Centralized enterprise management: Group Policy operations

Host and expert introduction guide_wendy_ms: Good afternoon! Guide_wendy_ms: Welcome to today's Microsoft technology chat. Guide_wendy_ms: today's topic is "centralized enterprise management method: Group Policy operations" guide_wendy_ms: the host is Wang Xi MVP. Guide_wendy_ms: Welcome, Wang Xi! Guide_wendy_ms: today's time ranges from two to three. A chat about Win2000 will be held from to. You are welcome to continue. Guide_wendy_ms: please continue to ask questions. Wangxi_mvp: Thank you for your participation. Please try your best to ask questions. I will try my best to answer these questions! Wangxi_mvp: it is not convenient to directly raise the problem, you can send it to the alric@winmag.com.cn my mailbox. Q: Can I ask if Microsoft has images for this course? [A] which class? [A] tech Ed has a CD, but this Q & A has no images. [Q] Can I introduce group policies first? I am not very familiar with the concept of group. [A] group policy functions are similar to NT4 system policies, but they are more powerful. [A] in simple terms, a set is made to affect a batch of objects (users and computers ). [Q] For example, do you not want to go to any website or access certain programs? [A] Some behaviors can be controlled, but not all. For example, you need to use a firewall, such as ISA, to access websites. [Q] Is there another question: If I want to install the same software for everyone, can I not set it on every machine? [A] Yes, it can be distributed directly through the Group Policy, but the client system must be at Win2k or later. [Q] if it is Win98, it won't work, because most of my departments in the current station are Win98! [A] 98 cannot be distributed directly through group policies, but it can be done using scripts or SMS. [A] In addition, you can download 98 Zak -- zero administratio. N kit on the Microsoft website to implement centralized management of some 98 jobs. [Q] Is there a group policy like this method for managing 98? [A] After 98 is added to the domain of NT4, it can be managed through system policies. [A] The function is much weaker than the Group Policy. [Q] I heard people say that the Group Policy actually manages the Registry. Is that true? [A] This is not the case. More than half of the group policies target the Registry. In fact, many of the policies are not related to the Registry. [A] such as application distribution. [A] The policies under the Administrative template in the Group Policy are about the registry. [Q] How can I immediately refresh the Group Policy on the client after the Group Policy is modified? [A] SeCEdit/refreshpolicy machine_policy can be used. [A] Or aecedit/refreshpolicy user_policy. [A] For an XP Client, use the gpupdate command. [A] However, some policy settings in this method cannot be refreshed, such as software distribution policies. [Q] Can I introduce an article? [A] It is recommended that you go to www.fullarmor.com for the Group Policy Article, which is good. [Q] What is a group policy? [A] Simply put, it is through a set to affect a batch of objects, like the system policy of NT? [Q] Are there any operation articles on group policies in Chinese? [A] The best article on group policy I have read is fullarmor. Other Chinese documents mainly refer to Microsoft's White Paper. [Q] event type: Error Event Source: userenv event type: None event ID: 1000 Date: 2002-9-27 event: 14:05:44 User: nt authority \ System Computer: policart description: A flag (17) is passed to the client extension security of the Group Policy, and the code of the failed status (3) is returned ). [A] You can check the event help or Microsoft website in the support tool. [Q] By the way, can I ask if there is any website for interpreting the error code in Chinese? [A] The best website I know is English. [Q] Let's talk about some of the benefits that we don't know about. Let's talk about some of the functions that he thinks are useful! [A] Many group policies have been set, and more than 700 rules have been added to XP, which may involve various aspects. [A] For example, software distribution, setting file system security, setting IPSec and IE, etc. [A] You can also set the client. [Q] group policies are too complex and it is not easy to use them. Can you tell me about the security group policy methods set in general enterprises? [A] Yes! Group Policy features are too powerful, and the mechanism is complex. It is not very convenient to manage in 2 K. [A] You can use rsop for troubleshooting and planning, and use the forthcoming gpmc for management. [Q] what is rsop? [A] a new tool in WindowsXP and. net, the Group Policy result set, can diagnose and simulate the final results of the Group Policy. [Q] Does the Domain Policy give priority to the local policy? [A] Yes, the execution sequence of group policies is lsdou, and the priority is the opposite unless other settings are made. [Q] I have more than 40 machines in a small domain in one of my departments and all systems. Now the primary PDC is NT4 and I want to create a new Win2000 domain. How can I solve this problem? Where can I start? [A] Are you planning to upgrade or re-create a Win2k midomian? [Q] Some people often upgrade Win2k to a domain controller. What is the cause of the inability to interact with each other when logging on? [A] After the upgrade, the computer is DC, and common users do not have local login permissions on the DC. [Q] unless other settings are set, what does it mean? [A] For example, if no override or block is implemented, the priority may change. [Q] What does DC mean? [A] ac-Domain Controller. Common users cannot log on to DC. [Q] When Will gpmc come out and be integrated into any software? [A] I demonstrated this tool in Beijing teched. It will be released after windows. NET is released, and a separate download version will be released. [A] Many management problems of Win2k group policies can be easily solved through it. [Q] If AC is a domain controller, does DC mean local? [A] Some of my input just now is abnormal. DC -- domain controller refers to the domain controller. [Q] I added a user to the Active Directory user and computer, but the same fault still occurred! [A] by default, the new user is a domian user without the login power on the DC. You can use the Group Policy to grant the user the permission. I will talk about how to do this: [a] On the ou of the domain controller, set a computer policy, set logon locally power in user power settings, and grant the User power. [Q] When does windows. Net come out? Can a separate gpmc be used on Windows server? What is the full name of gpmc? [A] gpmc: Group Policy Management Console, which can be used to manage domian of Win2k or. NET, but must run on XP or. NET Server. [A] That is to say, to use this tool, domain must have at least one XP or. NET Server. [Q] Can I add this user to the Domain Users Group? [A] It belongs to this group by default, this group does not have the local login power on the DC, so it should be granted to him. [A] If you just do experiments, instead of in the production environment, simply add it to the backup Administrator group. [Q] What permissions should I grant? [A] to have the logon locally power, assign it in the Group Policy just mentioned. [Q] Do xp have to be dc to run gpmc? [A] XP Pro and the latest hotfix are required. XP cannot be DC. [Q] Can a user in another NT4 domain also come to the login Win2000 new domain? [A] The logon location depends on the domain in which your account is located. [Q] Can I install two mail servers. One is used for work, and the other is used for synchronization, but I cannot implement it. I don't know why. [A] cluster can be considered. [Q] what is cluster? [A] cluster. [Q] How does one implement this through group policy? [A] This group policy cannot be implemented. We need to use Win2k Advanced Server. [Q] cluster can be implemented, and application center can be used for management. Could you tell me that wangxi can only implement the functions you mentioned through group policy instead of cluster? [A] group policies alone cannot do this. [Q] So I don't think we need to discuss the cluster problem here, because tppic is a group policy or GPO. [A] Thank you !! [Q] Although GPO is powerful, it is very troublesome to implement it. I don't know how you think about it? [A] Can I raise some questions? It would be much better if rsop and gpmc were used. [Q] what is rsop? [A] Resultant Set of Policy Group Policy result set. [Q] Although Microsoft's solutions (mainly for distributing policies in the domain structure) are very good and comprehensive, I have also done a lot of experiments, however, the general feeling is that there are not many applications in most enterprises or companies in China at the very moment. Does Microsoft have any specific method to promote the application of GPO in practice? [A] I personally feel that the reason for doing so is that Microsoft thinks that the powerful and flexible functions are more necessary for large enterprises. [Q] Is rsop a built-in function of windows. Net? [A] This tool already exists in XP Pro, but some functions (logging mode) are available ). [Q] Can GPO prevent employees from installing software or running programs at will? [A] is your company a domain? [A] Generally, users do not have the permission to install the domain. [Q] I have a very low level of people and I am still installing software. [A] technology is not omnipotent. Companies, leaders, and various parties must learn about centralized management, or these new technologies bring convenience while also bringing some discomfort. [Q] No way. You can only embed regulations into the system and enforce them. [A] I decided that the technology was designed to solve practical problems. In many places in China, there was no strong management requirement, or I did not think that centralized management was necessary. [Q] After Windows2000 pro is added to the domain, domain admin is automatically added to the local Admin group of w2k pro. Is the Group Policy Effect or is it automatically added to Windows2000? [A] This will happen when pro is added to the domain so that domian admin can choose to manage the client first. [Q] In wangxi, a customer said there was a problem when XP joined the domain two days ago. I have no test environment. Have you ever encountered any problem? [A] I haven't encountered any problems before joining, but it is true that XP is not supported well in Win2k's ground. It is better to have an account policy time approaching. [Q] alric@winmag.com.cn? Are you in MS? [A] I am not an MVP. Conclusion guide_wendy_ms: Hello everyone, this hour's chat is coming soon. From to, we have an hour to talk about Windows 2000. You are welcome to join us. Guide_wendy_ms: Thank you, Wang Xi! Wangxi_mvp: Thank you! Guide_wendy_ms: Thank you, Wang Xi. Today's chat is here. If you have more questions, welcome to the Microsoft Chinese news group. Guide_wendy_ms: the server is msnews.microsoft.com. Guide_wendy_ms: Thank you, Wang Xi. Goodbye! Wangxi_mvp: thanks is offline. Contact more! Wangxi_mvp: Goodbye!