Файловый архив студентов. Файловый архив студентов.
1261 вуз, 4609 предмет.
/ Регистрация
FAQ Обратная связь Вопросы и предложения
Добавил:
Upload Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз:
Алматинский университет энергетики и связи
Предмет:
[НЕСОРТИРОВАННОЕ]
Файл:

20411B-ENU-TrainerHandbook

.pdf
Скачиваний:
237
Добавлен:
01.05.2015
Размер:
16.48 Mб
Скачать

 

 

Administering Windows Server® 2012

 

MCT

 

 

6-13

 

When you configure a new preference, you can perform the following four basic actions:

 

 

 

Create. Create a new preference setting for the user or computer.

 

USE

Delete. Remove an existing preference setting for the user or computer.

 

Replace. Delete and recreate a preference setting for the user or computer. The result is that Group

 

 

 

Policy preferences replace all existing settings and files associated with the preference item.

 

 

 

Update. Modify an existing preference setting for the user or computer.

 

.ONLY

Comparing Group Policy Preferences and GPO Settings

 

 

 

 

Preferences are similar to policies in that they

 

 

 

 

 

 

 

 

apply configurations to the user or computer.

 

 

 

 

However, there are several differences in the way

 

 

 

 

that you can configure and apply them. One of

 

 

 

 

these differences is that preferences are not

 

 

STUDENT

enforced. However, you can configure preferences

 

 

 

 

 

 

to be reapplied automatically.

 

 

 

 

The following is a list of other differences between

 

 

 

 

Group Policy settings and preferences:

 

 

 

 

• Preference settings are not enforced.

 

 

 

 

• Group Policy settings disable the user

 

 

 

 

 

 

 

 

 

interface for settings that the policy manages. Preferences do not do this.

 

 

 

• Group Policy settings are applied at regular intervals. You can apply preferences once only or at

 

 

 

 

intervals.

 

 

 

• The end user can change any preference setting that is applied through Group Policy, but policy

 

 

 

 

settings prevent users from changing them.

 

USE

In some cases, you can configure the same settings through a policy setting as well as a preference

 

 

 

item. If conflicting preference and Group Policy settings are configured and applied to the same

 

 

 

 

object, the value of the policy setting always applies.

 

 

 

Features of Group Policy Preferences

 

PROHIBITED

After you create a Group Policy preference,

 

 

 

 

 

 

you must configure its properties. Different

 

 

 

 

preferences will require different input

 

 

 

 

information. For example, shortcut preferences

 

 

 

 

require target paths, whereas environment

 

 

 

 

variables require variable types and values.

 

 

 

 

Preferences also provide a number of features

 

 

 

 

in the common properties to assist in the

 

 

 

 

deployment.

 

 

 

 

 

 

 

 

 

 

6-14 Managing User Desktops with Group Policy

General Properties Tab

The General Properties tab is where basic information is provided. The first step is to specify the action for

the preference: Create, Delete, Replace, or Update. Different settings will be available, depending on the

MCT

 

initial action selected. For example, when creating a drive mapping, you must provide a Universal Naming

Convention (UNC) path and an option for the drive letter, which you want to assign.

USE

 

Common Properties Tab

The common properties are consistent for all preferences. You can use the Common Property tab to control the behavior of the preference as follows:

Stop processing items in this extension if an error occurs. If an error occurs while processing a ONLY preference, no other preferences in this GPO will process.

Run in logged-on user’s security context. Preferences can run as the System account or the logged-on user. This setting forces the logged-on user context.

Remove this item when it is no longer applied. Unlike policy settings, preferences are not removed

when the GPO that delivered it is removed. This setting will change that behavior. .

Apply once and do not reapply. Normally, preferences are refreshed at the same interval as Group

Policy settings. This setting changes that behavior to apply the setting only once on logon or startup. STUDENT Use Item-level targeting. One of the most powerful features of preferences is item-level targeting. You

can use this feature to specify criteria easily, so that you can determine exactly which users or computers will receive a preference. Criteria includes, but is not limited to:

o Computer name

o Windows Management Instrumentation (WMI) queries

Demonstration: Configuring Group Policy Preferences

This demonstration shows how to:

Configure a desktop shortcut with Group Policy preferences.

Target the preference.

Configure a new folder with Group Policy preferences.

Target the preference.

Test the preference.

Demonstration Steps

Configure a desktop shortcut with Group Policy preferences

1.On LON-DC1, in the Group Policy Management console, open the Default Domain Policy for editing.

2.Navigate to Computer Configuration\Preferences\ Windows Settings\Shortcuts.

3.Create a new shortcut to the Notepad.exe program.

PROHIBITED USE

 

Administering Windows Server® 2012

MCT

 

6-15

 

Target the preference

 

 

Target the preference for the computer, LON-CL1.

 

 

Configure a new folder with Group Policy preferences

USE

1.

Navigate to User Configuration\Preferences\Windows Settings\Folders.

2.

Create a new folder for the C:\Reports folder.

Target the preference

Target this preference for computers that are running the Windows 8 operating system.

Test the preferences

1.

Switch to LON-CL1, and refresh the group policies by using the following command at the command

 

prompt:

 

gpupdate /force

 

ONLY

2.

.

Sign in and verify the presence of both the C:\Reports folder and the Notepad shortcut on the

 

Desktop.

 

PROHIBITED USE STUDENT

6-16 Managing User Desktops with Group Policy

Lesson 4

Managing Software with Group Policy

Windows Server 2012 includes a feature called Software Installation and Maintenance that AD DS, Group Policy, and the Windows Installer service use to install, maintain, and remove software from your organization’s computers. In this lesson, you will learn how to manage software with Group Policy.

Lesson Objectives

After completing this lesson, you will be able to:

Describe how Group Policy software distribution addresses the software lifecycle.

Describe how Windows Installer enhances software distribution.

Describe the difference between assigning and publishing software.

Explain how to manage software upgrades by using Group Policy.

How Group Policy Software Distribution Helps to Address the Software Lifecycle

The software lifecycle consists of four phases: preparation, deployment, maintenance, and removal. You can use Group Policy to manage all phases except the preparation. You can apply Group Policy settings to users or computers in a site, domain, or organization unit (OU) to install, upgrade, or remove software automatically.

By applying Group Policy settings to software, you can manage the phases of software deployment without deploying software on each computer individually.

How Windows Installer Enhances Software Distribution

To enable Group Policy to deploy and manage software, Windows Server 2012 uses the Windows Installer service. This component automates the installation and removal of applications by applying a set of centrally defined setup rules during the installation process. The Windows Installer service installs the Microsoft Installer (MSI) package files. MSI files contain a database that stores all the instructions required to install the application. Small applications may be entirely stored as MSI files, whereas other larger applications will have many associated source files

that the MSI references. Many software vendors provide MSI files for their applications.

PROHIBITED USE STUDENT .ONLY USE MCT

Assigning software has the following characteristics:
Assigning Software

The Windows Installer service has the following characteristics: MCT

Administering Windows Server® 2012 6-17

• This service runs with elevated privileges, so that software can be installed by the Windows Installer

service, no matter which user is logged onto the system. Users only require read access to the software distribution point.

• Applications are resilient. If an application becomes corrupted, the installer will detect and reinstall or

repair the application.

USE

• Windows Installer cannot install .exe files. To distribute a software package that installs with an .exe

.ONLY

file, the .exe file must be converted to an .msi file by using a third-party utility.

Question: Do users need administrative rights to install applications manually that have MSI

files?

Question: What are some disadvantages of deploying software through Group Policy?

Assigning and Publishing Software

There are two deployment types available for

 

 

 

 

STUDENT

delivering software to clients. Administrators can

 

either install software for users or computers in

 

advance by assigning the software, or give users

 

the option to install the software when they

 

require it by publishing the software in AD DS.

 

Both user and computer configuration sections

 

of a GPO have a Software Settings section. You

 

can add software to a GPO by adding a new

 

package to the Software Installation node, and

 

then specifying whether to assign or publish it.

 

 

 

 

 

 

 

You also can choose advanced deployment of a

 

USE

package. Use this option to apply a customization file to a package for custom deployment. For

 

 

example, if you use the Office Customization tool to create a setup customization file to deploy Microsoft Office 2010.

When you assign software to a user, the user’s Start menu advertises the software when the user logsPROHIBITED on. Installation does not begin until the user double-clicks the application's icon or a file that is

associated with the application.

Users do not share deployed applications. When you assign software to a user, an application that you install for one user through Group Policy will not be available to other users.

When you assign an application to a computer, the application is installed the next time that the computer starts. The application will be available to all users of the computer.

6-18 Managing User Desktops with Group Policy

Publishing Software

Publishing software has the following characteristics:

MCT

The Programs shortcut in Control Panel advertises a published program to the user. Users can install

the application by using the Programs applet, or you can set it up so that document activation installsUSE the application.

Applications that users do not have permission to install are not advertised to them.

Applications cannot be published to computers.

Note: When configuring Group Policy to deploy applications, they must be mapped to UNC paths. If you use local paths, the deployment will fail.

Managing Software Upgrades by Using Group Policy

Software vendors occasionally release software updates. These usually address minor issues, such as an update or feature enhancements, which do not warrant a complete application reinstallation. Microsoft releases some software patches as .MSP files.

Major upgrades that provide new functionality require an upgrading of a software package to a newer version. You can use the Upgrades tab to upgrade a package by using the GPO. When you perform upgrades by using Group Policy, you’ll notice the following characteristics:

You may redeploy a package if the original Windows Installer file has been modified.

Upgrades will often remove the old version of an application and install a newer version, usually maintaining application settings.

You can remove software packages if they were delivered originally by using Group Policy. This is useful if a line-of-business (LOB) application is being replaced with a different application. Removal can be mandatory or optional.

PROHIBITED USE STUDENT .ONLY

Administering Windows Server® 2012 6-19

Lab: Managing User Desktops with Group Policy

MCT

 

Scenario

 

 

 

 

 

 

A. Datum Corporation is a global engineering and manufacturing company with its head office in London,

 

U.K. An IT office and a data center are located in London to support the London head office and other

USE

 

locations. A. Datum has recently deployed a Windows Server 2012 server and client infrastructure.

 

A. Datum has just opened up a new branch office. Users in this office require an automated method for

 

 

 

 

mapping drives to shared server resources and you decide to use Group Policy preferences. Furthermore,

 

you have been asked to create a shortcut to the Notepad application for all users that belong to the IT

.ONLY

 

security group. To help minimize profile sizes, you have been asked to configure folder redirection to

 

redirect several profile folders to each user’s home drive.

 

Objectives

 

 

After completing this lab, you will be able to:

 

 

• Implement settings by using Group Policy preferences.

 

 

 

 

• Configure folder redirection.

 

 

 

 

Lab Setup

 

 

 

 

Estimated Time: 45 minutes

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Virtual Machines

20411B-LON-DC1

 

 

 

 

20411B-LON-CL1

 

 

 

 

 

 

 

 

User Name

Adatum\Administrator

 

 

 

 

 

 

 

 

Password

Pa$$w0rd

STUDENT

 

 

 

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must

1.On the host computer, click Start, point to Administrative Tools, and then click Hyper-V ManagerUSE.

2.In Hyper-V® Manager, click 20411B-LON-DC1, and in the Actions pane, click Start.

3.In the Actions pane, click Connect. Wait until the virtual machine starts.

4.Sign in using the following credentials: PROHIBITED o User name: Administrator

o Password: Pa$$w0rd o Domain: Adatum

5.Repeat steps 2 through 4 for 20411B-LON-CL1.

6-20 Managing User Desktops with Group Policy

The main tasks for this exercise are as follows:

1.Create the required logon script.

2.Create a new GPO, and link it to the Branch Office 1 organization unit (OU).

3.Edit the Default Domain Policy with the required Group Policy preferences.

4.Test the preferences.

Task 1: Create the required logon script

USE MCT

1.

Sign in to LON-DC1 as Adatum\Administrator with the password Pa$$w0rd.

.ONLY

 

2.

Open File Explorer and create a folder, and then share it with Specific people by using the following

 

properties:

 

 

o

Path: C:\Branch1

 

 

o

Share name: Branch1

 

 

o

Permissions: Everyone, Read/Write.

STUDENT

2.

Move user Holly Dickson from the IT OU to the Branch Office 1 OU.

3.

Launch Notepad, and then type the following command:

 

4.

Save the file to the desktop as BranchScript.bat.

 

5.

On the desktop, copy the file to the Clipboard. You will paste the file into the appropriate folder later

 

 

in the lab.

 

1.

On LON-DC1, open Active Directory Users and Computers, and then create an organizational unit

 

 

(OU) in the Adatum.com domain called Branch Office 1.

 

3.

Move the LON-CL1 computer to the Branch Office 1 OU.

USE

4.

Open the Group Policy Management console.

5.

Create and link a new GPO named Branch1 to the Branch Office 1 organizational unit.

6.

Open the Branch1 GPO for editing.

7.

Edit the GPO to configure a user logon script.

PROHIBITED

 

8.

Paste the BranchScript.bat script into the Netlogon share.

 

9.

Add the BranchScript.bat script to the logon scripts GPO setting.

 

Task 3: Edit the Default Domain Policy with the required Group Policy preferences

 

1.

On LON-DC1, open the Default Domain Policy for editing.

 

2.

Navigate to User Configuration\Preferences\Windows Settings\Shortcuts.

 

3.

Create a new shortcut to the Notepad.exe program:

 

 

o

Name: Notepad

 

 

o

Action: Create

 

 

o

Location: Desktop

 

 

o

Target path: C:\Windows\notepad.exe

 

Administering Windows Server® 2012 6-21

4.

Target the preference for members of the IT security group.

MCT

5.

Close all open windows.

1.Switch to LON-CL1 and restart the computer. USE

2.Sign in as Adatum\Administrator with the password Pa$$w0rd.

3.Open the Command Prompt window, and then use the gpupdate /force command to refresh the Group Policy.

4.Sign out of LON-CL1. ONLY

5.Sign in as Adatum\Holly with the password Pa$$w0rd.

6.Verify that a drive is mapped to \\LON-DC1\Branch1.

7.Verify that the shortcut to Notepad is on Holly’s desktop.

8.If the shortcut does not appear, repeat steps 2 through 5. .

9.Sign out of LON-CL1. STUDENTThe main tasks for this exercise are as follows:

1.Create a shared folder to store the redirected folders.

2.Create a new GPO and link it to the branch office OU.

3.Edit the folder redirection settings in the policy.

4.Test the folder redirection settings.

USE

• On LON-DC1, open File Explorer and then create a folder and share it with Specific people by using the following properties:

o Path: C:\Branch1\Redirect

o Share name: Branch1Redirect

o Permissions: Everyone, Read/Write

• On LON-DC1, open Group Policy Management and then create and link a new GPO named Folder

Redirection to the Branch Office 1 OU.

PROHIBITED

 

6-22 Managing User Desktops with Group Policy

Task 3: Edit the folder redirection settings in the policy

MCT

1.

Open the Folder Redirection GPO for editing.

2.

Under User Configuration, browse to Folder Redirection and then configure the Documents folder

 

properties to use the Basic-Redirect everyone’s folder to the same location setting.

USE

 

 

3.

Ensure that the Target folder location is set to Create a folder for each user under the root path.

 

4.

Specify the root path as \\LON-DC1\Branch1Redirect.

 

5.

Close all open windows on LON-DC1.

 

Task 4: Test the folder redirection settings

1.Switch to LON-CL1.

2.Sign in as Adatum\Administrator with the password Pa$$w0rd.

3.Open the Command Prompt window, and use the gpupdate /force command to refresh the Group Policy.

4.Sign out and then sign in as Adatum\Holly with the password Pa$$word.

5.Browse to the desktop. STUDENT

6.Right-click the desktop and use the Personalize menu to enable User’s Files on the desktop.

7.From the Desktop, open the Holly Dickson folder.

8.Right-click My Documents, and then click Properties.

9.In the My Document Properties dialog box, note that the location of the folder is now the network share in a subfolder named for the user.

10.If the folder redirection is not evident, sign out, and then sign in as Adatum\Holly with the password Pa$$word. Repeat steps 7 to 9.

11.Sign out of LON-CL1. ONLY

Results: After this exercise, you should have successfully configured folder redirection to a shared folder on the LON-DC1 server.

To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, perform the following steps:

1.On the host computer, start Hyper-V Manager.

2.In the Virtual Machines list, right-click 20411B-LON-DC1, and then click Revert.

3.In the Revert Virtual Machine dialog box, click Revert.

4.Repeat steps 2 and 3 for 20411B-LON-CL1.

PROHIBITED USE

Соседние файлы в предмете [НЕСОРТИРОВАННОЕ]
Помощь Обратная связь Вопросы и предложения Пользовательское соглашение Политика конфиденциальности