Group Policy


  • Group Policy is a collection of settings which can be applied to computers and users.
  • With group policy administrator can centrally manage the computers and users.
  • Easer administration using group policy.

We can apply group policy by using this

  1. Organization Unites level group policy.
  2. Domain Level Group Policy
  3. Site Level Group Policy


1). Organization Units(OU ) level group policy:

 If we apply a Group  Policy on Sales OU, this group policy will affect sales OU users.

How to apply OU level group policy

  1. In Sys1 server login as administrator.
  2. Open the ADUC console create the same OU with user account Ex. sales OU-s1, s2 user account.
  3. Open the group policy management console.

           Expand Forest
                 ↳ Domain
                          ↳ Domain Name (preetam.com)
                       
              Right click on sales OU and click on GPO in this Domain 
              Policy name — Remove comp icon click ok.
       4. Right click on this policy and click on edit new windows.
     Expand the  User Configuration
                               ↳ Policies
                                     ↳ Administrator templets

select Desktop container
Right click on remove computer icon on Desktop and click on edit
select  enable and apply ok

verification

In System2 client computer login as  sales user-s1 and check the computer icon on the desktop— Deny

How to Restricting the drive by using Group Policy (C:/)

  1. In Sys1 server login as administrator open the group policy management console.
  2. Right click on sales OU and click on create GPO in this Domain.
  3. Policy name - Deny S: drive click on ok.
  4. Right click on this policy and click on edit
  5. new window

    6. Expand user configuration
                      ↳ policies
                         ↳ Administrative templets





  • Select Windows component container
  • Open file Explorer Container
  • Right click on prevent access to drive in my computer
  • click on edit
  • select  enable
  • Select restriction c: drive only, click apply and ok

    • Verification

    • In Sys2 Client computer login as a sales user 
    • try to access c:/ drive normal method or shortcut methode—Deny

    2). Domain level group policy:

    If apply a group policy preetam.com domain this group policy will affect only in on this domain users and administrators.

    Applying Domain level Group Policy

    1. In Sys1 DC  preetam.com domain login as administrator.
    2. Open the Group Policy management console right click on Domain name preetam.com
    3. create a GPO in this domain
    4. write GP name—Remove notepad
    5. right click on this policy and click on edit
    6. Expand user configeration—>policies—>Administrator-templets
    7. Select System container 
    8. right click on Don't Run specified windows application click on edit
    9. select Enable
    10. Click on the show tab (new window open).
    11. Type the application name in a shortcut with extension.
    12. notepad.exe  click OK, OK

    Verification

    In Sys2 Client Computer login as preetam.com Domain any user
    Ex. S1 try to access notepad application —Deny



    3). Site level group policy:

    If we apply a group policy at a site level, this group policy will affect all this forest domain users and administrator

    How to apply site level Group Policy

    1. In Sys1 server preetam.com domain login as an administrator
    2. open the group policy management console
    3. right click on Group Policies  Objects click on new
    4. Policy Name—Remove Run click ok
    5. Right click on Remove Run policy and 
    6. new window
    7. expand User Configuration —>Policies—>Administratic
    8. select start  menu and taskbar
    9. Right click on remove run menu 
    10. from start menu
    11. select run and enable click ok
    12. Right click on sites and click on show sites
    13. new window
    14. check the box default first site name and click ok
    15. Right click on default first site name and click on link existing GPO
    16. select Remove Run Policy and click on ok

    verification

    In Sys2 client Computer login as a preetam.com any forest domain user 
    ex. S1
    try to access Run —Deny

    How to Deny Existing GP to domain or User

    1. In Sys1 server Login as an administrator 
    2. Open the GPM console
    3. Expand the Domain Name
    4. Right click on existing group policy 
    5. Remove notepad and click edit
    6. click on Active on Action tab and click properties 
    7. select the security tab and click on add
    8. add the name administrator click ok, ok
    9. check the box apply GP Deny click apply and YES, OK

    Verification

    1. now log in as administrator and access notepad  application
    2. site level group policy if we apply a group policy at a site level, this forest domain users and administrator.

    BLOCK INHERITANCE

    Group Policy Modeling

    1. In DC login  as administrator open group policy management console
    2. right click on group policy modeling wizard
    3. next, next
    4. select the user and click on browse type the user name s1 and click on ok
    5. check to the skip to the final page 
    6. next, next, finish
    7. select details Tab (Close window)
    8. check all policies.

    Hierarchy of Group Policy


    Site- Forest—>Domain-preetam.com—>OU( Sales )—>s1,s2

    Comments

    Post a Comment

    Popular posts from this blog