Module 6: Configuring

User Environments
Using Group Policy
Module Overview, Cache: 快速緩衝貯存區
• Configuring Group Policy Settings

• Configuring Scripts and Folder Redirection Using

Group Policy
• Configuring Administrative Templates

• Configuring Group Policy Preferences

• Deploying Software Using Group Policy

Lesson 1: Configuring Group Policy Settings
• Options for Configuring Group Policy Settings

• Demonstration: Configuring Group Policy Settings Using

the Group Policy Editor
Options for Configuring Group Policy Settings

Enable / Disable Multi-valued settings

Demonstration: Configuring Group Policy Settings
Using the Group Policy Editor
In this demonstration, you will see how to configure Group
Policy settings
Lesson 2: Configuring Scripts and Folder
Redirection Using Group Policy
• What Are Group Policy Scripts?

• Demonstration: Configuring Scripts with Group Policy

• What Is Folder Redirection?

• Folder Redirection Configuration Options

• Options for Securing Redirected Folders

• Demonstration: Configuring Folder Redirection

 What Are Group Policy Scripts?

You can use scripts to perform many tasks, such as clearing page files or
mapping drives, and clearing temp folders for users, etc…

Group Policy script settings can be used to assign:

• For computers
 Startup scripts
 Shutdown scripts

• For users
 Logon scripts
 Logoff scripts
Demonstration: Configuring Scripts with
Group Policy
In this demonstration, you will see how to assign a logon
script to a user
What Is Folder Redirection?

Folder redirection allows folders to

be located on a network server, but
appear as if they are located on the
local drive

The folders that can be redirected are:

• My Documents (Documents in
Windows® Vista)
• Application Data (AppData in Windows Vista)
• Desktop
Extra folders that can be redirected
• Start Menu in Windows Vista are:
• Contacts • Searches
• Downloads • Links
• Favorites
Folder Redirection Configuration Options

• Use basic Folder Redirection when Accounting

all users save their files to the Users
same location
• With advanced Folder Redirection, Accounts
the server hosting the folder location A-M
is based on group membership
Accounts
N-Z
• Target folder location options:
• Redirect to the users’ Accounting
home directory Managers

• Create a folder for each user at

e
i v
under the root path Pr Misty
• Redirect to the
following location at
e
i v
Pr Anne
• Redirect to the local
userprofile location
Options for Securing Redirected Folders
NTFS permissions for root folder
Creator/Owner Full control - subfolders and files only
Administrator • None
Security group of
users that • List Folder/Read Data, Create Folders/Append
put data on share Data - This Folder Only
Local System • Full control

Share permissions for root folder

Creator/Owner Full control - subfolders and files only
Security group of • Full control
users that
put data on share

NTFS permissions for each users’ redirected folder

Creator/Owner Full control - subfolders and files only
%Username% • Full control, owner of folder
Administrators • None
Local system • Full Control
Demonstration: Configuring Folder Redirection
In this demonstration, you will see how to configure folder
redirection for the Documents folder
Lesson 3: Configuring Administrative Templates
• What Are Administrative Templates?

• Demonstration: Configuring Administrative Templates

• Modifying Administrative Templates

• Demonstration: Adding Administrative Templates for

Office Applications
• Discussion: Options for Using Administrative Templates
 What Are Administrative Templates?

Administrative Templates allow you to control both the environment of

the operating system and user experience

Administrative Templates Administrative Templates

sections for sections for users are:
computers are:

• Windows components • Windows components

• System • Start menu and taskbar
• Network • Desktop
• Printers • Control panel
• Shared folders
• Network
• System
Demonstration: Configuring
Administrative Templates
In this demonstration, you will see how to configure
Administrative Templates
 Modifying Administrative Templates

ADMX files: all policy files store into only ONE folder (can
download ADMX migrator from MS web to upgrade ADM to
ADMX)
but.ADM: each policy stored a separate 3M folder in sysvol

• Are extensible
• Can be edited with any text editor

New ADMX files can be added to the Policy Definitions folder or

the Central Store
Demonstration: Adding Administrative Templates
for Office Applications
In this demonstration, you will see how to add in the ADM
files for Office 2007
Discussion: Options for Using Administrative
Templates
• What Administrative Templates are deployed in your
organization now?
• What desktop settings would you like to implement for
users in your organization?
• Which Administrative Template settings will you need to
apply?
Lesson 4: Configuring Group Policy Preferences
• What Are Group Policy Preferences?

• Difference Between Group Policy Settings and Preferences

• Group Policy Preference Features

• Deploying Group Policy Preferences

• Demonstration: Deploying Group Policy Preferences

What Are Group Policy Preferences?

Group Policy preferences expand the range of configurable

settings within a GPO

 Are not enforced

Enable IT professionals to configure, deploy, and manage

 operating system and application settings that were not
manageable using Group Policy
Difference Between Group Policy Settings
and Preferences

Group Policy settings Group Policy preferences

Strictly enforces policy settings Are written to the normal

by writing the settings to areas
of the registry that standard
users cannot modify
Typically disables the user
interface for settings that Group operating system feature to
Policy is managing
Refreshes policy settings at a
regular interval @90min
locations in the registry that the
application or operating system
feature uses to store the setting
Do not cause the application or
disable the user interface for the
settings they configure
Refreshes preferences using the
same interval as Group Policy
settings by default
Group Policy Preference Features

Common Tab Targeting Features

Used to configure additional

Determines to which users and
options that control the
computers a preference
behavior of a Group Policy
item applies
preference item
Deploying Group Policy Preferences

Windows Server 2008 includes Group Policy

preferences by default as part of the
Group Policy Management Console (GPMC)

Windows Server 2008 includes Group Policy preferences by

 default as part of the GPMC

Group Policy preferences Client side extension (CSE)

 must be deployed to any client computer to which you want to
deploy preferences
Demonstration: Deploying Group
Policy Preferences
In this demonstration, you will see how to deploy Group
Policy preferences
Lesson 5: Deploying Software Using Group Policy
• Options for Deploying and Managing Software Using
Group Policy
• How Software Distribution Works

• Options for Installing Software

• Demonstration: Configuring Software Distribution

• Options for Modifying the Software Distribution

• Demonstration: Modifying Software Distribution

• Maintaining Software Using Group Policy

• Discussion: Evaluating the Use of Group Policy to

Deploy Software
Options for Deploying and Managing Software
Using Group Policy

1 2

1.0

Preparation Deployment

4 3

2.0

Remova Maintenance
l
How Software Distribution Works

Windows Installer=.msi
(.msi: clean install/remove;
english.mst(transform): maximum user interface
But .exe: unclean install/remove)

Windows Installer package contains

Windows Installer service
Fully automates the
software installation and
configuration process
Modifies or repairs an
existing application
installation
Information about installing or
uninstalling an application
An .msi file and any external source
files
Summary information about the
application
A reference to an installation point

Benefits of Custom
installations
Using
Resilient
Windows applications
Installer Clean removal
Options for Installing Software:
1.Assign: mandatory, 2. Publish: optional

Assign software
during Computer
Configuration

Software
Distribution Point
Assign software Publish software
during User using Add or
Configuration Remove Programs

?
Publish software using
document activation
Demonstration: Configuring Software Distribution
In this demonstration, you will see how to deploy a
software package through both assigning and publishing
 Options for Modifying the Software Distribution

Options:
Software can be categorized in the Add Programs applet

 File extensions can be associated with particular applications

 Software deployment can be customized using MST files

Demonstration: Modifying Software Distribution
In this demonstration, you will see how to:
• Create software categories

• Configure software distribution properties

Maintaining Software Using Group Policy

Mandatory upgrade Users can use only

the upgraded version
2.0
Deploy next
version of the
application
Optional upgrade Users can decide
2.0 when to upgrade
1.0

2.0

Selective upgrade You can select

2.0 specific users for an
upgrade
1.0
Discussion: Evaluating the Use of Group Policy to
Deploy Software
• What are the advantages of using Group Policy to
deploy software?
• What are the limitations?

• What additional features are provided by other software

distribution packages?
Lab: Configuring User Environments Using
Group Policy
• Exercise 1: Configuring Scripts and Folder Redirection

• Exercise 2: Configuring Administrative Templates

• Exercise 3: Configuring Preferences

• Exercise 4: Verifying GPO Application

Logon information
Virtual machine NYC-DC1, NYC-CL1
User name Administrator
Password Pa$$w0rd

Estimated time: 60 minutes

Lab Review
• You have configured folder redirection for an OU, but none
of the user’s folders are being redirected to the network
location. When you look in the root folder, you observe
that a subdirectory named for each user has been created,
but they are empty. What is the problem?
• You have an .MSI file for a small application that you want
globally available to all users and computers in an OU.
What steps would you take to accomplish this?
Module Review and Takeaways
• Considerations

• Review questions