT The Active Directory Database by default is stored in c:\windows\NTDS\ntds.dit. This file is based on the X.500 standard. Originally Active Directory was called NT Directory Services and this is where the file got its name. Each domain in Active Directory will have a separate database. Domain Controllers hold the copy of the database in the ntds.dit file and replicate changes to each other. If you have more than one domain, then each separate domain will have its own copy of the ntds.dit file. Organization Units In order to organize objects in Active Directory more easily, objects in Active Directory can be organized into Organization Units, also known as OUs. These OUs are like folders on your hard disk. LDAP Syntax LDAP uses a syntax that refers to the most significant part first followed by less significant or precise parts afterwards. This is the opposite of other systems, like filenames or paths. The main syntax of any LDAP command is like this example: CN=Joe, OU=Users, DC=ITFreeTraining, DC=Com. When an object can be defined uniquely, like in this example, it is called the distinguished name. Canonical Name (CN) This is the name of the object in Active Directory that you want to access. For example, if you wanted to access a user called Joe, you would use CN=Joe. Organization Unit (OU) Organization units in Active Directory are used to sort objects into different areas or folders. If you have multiple OUs, then start with the lowest in the tree and expand downwards. For example if a user was in Users\Acounts\Payable you would use OU=Users, OU=Accounts, OU=Payable. Domain Component (DC) This is the domain in which the object is located. For example DC=ITFreeTraining, DC=com.

7 лет назад
Installing Network Rack | Patch Panel | Switch | Fiber Cable | by Tech Guru Manjit

Installing Network Rack | Patch Panel | Switch | Fiber Cable | by Tech Guru Manjit

Installing Network Rack | Patch Panel | Switch | Fiber Cable | by Tech Guru Manjit In Tech Guru Manjit we are uploading videos on various topics like technical, motivational, travel guide etc. Request all our Subscriber & non Subscriber to see like and share our videos & if you have any idea or you need any other informational video us to make please drop us a mail at varioustyt@gmail.com Regards Tech Guru Manjit

2 лет назад
MCITP 70-640: Operation Master Roles

MCITP 70-640: Operation Master Roles

Active Directory has five operations master roles otherwise known as FSMO roles. Check out http://itfreetraining.com for more of our always free training videos. These roles are assigned to one Domain Controller to ensure changes happen in only one location at a time. This ensures that the Active Directory database is kept consistent. This video goes through the five operations master roles. At the forest level, there is the Schema Master and Domain Naming Master. At the domain level, the 3 other operational roles are Infrastructure Master, PDC Emulator and RID Master. Schema Master 01:32 Domain Naming Master 03:01 RID Master 03:53 PDC Emulator 07:06 Infrastructure Master 11:03 Schema Master (Forest Wide) The Schema Master determines the structure and thus what can be stored in Active Directory. It contains details of every object that can be created and the attributes for that object. For example, if you want to add an attribute to every user in the forest (such as a field with the user's pay grade in it), you would add an attribute to the schema to accommodate this change. It is important to think carefully before making changes to the schema as changes to the schema can't be reversed but they can be disabled. If you want to test changes to the schema, create a new forest and make your changes there so the production environment is not affected. Domain Naming Master (Forest Wide) The Domain Naming Master is responsible for ensuring that two domains in the forest do not have the same name. Relative ID Master (RID Master) This master role allocates RID pools. A RID is a sequential number that is added to the end of a SID. A SID, or security identifier, is required for every Active Directory object. An example of a SID is shown here: S-1-5-21-1345645567-543223678-2053447642-1340. The RID is the last part of the SID, in this case 1340. The RID Master allocates a pool or block of RIDs to a Domain Controller. The Domain Controller uses the RID pool when Active Directory objects are created. The Domain Controller will request a new RID pool before it runs out. However, keep in mind that if you create a lot of Active Directory objects at once, the RID Master will need to be online to allocate new RID pools. If the Domain Controller runs out of RIDs and can't contact the RID Master, no objects in Active Directory can be created on that Domain Controller. PDC (Primary Domain Controller) Emulator Originally the PDC Emulator provided a bridge between Windows NT4 Domain Controllers and Windows Server 2000 Domain Controllers. Even if you do not have any NT4 Domain Controllers on your network, it still provides some services. The PDC Emulator forms the root of the time sync hierarchy in your domain. All other Domain Controllers will sync their time from this Domain Controller. Your clients and servers will in turn sync their time from their local Domain Controller. You should configure the PDC to sync its time from an external time source to ensure that it is accurate. When a user enters in a wrong password, the PDC Emulator may be contacted to find out if this password is in fact an updated password. Password changes are replicated to the PDC Emulator first and thus it is considered the final authority on correct and incorrect passwords. The PDC Emulator is contacted when changes to DFS (Distributed File System) are made. This can be switched off if the load on the PDC Emulator becomes too great. Infrastructure Master The Infrastructure Master is responsible for ensuring that objects that use multiple domain references are kept up to date and consistent. When you are in a single domain you don't need to worry about this. In a multiple domain environment with Windows Server 2000/2003 Domain Controllers, you must ensure that the Domain Controller that is holding the Infrastructure Master role is not a Global Catalog Server or all of the Domain Controllers will be Global Catalog Servers. If the Domain Controller is a Global Catalog Server this can cause objects in the domain not to update correctly. If you only have Windows Server 2008 Domain Controllers, you don't need to worry about whether the Infrastructure Master is on a Global Catalog Server or not.

6 лет назад
Microsoft MCSA 2012 (70-410) - Overview of Group Policy

Microsoft MCSA 2012 (70-410) - Overview of Group Policy

http://www.howtonetwork.com/courses/microsoft/microsoft-mcsa-windows-server-2012/ - taster lesson from our MCSA course.

5 лет назад
MCITP 70-640: Group Policy Software Installation Introduction

MCITP 70-640: Group Policy Software Installation Introduction

This video will provide an introduction and explain the concepts to what can be achieved using Group Policy for installation and managing software. The next video will go through how to configure Group Policy to install and manage software in your organization. Deployment Solutions A deployment solution should manage software throughout the software cycle. The software cycle includes the install, maintenance and retirement of the software. Group Policy is a free software solution. Other solutions like Microsoft Center Configuration Manager offer more features; however, they also cost money. GPSI Group Policy Software Installation (GPSI) is the system that Group Policy uses to install software. Software can be deployed per user or per computer. No additional software is required other than a Domain Infrastructure. Assigning and Publishing Software can be deployed by assigning or publishing. Publishing is available only to user configuration. Assigning and publishing is available for both user and computer configuration. Publishing user: Software that is published needs to be installed by the user using the control panel. If the software supports it, the software can also be installed automatically if the user opens a file that is supported by that application. Publishing to the user also supports the ZAP file discussed later on. Assigning computer: Software assigned to the computer is automatically installed on the computer before the user logs in. Assigning User: Software that is assigned to the user is installed when the user launches the shortcut for that application. MSI Microsoft Software Installer (MSI) is a package format used by Windows Installer. It is essentially a database that defines how to install the software. It also includes information like what features and options are available when the software is installed. It is the primary format used to install software using Group Policy. MST Windows Installer transform (MST) is essentially a modification and answer file for an MSI package. Using an MST file, any changes to the MSI package can be applied. The advantage of this is that MST files are very small. By using an MST file, it is possible to make a completely automated software install and perform actions like adding additional shortcuts and deciding which features should be installed. The manufacturer of your software may provide an application to create these MST files. MSP This is a patch file that only contains updates. It requires the original MSI package to be installed on the computer in order for it to be used. For this reason, the MSP file is usually smaller than the original MSI file. ZAP A ZAP file is a text file that contains instructions on how to install the software. An example of a ZAP file is shown below. ZAP files do not support elevation and Windows will only attempt to run the install script once. Software can only be installed by a ZAP file by publishing it to the user. Lastly ZAP files do not support removing of the software via Group Policy. Zap file example [Application] FriendlyName = "Program" SetupCommand = "\\FileServer\Share\setup.exe" /q See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second Edition" pg 353 -- 360 "Windows Installer" http://en.wikipedia.org/wiki/Windows_Installer "ZAP File" http://en.wikipedia.org/wiki/ZAP_File

6 лет назад
MCTS 70-680: Event forwarding source initiated subscriptions

MCTS 70-680: Event forwarding source initiated subscriptions

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. This video looks at forwarding events from one computer to another using source initiated subscription. Source initiated subscription is when the computer that has events to transfer determines when to transfer these events to the collecting computer. The previous video looked at collector initiated subscription, which is when the collecting computer contacts the forwarding computer at regular intervals to see if it has events that it needs to transfer. Previous Video on event forwarding using collector initiated subscriptions http://www.youtube.com/watch?v=sZj_9e3AHFk Demo configuring the forwarding computer 01:56 Demo configuring the collector 05:24 Configuring the collector computer To configure the collector computer to receive events from the forwarding computer, run the following two commands: WinRM QuickConfig WECUtil QC Answer y to all the questions. WinRM will configure the WinRM service and the firewall. WECUtil will configure the service that is used to collect events sent from the forwarder. The next step is to configure a subscription on the collector computer. This is done inside the event viewer on the collector computer. Right click on subscriptions in the event viewer and select create subscription. Make sure that source computer initiated is selected. The rest of the options determine which events will be transferred from the forwarding computer. The subscription in this case acts like a filter determining which events to collect and which events to ignore. Configuring the forwarding computer Run the following command on the forwarding computer: WinRm QuickConfig Answer y to both questions. This will configure the service and also the firewall settings. Group Policy The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting: Computer configuration-Administrative templates-Windows components-Event forwarding-Configure the server address, refresh interval, and issue certificate authority of a target subscription manager. The syntax is as follows when using the default protocol HTTP and default port: Server=HTTP://FQDN Use the full URL when using HTTPS or different ports: Server=HTTPS://FQDN:5986/wsman/SubscriptionManager/WEC FQDN is the fully qualified domain name, for example, ITFreeTraining.com WECUtil command line WECutil supports a number of different command line options which are listed below. WECUtil ES Lists the subscriptions. The name of the subscription can be used in later commands. WECUtil GS (Subscription name) /f:XML This outputs the subscription configuration. If you want XML format add /f:XML. (Greater than sign) filename can also be added to direct the output to a file. WECUtil CS (Filename) This will create a new subscription using the configuration in the filename.

7 лет назад
Help Desk Course: Software Deployment SCCM

Help Desk Course: Software Deployment SCCM

Join 26,000+ IT Learners https://jobskillshare.org

5 лет назад
Windows Server 2012 R2 Deploying Software Over the Network

Windows Server 2012 R2 Deploying Software Over the Network

Ever wondered how to install software programs over the network/Internet? Well, using Windows Server 2012 R2 it can be done in a few minutes. The following video should show you how in less than five minutes. For more visit: http://www.windows10.ninja http://www.2012r2.com

4 лет назад
MCITP 70-640: Group Policy Optimization

MCITP 70-640: Group Policy Optimization

This video will look at how Group Policy is configured, how you can get consistent results and what you can do to force Group Policy to be applied rather than wait for the next refresh. Download the PDF handout for this video from http://ITFreeTraining.com/handouts/70-640/part3/gpoptimization.pdf In this video This video will look at the following: Group policy change process Forcing replication Settings to speed up the process Manually forcing an update The Group Policy Process By default, Group Policy Management Console (GPMC) will attempt to make changes on the Domain Controller holding the PDC Emulator role. By having administrators change Group Policy in this location helps prevent conflicts when multiple administrators make changes. To change the Domain Controller used, right click the domain in the GPMC and select the option change Domain Controller. Active Directory Replication A single Group Policy has two parts. One part is stored in Active Directory and the other part is file based and stored in the SysVol folder. In order to force a replication of Active Directory, open Active Directory Sites and Services and expand down until the connections are found under NTDS Settings folder. To force a replication, right click the connection you want to force the replication on and select replicate now. To force a replication from the command prompt, run the following command from the Domain Controller that you want to force to replicate. RepAdmin /Syncall If you experience problems with replication, you can check for replication problems using the command DCDiag. To replicate the SysVol, use the following commands depending on which replication your domain is using. FRS NTFRSUTL ForceRepl Computer /r SetName /p DNSName e.g. NTFRSUTL ForceRepl nydc3 /r "Domain System Volume (SYSVOL share)" /p londc2.ITFreeTraining.local DFSR DFSRDiag SyncNow /Partner:RemoteComptuer /RGName:Name /Time:Duration e.g. DFSRDiag SyncNow /Partner:londc2 /RGName:"Domain System Volume" Group Policy Problems Sometimes Group Policy may be applied on a computer before the networking on the computer has had a chance to start up. Certain group policy settings are applied at start up and when the user logs in. If this has already occurred, Group Policy will not be correctly applied until the next system reboot or login depending on the setting. To ensure time is allowed for the networking on the computer to start before Group Policy is applied, you can configure the following option. Computer Configuration\Polices\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon If you use groups with Group Policy this can delay Group Policy deployment. If the group membership is changed and replication has not occurred, Group Policy will be deployed based on the old group membership. To ensure the correct Group Policy settings are deployed, force a replication of Active Directory after group membership has changed. Group Policy Refresh By default, a Group Policy refresh will happen a 90 minutes with a 30 minutes random interval added. If you want to change the timing you can do so at the following locations for computers and Domain Controllers. Computer Configuration\Polices\Administrative Templates\System\Group Policy\Group Policy refresh interval for computers Computer Configuration\Polices\Administrative Templates\System\Group Policy\Group Policy refresh interval for domain controllers GPUpDate GPUpDate will trigger a background update of Group Policy. This will not download new Group Policy and will not apply settings in Group Policy that have changed. If you add the /force parameter, this will download Group Policy and reapply all Group Policy settings even if they have not changed. If you add /User or /Computer to GPUpDate, this will limit the update to the user or computer settings of Group Policy. If you add /Logoff or /Boot to GPUpDate, this will cause the computer to reboot or the user to be logged off if required. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 255 "Force Replication Between Domain Controllers" http://technet.microsoft.com/en-us/library/cc816926(v=ws.10).aspx "Repadmin /syncall" http://technet.microsoft.com/en-us/library/cc835086(v=ws.10).aspx

6 лет назад
MCITP 70-640: Troubleshooting Group Policy

MCITP 70-640: Troubleshooting Group Policy

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. This video will look at how to troubleshoot which setting in Group Policy are applied by using the internal modeling tools and Resultant Set of Policy (RSOP). RSOP is the actual settings that are applied to the computer taking into account factors like WMI filters and groups. Download the PDF handout for this video from http://ITFreeTraining.com/handouts/70-640/part3/gptroubleshooting.pdf Group Policy Results The actual settings that are applied to a computer using Group Policy can be affected by many different things. For example, security, groups and WMI filters. The actual settings that are applied to a computer are known as the Resultant Set of Policy (RSOP). Windows has a number of tools that can read the RSOP data stored on a computer to help you troubleshoot Group Policy. Requirements In order to use the tools in this video you need to be logged in as an administrator and running Windows XP or above. If you plan on using the RSOP tools from remote, the remote computer will need ports 135, 445 open. Also the computer will need the WMI service to be running. To get results for a particular user, the user will have needed to logon to that computer once. They do not need to be logged on the computer when the tools are being run. Demonstration Group Policy results When you open Group Policy Management there is a section called Group Policy Results. To start the wizard, right click on Group Policy Results and select the option Group Policy Results Wizard. The wizard can be run on the local computer or a remote computer. If the user that you want to run the wizard on does not appear in the wizard you will need to login into that computer using that user. The user must have logged into that computer at least once. Once the wizard is complete, it will show you all the Group Policy settings that have been applied to that computer for that user and also any Group Policy related events from the event logs. To connect to a remote computer, make sure the service WMI Performance Adapter is running and the firewall is configured. To configure the firewall, open Windows Firewall with Advanced Configuration and make sure the following settings are enabled in in-bound rules. Firewall Settings that need to be enabled Remote Event Log Management (NP-in) Remote Event Log Management (RPC) Remote Event Log Management (RPC-EPMAP) Windows Management Instrumentation (WMI-in) Group Policy Modeling The modeling wizard allows you to simulate changes in Group Policy and Active Directory without making any changes. For example, if you want to test the effects of moving a user to a different part of Active Directory will have on their Group Policy settings, you can do this without having to move the user account. Other options you can choose include slow network connection, loopback processing, Security Groups and which site to use. Group Policy modeling is available in the GPMC. All you need to do to use it is right click on Group Policy Modeling and select Group Policy Modeling Wizard. GPResult When run, this gives you information about which settings were applied to the computer. The command supports the following parameters. /r use the RSOP data on the computer to generate results. /v verbose mode which provides more information. /Scope User | Computer To limit the results to user or computer settings. /x Output the results to XML /h Output the results to HTML See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 303 - 307 "Configure Firewall Port Requirements for Group Policy" http://technet.microsoft.com/en-us/library/jj572986.aspx "Use Resultant Set of Policy to Manage Group Policy" http://technet.microsoft.com/en-us/library/cc754269.aspx Keywords: Group Policy, RSOP, Active Directory,70-640,MCITP,MCTS,ITFreeTraining

6 лет назад
Deploying Printers with GPO.mp4

Deploying Printers with GPO.mp4

This is a quick tutorial on setting up a print server on Windows Server 2008 R2, then deploying the printers with Group Policy. More information available on technet: http://technet.microsoft.com/en-us/library/cc753109(v=ws.10).aspx

7 лет назад
MCITP 70-640: Group Policy Introduction

MCITP 70-640: Group Policy Introduction

This video provides an overview of Group Policy. Explaining the basic of how Group Policy works and what can be achieved using Group Policy. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. Download the pdf handout for this video from http://ITFreeTraining.com/handouts/70-640/part3/gpintroduction.pdf What is Group Policy Group Policy is a system that allows central control of your client computers. Using Group Policy you can control the user experience. This includes configuring settings for the user and also settings that affect the computer as a whole. Group Policy can also be used to deploy and configure software. Text Based Config Files Before systems like Group Policy were developed, settings were often kept in text files like ini files. In order to make changes to the ini file, software would rewrite the whole file each time a change was made. Text files were not designed for multiple user environments and don't support rolling back of changes. Registry Microsoft introduced the registry to replace text files like ini files. Editing a single value in the registry is a lot easier than editing a single value in a text file. The problem with the registry is that once a change is made, the changes are permanent until overwritten by another value. Group Policy Group Policy allows changes to be rolled back when they no longer apply. This means that the effects of Group Policy will be reversed when they no longer are being applied. This means users and computers can be moved around Active Directory and thus the Group Policy for these objects may change. Since Group Policy reverses any previously made changes, the administrator does not need to worry about what settings were previously applied. Group Policy Mechanics Group Policy is created and stored on a Domain Controller. Group Policy is downloaded from the Domain Controller to the local computer and applied. For this reason Group Policy is a client driven technology. It is up to the client to download Group Policy and apply it. Group Policy is applied by Client Side Extensions (CSE). Each operating system improves and adds CSE's, meaning new clients can process some Group Policy settings that the older clients may not be able to process. For a list of all the CSE's installed on a system, refer the following registry setting. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions Group Policy Example A single Group Policy is divided in two parts called Computer Configuration and User Configuration. Settings that are configured under computer configuration affect the whole computer. Settings configured under user configuration affect only the user that is currently logged in. The user and computer configuration is divided into two parts called Polices and Preferences. Preferences was a late edition to Windows Server 2008. Microsoft purchased another product called Policy Maker and added this product to Group Policy. The essential different between the two is that Group Policy is mandatory while preferences can often be overwritten by the user. Polices are divide into 3 parts, Software settings, Windows Settings and Administrative Templates. Software settings, like installations, are done in here. Windows Settings are more broad stroke settings having an effect on how the computer operates at a low level rather than specific functions. Administrative templates contain the bulk of the Group Policy settings. Summary Group Policy settings are stored in Active Directory. They are client driven and thus the client is responsible for downloading the group Policy settings and applying them. Group Policy settings are applied to the client by software called client side extensions. If a particular Group Policy settings require a particular client side extension and if that client side extension is not available, the Group policy settings will not be applied to that computer or user. Group Policy itself is divided primarily into two halves, user configuration and computer configuration. Computer configuration is applied when the computer starts up, while user configuration is applied when the user logs into the computer. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second Edition" pg. 250-251, 254 "Group Policy "http://en.wikipedia.org/wiki/Group_Policy

6 лет назад
Setup BGINFO via GPO on all your Servers

Setup BGINFO via GPO on all your Servers

In this tutorial, I'll be walking through the process of creating a Group Policy Object pushes the Bginfo executable and settings file to servers or workstations in an Organizational Unit. Bginfo is a free tool by sysinternals that gathers system information and displays that info on the desktop background of a server or workstation. It can be a helpful resource when remotely administering multiple servers.

5 лет назад
MCITP 70-640:Organizational Unit & Shadow Groups

MCITP 70-640:Organizational Unit & Shadow Groups

Organizational Units (OU) allow you to divide up objects in Active Directory into different locations, the same way that you would organize files into folders on your hard disk. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. Since OU's cannot be used directly in security, a shadow group can be created with the object inside that OU. This shadow group can be used in security. This videos looks at how to create OU's and use shadow groups. Organizational Units Like the folders on your hard disk, Organizational Units allows Active Directory objects to be organized into separate folders. Most administrators will create an OU hierarchy that matches their company layout. A common layout out is geographical, department and than computers. Group Policy is applied to Organizational Units and thus places users and computers into separate OU's can be beneficial when using Group Policy. Shadow Groups A shadow group is a regular Active Directory group that contains the objects under an Organizational Unit. Since a shadow group is a regular group it can be used for security, for example it can be used to assign NTFS permissions in a folder. A Shadow group effectively bridges the gap between not being able to use a OU with security. A shadow group needs to be manually updated or updates performed using a script. There is no automated method in Windows to do this. An example script to keep shadow groups up to date can be found in Administration Resource Kit: Productivity Solutions for IT Professionals by Dan Holme (Microsoft Press, 2008). None Microsoft version http://www.sole.dk/active-directory-s... Default OU When you promote your first Domain Controller and thus create your Active Directory environment, a number of OU's are created automatically. These default OU cannot be deleted. Also these OU's can't have Group Policy applied to them expect for the Domain Controllers OU which can have Group Policy applied to it. Builtin: When a server is promoted to a Domain Controller it local user database is no longer accessible. To make up for this, any users accounts that exist in Builtin are shared between all Domain Controllers. Users: This is the default location for user accounts when a location is given. In most case, when creating a new user the administrator will decide which OU the user account will be created in. Computers: This is the default location for computer accounts. When a computer is added to the Domain, the computer account for this computer is placed in this OU. Since Group Policy cannot be applied to this OU, and administrator will normal move computer accounts of the Computer OU to another OU. Domain Controllers: This OU contains all the computer accounts for the Domain Controllers in your domain. Unlike the other OU's, Group Policy can be applied to this OU. By default, the Default Domain Controller Group Policy is applied to this OU. Demonstration To perform administration of your OU's this can be done using the Active Directory Users and Computers tools. To create an OU, right click where you want it created, select new and than select new Organizational Unit. When creating the Organizational Unit, you have the option to protect the container from accidental deletion. In the properties of the OU, there are a lot of settings that can be configured. In a lot of case the information is informational only but does help. What is an Organizational unit? An organizational unit is effectively a container for storing Active Directory objects. What is the difference between an OU and a group? An OU is essentially used for Group Policy and delegation besides providing an infrastructure to sort and organize objects in Active Directory. Since an Active Directory object can only exist in one location at one time, OU's are limited to what they can achieve. A group is contains objects from anywhere in the domain. The main different is that a group can contain an object that is used in anther group. For example, a user that travels between New York and Washington Offices could not be a member of a multiple OU's, however they could be a member of two groups called New_York_Users and Washington_users. With this extra flexibility that groups offer, group can be applied to resources like NTFS permissions which OU's cannot. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory" pg 11 46-48 "Organizational Units " http://technet.microsoft.com/en-us/li... "Organizational Unit" http://en.wikipedia.org/wiki/Organiza...

6 лет назад
WSUS

WSUS

WSUS or Windows Server Update Services allows you to manage Microsoft updates on your network. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. This includes the deployment and also administration. Having a carefully place WSUS server on your network can significantly reduce the number of downloads going across your WAN networks and thus improve the overall performance of your network.

7 лет назад
Deploy Adobe Reader using Domain Group Policy

Deploy Adobe Reader using Domain Group Policy

This tutorial shows in detail how to deploy an automated Adobe Reader installation via GPO in a domain. Links: Page with 'direct download link' - http://helpx.adobe.com/acrobat/kb/quick-fix-install-download-reader.html Adobe X Customization Wizard - http://www.adobe.com/support/downloads/detail.jsp?ftpID=4950

7 лет назад
Installing & Configuring Active Directory - Windows Server 2008 R2

Installing & Configuring Active Directory - Windows Server 2008 R2

This video is a step by step guide demonstrating how to install and configure Active Directory Domain Services (ADDS) with Windows Server 2008 R2 to create a Domain Controller. A Domain Controller allows a network to be managed centrally from a single secure location.

5 лет назад
MCITP 70-640: Group Policy New Features

MCITP 70-640: Group Policy New Features

This video looks at the new features in Group Policy that are available in Windows Server 2008 and Windows Server 2008 R2. Download the pdf handout for this video from http://ITFreeTraining.com/Handouts/70-640/Part3/GPNewFeatures.pdf Download subtitles. Can be enabled in the video. http://ITFreeTraining.com/Handouts/70-640/GPNewFeatures.srt New Features Windows Server 2008 adds the following features: comments, Starter Group Policy Objects, integration with Network Location Awareness, Preferences, and the new ADMX format. Windows Server 2008 R2 adds the ability for Group Policy to be administered from PowerShell. Group Policy Comments All Group Policy settings allow comments to be added. Comments allow an administrator to leave a comment for all Group Policy settings which help other administrators understand why the Group Policy was configured the way it was. Starter Group Policy Objects Starter Group Policy Objects is essentially a template. Once you create a Starter Group Policy Object you can copy this to a new Group Policy. Since part of Group Policy is called Administrative Templates this is probably why Microsoft uses the name Starter Group Policy Objects rather than calling it a template. The limitation with Starter Group Policy Objects is that they can only be used to configure Administrative Templates. Network Location Awareness Group Policy now integrates with the Network Awareness Services. This means that when a network becomes available, for example a VPN connection is established, a wireless network becoming available, or simply a network cable being plugged in, Group Policy will check for updates on the network. Previously Group Policy would only check at certain intervals and if the network was not available when it checked, then Group Policy may never be updated. Preferences Preferences was a 3rd party product that was integrated in Windows Server 2008 just before release. It adds a lot of flexibility to Group Policy allowing an administrator to configure settings like printers and drive mapping. Unlike Group Policy, the user is free to overwrite or delete what has been configured, however Preferences will attempt to reapply the settings at the next Group Policy Refresh. This means the user can remove settings like a mapped drive and replace it with another mapped drive if they wish. The major feature with Group Policy is that it allows targeting to particular groups, computer types, software, and hardware, just to name a few. PowerShell If you are running Windows Server 2008 R2 or Windows 7, you can perform Group Policy administration from PowerShell. Many functions are included like managing Group Policy settings and creating starter GPO's. ADM File The ADM file was used with Group Policy before Windows Server 2008 was released. The ADM file contains all the settings that are found under Administrative Templates. Each time a new Group Policy is created, the settings for the Group Policy is stored in the SysVol share. The ADM file is also stored with the Group Policy setting. This means that Group Policy using the ADM does not scale well as it makes the SysVol share very large. Also once a Group Policy is created it is linked to the one ADM file. The ADM file only supports one language so if multiple administrators were working on the same Group Policy one language would need to be agreed between all administrators. ADMX File The ADMX file replaces the old ADM file. It was first introduced in Windows Server 2008, however if you download the latest Group Policy Management software you can use the ADMX files in early Windows Servers. ADMX is an XML based format making it easy to edit. ADM is an in-house format so it is not as easy to work with as XML files are. The format is made up of two parts. The ADMX file defines the Group Policy settings. The ADML file contains the language to be used with the file. This means the ADMX file can easily be used with any language assuming an ADML file for the language exists. Both ADM and ADMX output the same files so regardless which format is used, they will be compatible with old and new clients. Please see http://itfreetraining.com/70-640/group-policy-new-features for the rest of the description References "Administrative Templates (ADMX) for Windows Server 2008 R2 and Windows 7" http://www.microsoft.com/en-au/download/details.aspx?id=6243 "What is an ADMX File?" http://pcsupport.about.com/od/fileextensions/f/admxfile.htm "How to Write a Simple .Adm File for Registry-based Group Policy" http://en.wikipedia.org/wiki/Administrative_Template "Group Policy" http://technet.microsoft.com/en-us/library/cc725828(v=ws.10).aspx "What's New in Group Policy" http://technet.microsoft.com/en-us/library/dd367853(v=ws.10).aspx

6 лет назад
Tutorial - How To Deploy Printers To Specific Users/Groups Using Active Directory Group Policy

Tutorial - How To Deploy Printers To Specific Users/Groups Using Active Directory Group Policy

In this tutorial video we are going to go through the steps necessary to deploy printers in an Active Directory, targeting specific users/groups for specific printers. Step-by-step instructions with screenshots of the entire process are available here: http://wp.me/p3okOp-gM Music from bensound.com http://www.bensound.com/royalty-free-music

3 лет назад
AppLocker to block programs in Windows 7

AppLocker to block programs in Windows 7

AppLocker will block applications from running based on the descriptor. You can block programs by publisher, path, version, file name, publisher description or even hash. This feature is only available in Windows 7 and Microsoft Windows Server 2008 R2. While it can be used on an active directory domain, I use local group policy. You can also create exceptions to allow some programs through the rules. AppLocker is a feature introduced that plays of the old hash rules to block programs. Providing training Videos since last Tuesday http://www.technoblogical.com Thanks for Watching!

7 лет назад
Group Policy (Part 1 of 4) - Basic Settings and Auditing

Group Policy (Part 1 of 4) - Basic Settings and Auditing

Group Policy (Part 1 of 4) - Group Policy Overview, Basic Group Policy Settings and Auditing

7 лет назад
Windows Server 2008: install software through Active Directory's group policy

Windows Server 2008: install software through Active Directory's group policy

This is a video about how to install software through group policy. I install Firefox 3.0 through a MSI (Microsoft Installer Package) that is accessible through a local share. To do this it requires a GPO (group policy object) be applied on the domain (Server with active directory). You may assign the program to specific users or computers so that it will be installed. You can also publish the software so that the user may decide to install the software. You can do this on Server 2008 domain controller and Windows 7, but it also available for 2003, 2000, XP, or Vista. Providing training videos since last Tuesday. http://www.technoblogical.com Thanks for watching.

9 лет назад
Windows Azure Active Directory in plain English

Windows Azure Active Directory in plain English

Windows Azure Active Directory is described in cartoon format in this video. It's an easy to follow sketch of all the major pieces with explanation on how they can be used to acheive perfect interoperability even with non-Microsoft technologies. It also describes the differences between Windows Azure Active Directory and Windows Server Active Directory. src: http://bit.ly/1aJp4Ot

5 лет назад
Server Basics (5) | Deploy Wallpaper Using GPO (Group Policy)

Server Basics (5) | Deploy Wallpaper Using GPO (Group Policy)

How to configure group policy to force users to use a certain wallpaper when they login. This is just a basic example, more detailed (advanced) group policy stuff will be coming. This tutorial can also be found at: http://bit.ly/1RakLGC Server Basics Playlist: http://bit.ly/1R8YnXX Subscribe for more videos: http://bit.ly/1La0Chu -- PC-Addicts Website: http://pc-addicts.com PC-Addicts FaceBook Page: http://bit.ly/1TDJ6oX PC-Addicts Twitter: http://bit.ly/1StCtDY PC-Addicts Google+ Community Page: http://bit.ly/21gyYkF PC-Addicts on Pinterest: http://bit.ly/1QFmjmq Music From: http://BeatsRoyaltyFree.com

8 лет назад