Windows_learn 004 adds basic knowledge and Group Policy
Content Overview
AD DS (Active Directory Domain Service)
Check that ad DS is installed correctly
Create installation media (import domain data offline)
Usage rules for groups (p129)
Fourth. Using Group Policy to manage user work environment (p132)
Features of Group Policy
Group Policy is divided into two parts, computer Configuration and User Configuration.
Settings within Group Policy can be differentiated into policy settings and preference settings in two different ways
Application time limit for Group Policy (p138)
Rules for processing Group Policy
Using Group Policy to manage user environments (p167)
Security Options Policy (p176)
WMI Filter (p192)
AD DS (Active Directory Domain Service)
Container and Organization Units, OU
Domain Tree
Trust relationship
Forest
Schema
Domain Controller DC
Member Server
LDAP (Lightweight Directory Access Protocol)
DN (distinguish Name)
RDN (Relative distinguish Name)
GUID (Global Unique IDentifier)
UDN (User pricipal Name) Principal N. I, the protagonist
SPN (Service Principal Name)
Global Catalog GC
Site
Directory partition
Schema Directory Partition
Configuration Directory Partition
Domain Directory Partition
Application Directory Partition
RODC (Read only domain controller)
AD LDS (Active directory Lightweight Directory Services)
Active directory Database
Active Directory databases: used to store Active Directory objects
Log file: A change log used to store the Active Directory database,
This log can be used to recover the Active Directory database
Sysvol folder: Used to store shared folders (for example, files related to Group Policy)
Check that ad DS is installed correctly
Nslookup
Set Type=srv
_gc._tcp.mysky.com
Create installation media (import domain data offline)
Ntdsutil
Activate instance NTDS
Ifm
Create full PATH
Create full C:\installationMedia
Add multiple user accounts at once P119
Csvde.exe can be added but not modifiable
Ldifde.exe can be added or modified
Dsadd.exe Dsmod.exe Dsrm.exe You know
Group (p125)
Domain Local Group
Global Group
Universal Group
Windows built-in local domain group p127
Account Operators
Administrators
Backup Operators
Guests
Network Configuration Operators
Performance Monitor Users
Pre-Windows Compatible Access
Print Operators
Remote Desktop Users
Server Operators
Users
Windows built-in global groups
Domain Adminis
Domain Computers
Domain Controllers
Domain Users
Domain Guests
Windows built-in universal groups
Enterprise Admins
Schema Admins
Windows Special Group account
Everyone
Authenticated Users
Interactive
Network
Anonymous Logon
Dialup
Usage rules for groups (p129)
A, G, DL, P
A, G, G, DL, P
A, G, U, DL, P
A, G, G, U, DL, P
A:user Account
G:global Group
Dl:domain Local Group
U:universal Group
P:permission
Fourth. Using Group Policy to manage user work environment (p132)
Features of Group Policy
Settings for the account policy: such as setting the user's password length, age, lockout account, etc.
Settings for local Policies: such as assignment of user rights, security settings, etc.
Settings for Scripts (Scripts): Settings such as logon and logoff, startup and shutdown scripts
Settings for the user's work environment: such as hiding the user's desktop icon, removing the Start menu from running shutdown, etc.
Software Installation and removal: When a user logs on or when the computer starts, automatically installs, deletes, fixes software for it, etc.
Restricting the operation of the software: set the user to run only the specified software, or not to run the specified software
Folder Redirection: Change the location of folders such as files, Start menu, etc.
Restrict access to Removable storage devices: Used to prevent confidential documents within the enterprise from being easily taken away from the company
Many other system settings: such as allowing all computers to automatically specify the CA, limit the installation of device drivers, etc.
Group Policy is divided into two parts, computer Configuration and User Configuration.
Group Policy Application Scope
Sites site
Domains domain
Organizational Unit Organization Unite
A Group Policy object (a GPO)
Built-in GPOs
Default Domain Policy
Default Domain Controller Policy
Gpo
GPC (Group Policy Container) is stored in the ad's database, documenting the GPO properties and version
GPT (Group Policy Template) store GPO settings values and related files
Path in \sysvol\sysvol\ domain name \polities
Settings within Group Policy can be differentiated into policy settings and preference settings in two different ways
Only the Domain Group Policy has the preference setting feature, the local machine policy does not have this feature
Policy settings are mandatory settings clients cannot change after they apply these policies
The preferred setting is the default setting that the client can change itself
If both settings are configured with the same item, the policy setting takes precedence
To apply the preferred settings for client requirements Download the installation
(CSE, Client-side extension) KB943729 Wind7 already included
(XMLLite) Wind7 already included
Application time limit for Group Policy (p138)
Application time limit for computer Configuration
Automatically applied when the computer is powered on
The computer is powered on, and the system is automatically applied at regular intervals.
Domain controller: Default 5 minutes automatically applied once
Non-domain controllers: Apply every 90-120 minutes by default
The system is automatically applied every 16 hours regardless of whether the policy setting value is changed
User-configured application timelines
Users are automatically applied when they log on
User is logged in, the default is automatically applied every 90-120 minutes,
And the Security configuration policy is automatically applied every 16 hours regardless of the policy change
Manually apply: Open a Command Prompt window on a domain member computer to run
Gpupdate/target:user/force
Rules for processing Group Policy
General rules for inheritance and processing
When a parent container and a child container rule do not conflict, the child container inherits the rules of the container, such as the conflict nearest priority
Computer Configuration and User Configuration conflicts when Computer configuration is applied first
Apply Rule Order site GPOs--Domain GPOs--organizational unit GPOs
Exceptions for inheritance settings
Block Inheritance Policy
Enforce inheritance policy (enforcing inheritance)
Using Group Policy to manage user environments (p167)
User Rights Assignment Policy (p174)
Computer Configuration-->windows Settings--Security settings--Local Policies--User rights Assignment
Common Permissions Policy description
Allow log on locally allows user Ctrl+alt+delete login
Deny Log on locally deny
Add workstations to domain allows users to join computers
Shutdown The System allows users to shut down
Access This computer from the network
Deny This computer from the network
Force Shutdown from A Remote System
Backup Files and directories
Restore File and directories
Change the System time
Load and Unload Device Drivers
Take Ownership of Files Or other Objects
Security Options Policy (p176)
Computer Configuration-->windows Settings--Security settings--Local Policies--security options
Common Permissions Policy description
Interactive Logon:do not require Ctrl+alt+del
Interactive Logon:number of previous logons to cache local cache
Interactive Logon:do not display last user name
Shutdown:allow system to is shut down without have to log on
Logon, logoff, startup, shutdown scripts (p177)
Folder Redirection (p181)
That can be implemented to put a user's desktop files or some path to other servers
WMI Filter (p192)
This article is from the "Winthcloud" blog, make sure to keep this source http://winthcloud.blog.51cto.com/2180779/1915846
Windows_learn 004 adds basic knowledge and Group Policy