You are previewing Group Policy: Fundamentals, Security, and the Managed Desktop, 2nd Edition.
O'Reilly logo
Group Policy: Fundamentals, Security, and the Managed Desktop, 2nd Edition

Book Description

The Ultimate Book on Group Policy

Freshly updated to include Windows 7, Windows 8 and Windows Server 2012, Group Policy: Fundamentals, Security, and the Managed Desktop, Second Edition is the book for learning everything you need to know about Group Policy, no matter which version of Windows you use. Microsoft Group Policy MVP Jeremy Moskowitz covers it all—major Group Policy categories, what Windows 8 and Windows Server 2012 bring to the table, and smart ways to tackle tough desktop management problems. Topics include troubleshooting, security, scripting, using Windows PowerShell when necessary, and much more.

Inside this book, you'll learn to:

  • Master all Group Policy functions of Windows, including Windows XP through Windows 8 and Windows Server 2003 through Windows Server 2012

  • Enhance your Group Policy reach with the Group Policy Preferences, ADMX files, and additional add-ons

  • Use every feature of the GPMC and become a top-notch administrator

  • Troubleshoot Group Policy using tools, logs, Resource Kit utilities, Registry hacks, and third-party tools

  • Manage printers, restrict hardware, and configure Internet Explorer

  • Deploy software to your desktops, set up roaming profiles, and configure Offline Files for all your Windows clients—and manage it all with Group Policy settings

  • Secure your desktops and servers with AppLocker, Windows Firewall with Advanced Security, and the Security Configuration Manager

  • Download bonus chapters and:

  • Script complex GPMC operations with PowerShell, including linking, backup, restore, permissions changes, and more

  • Create a "change management" system with Advanced Group Policy Management (AGPM v4)

  • Understand Windows Intune service and its relationship to Group Policy

  • Coverage Includes:

    Updated GPMC

    New Windows 8 GPMC Features

    ADMX/ADML Files

    Group Policy Preferences

    Item-Level Targeting

    The Central Store


    Fine-Grained Password Policy

    Offline Files Updates

    Inheritance Blocking



    Loopback Policy Processing

    Security Policy Processing


    WMI Filters

    Third-Party Tools

    Cross-Forest Trusts




    Advanced Logging and Troubleshooting

    Advanced Auditing Controls

    Group Policy and VDI

    Security Configuration Manager

    Windows Intune

    Note: The ebook version does not provide access to the companion files.

    Table of Contents

    1. Cover
    2. Acknowledgments
    3. About the Author
    4. Introduction
    5. Chapter 1: Group Policy Essentials
      1. Getting Ready to Use This Book
      2. Getting Started with Group Policy
      3. Active Directory and Local Group Policy
      4. An Example of Group Policy Application
      5. Examining the Resultant Set of Policy
      6. Group Policy, Active Directory, and the GPMC
      7. Group Policy 101 and Active Directory
      8. Our Own Group Policy Examples
    6. Chapter 2: Managing Group Policy with the GPMC
      1. Common Procedures with the GPMC
      2. Security Filtering and Delegation with the GPMC
      3. Performing RSoP Calculations with the GPMC
      4. Searching and Commenting Group Policy Objects and Policy Settings
      5. Starter GPOs
      6. Back Up and Restore for Group Policy
      7. Migrating Group Policy Objects between Domains
      8. GPMC At-a-Glance Icon View
    7. Chapter 3: Group Policy Processing Behavior Essentials
      1. Group Policy Processing Principles
      2. Policy Application via Remote Access, Slow Links, and after Hibernation
      3. Using Group Policy to Affect Group Policy
    8. Chapter 4: Advanced Group Policy Processing
      1. WMI Filters: Fine-Tuning When and Where Group Policy Applies
      2. Group Policy Loopback Processing
      3. Group Policy with Cross-Forest Trusts
    9. Chapter 5: Group Policy Preferences
      1. Powers of the Group Policy Preferences
      2. Group Policy Preferences Concepts
      3. Group Policy Preferences Tips, Tricks, and Troubleshooting
    10. Chapter 6: Managing Applications and Settings Using Group Policy
      1. Administrative Templates: A History and Policy vs. Preferences
      2. ADM vs. ADMX and ADML Files
      3. ADMX and ADML Files: What They Do and the Problems They Solve
      4. The Central Store
      5. Creating and Editing GPOs in a Mixed Environment
      6. ADM and ADMX Templates from Other Sources
      7. ADMX Migrator and ADMX Editor Tools
      8. PolicyPak Community Edition and PolicyPak Professional
    11. Chapter 7: Troubleshooting Group Policy
      1. Under the Hood of Group Policy
      2. The Birth, Life, and Death of a GPO
      3. How Client Systems Get Group Policy Objects
      4. Why Isn’t Group Policy Applying?
      5. Client-Side Troubleshooting
      6. Advanced Group Policy Troubleshooting with Log Files
    12. Chapter 8: Implementing Security with Group Policy
      1. The Two Default Group Policy Objects
      2. The Strange Life of Password Policy
      3. Inside Auditing with and without Group Policy
      4. Restricted Groups
      5. Restrict Software: Software Restriction Policy and AppLocker
      6. Controlling User Account Control with Group Policy
      7. Wireless (802.3) and Wired Network (802.11) Policies
      8. Configuring Windows Firewall with Group Policy
    13. Chapter 9: Profiles: Local, Roaming, and Mandatory
      1. What Is a User Profile?
      2. Roaming Profiles
      3. Mandatory Profiles
    14. Chapter 10: Implementing a Managed Desktop, Part 1: Redirected Folders, Offline Files, and the Synchronization Manager
      1. Overview of Change and Configuration Management
      2. Redirected Folders
      3. Offline Files and Synchronization
      4. Using Folder Redirection and Offline Files over Slow Links
    15. Chapter 11: The Managed Desktop, Part 2: Software Deployment via Group Policy
      1. Group Policy Software Installation (GPSI) Overview
      2. Assigning and Publishing Applications
      3. Advanced Published or Assigned
      4. Default Group Policy Software Installation Properties
      5. Removing Applications
      6. Using Group Policy Software Installation over Slow Links
      7. MSI, the Windows Installer and Group Policy
      8. Deploying Office 2010 and Office 2013 Using Group Policy
      9. Systems Center Configuration Manager vs. Group Policy
    16. Chapter 12: Finishing Touches with Group Policy: Scripts, Internet Explorer, Hardware Control, and Printer Deployment
      1. Scripts: Logon, Logoff, Startup, and Shutdown
      2. Managing Internet Explorer with Group Policy
      3. Restricting Access to Hardware via Group Policy
      4. Assigning Printers via Group Policy
    17. Appendix A: Group Policy and VDI
      1. Why Is VDI Different?
      2. Tuning Your Images for VDI
      3. Group Policy Tweaks for Fast VDI Video
    18. Appendix B: Security Configuration Manager
      1. SCM: Installation
      2. LocalGPO Tool
    19. Appendix C: Windows Intune (And What It Means to Group Policy Admins)
      1. Getting Started with Windows Intune
      2. Windows Intune and Group Policy Conflicts
    20. Index