How does Group Policy work with Active Directory? Group Policy provides granular control over thousands of different settings and allows you to highly customize permissions per user, group of users, computer, or group of computers within a domain. It also makes your life much easier by allowing you to automate tasks. – because no one wants to manually update a single setting 500 times.
2. With Special Guest:
Jimmy Tassin
IT Manager – St. Louis, MO
12 years in IT
“Currently managing
a project to transition
the company from a
2003 Active
Directory/Exchange
environment to a 2012
environment.”
4. What is Group Policy?
Group Policy provides the centralized management and
configuration of OSes, apps, and user settings in
an Active Directory environment.
USED GROUP POLICY
SAVED A BUNCH OF TIME
5. Why should I care about Group Policy?
Simple… Group policy makes life for IT
pros easier!
6. What are Group Policy objects?
GPOs = policy documents that apply their settings to
the computers and users within their control
GPO = Giant Pacific Octopus
Group Policy Object
Photo Courtesy of Wikipedia Commons
IT Security is a bigger concern than ever and there’s always the issue of managing your many users. Group Policy is a feature of Active directory that both helps keep the bad guys out, and the good guys in AND it helps you keep users from overstepping their boundaries and causing you headaches! Today, we’ll share group policy best practices and learn tips from a couple of the top SpiceHeads in our community.
So…. Back to our original point - how can Group Policy save your bacon?You know that zero day Internet Explorer Flash exploit that everyone has been making a big deal about this week? The one where hackers are targeting companies with valuable information and trying to get them to click on malicious links? Well, Group policy can be used to protect all of your users against this threat!How you ask? Well you can disable the Flash plugin for Internet Explorer in a Group Policy object, then apply it to all computers.But wait, there’s another way to use Group Policy to save your bacon against this exploit. SpiceHead “spiceuser” detailed a way to deny file access to a specific DLL file that the exploit needs to work, specifically VGX.dll in a GPO, then applying the object to all users. Then he instructs everyone to run GPUPDATE like I mentioned earlier… and Voila! Threat neutralized across however many computers you have in your environment.Let’s get back to our special guests for other GPO best practices…What are your top tips for managing users or computers using GPOs?What Is the coolest thing you have done using GPOs?What is a caveat that you have to remember with GPO?Do you want to have a lot of GPOs with only a few settings, or do you want to have fewer GPOs that encompass a ton of settings?Bill, how are Virtual machines useful when testing out Group Policy changes?