Windows Server 2008 R2 : Administering group policy (part 2) - Creating and managing Group Policy Objects, Troubleshooting Group Policy

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

2. Creating and managing Group Policy Objects

GPOs are created using the Group Policy Management console in Server Manager. To create a new GPO, perform the following tasks:

  1. Log on to a DC and open Server Manager.

  2. Expand the nodes Features | Group Policy Management | <your forest name> | Domains | <your domain name>.

  3. Right-click an OU where you want to create a new GPO and select the option Create a GPO in this domain and link it here. Optionally, you could right-click on the Domain itself if you wanted to assign the GPO to the entire domain.

  4. Enter a name that describes the use of this policy. For example, HR Computer Policy. The new policy will appear under the OU you selected to apply it to (see Figure 2).


    Figure 2. Editing a new GPO.

  5. Right-click on the newly created policy and select Edit.

  6. The GPO management editor window will open. Here, you can configure specific settings for users and computers. In our example, we will configure the HR GPO to turn on branch cache as seen in Figure 3. After editing the setting, close the GPO management editor window.


    Figure 3 Editing GPO Settings.

  7. The new GPO will now apply to all computers in the HR OU as seen in Figure 4.


    Figure 4 Newly created and applied GPO.

We will now assume that we have a VPs OU that we want to be sure they do not get the new settings. To prevent them from having the GPO applied, we need to block inheritance. By blocking inheritance, we tell the OU to not apply any parent GPOs. To block inheritance to the VPs child OU, right-click the OU and select the option Block Inheritance. You should now notice that a blue exclamation appears over the OU as seen in Figure 5.


Figure 5 Organizational Unit Blocking Inheritance.

3. Troubleshooting Group Policy

Group Policy can be one of the toughest technologies to troubleshoot in an AD deployment. Luckily, Microsoft has provided some good tools to assist with troubleshooting issues.


GPUDATE and GPRESULT are two command-line utilities you can run from a machine to perform a group policy update or display the results of the currently applied GPOs.

  • GPUPDATE can be used to update the current computer's Group Policy Settings. By issuing the/force parameter, GPUDATE will force a fresh push of policies down to the specific user and computer.

  • GPRESULT can be used to display currently applied GPOs and those that have been filtered out due to security settings or other configurations. If you do not see changes taking effect after creating a new GPO, run GPRESULT from the machine or user the policy is applied to. If it does not show up as applied, then you need to troubleshoot possible security misconfigurations on the GPO.

Resultant Set of Policies and modeling tools

The Resultant Set of Policies (RSOP) can be used to help iron out GPO conflicts. The RSOP will take a specific user and computer choice and will provide a report of what policies will be applied if the selected user logs on to the selected computer. RSOP can be very powerful in verifying your GPO configuration as well as troubleshooting issues.

The Modeling tool is helpful when you are still planning your GPOs. The modeling tool allows you to walk through “whatif” scenarios for deploying Group Policy. This tool is very useful when blocking inheritance and enforcing GPOs.

Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
- Messages forwarded by Outlook rule go nowhere
- Create and Deploy Windows 7 Image
- How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
- Creating and using an unencrypted cookie in ASP.NET
- Directories
- Poor Performance on Sharepoint 2010 Server
- SBS 2008 ~ The e-mail alias already exists...
- Public to Private IP - DNS Changes
- Send Email from Winform application
- How to create a .mdb file from ms sql server database.......
programming4us programming4us