Kevin Sullivan Principal Program Manager Lead Microsoft Corporation SESSION CODE WCL323 Required Slide Session Objectives and Takeaways Group Policy quick overview PowerShell Automation is awesome ID: 737517
Download Presentation The PPT/PDF document "How to Save Money, Time, and Headaches w..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
How to Save Money, Time, and Headaches with Group Policy in Windows 7/ Windows Server 2008 R2
Kevin SullivanPrincipal Program Manager LeadMicrosoft Corporation
SESSION CODE: WCL323
Required SlideSlide2
Session Objectives and Takeaways
Group Policy – quick overviewPowerShellAutomation is awesome
Object model will save you Group Policy PreferencesPower: manage, reportGet rid of login scriptsSlide3
Templates
ADM templates difficult to manage
Troubleshooting
User.env log
GP Result
Storing and Finding
Need to find settings? Where is that spreadsheet?
Local GPOs
Limited flexibility with a single local GPO
Settings
~1,800 policy settings in XP
Incomplete coverage means missing key scenarios
LGPO’s
LGPO
Local Computer Policy
Group Policy
Group Policy
Process
Part of
Winlogon
Network
Limited awareness of changing network conditions
DC
SysVo
l
ADM
ADM
ADM
ADM
ADM
Group Policy Service
GP now runs in a shared service
Hardened Service, more reliable
Group Policy Settings
Lots of
new
policy
settings
with Windows
Vista and Windows 7
Extended GP for new Windows
Vista
and Windows 7 features
Network Location
Awareness (NLA)
NLA service provides the latest
network information
Applications can query or register with
NLA for network change indications
Group Policy Logging
Administrative log
Applications and Services log
XML based event logs
New Tools -
GPOLogView
Group Policy Templates
ADM Templates now in
ADMX files (ADMX, ADML)
Windows Vista/Windows Server 2008
ADM
ADMX
Multiple Local GPOs
LGPO’s
LGPO
Admin
User
User Specified Group Policy
Admin/Non-Admin Group Policy
Local Computer Policy
Group Policy Central Store
Centralized repository for ADMX
Contains all ADMX templates
Created in the
Sysvol
on DC
in each domain
DC
FRS/DFS-R
SysVo
l
ADMX
ADML
+
Policies
+
+
GUID
ADM
Policy
Definations
ADMX, ADML Files
+Slide4
Compliance
Q: How can I determine if my environment is compliant?
A:Use automation to run exhaustive testsSlide5
Group Policy PowerShell
Save energy and time with automation
Set-
GPRegistryValue
HKLM\Uninstall\
GoogleToolbar
Configure a registry key
Sales GPO
Hklm
\uninstall\
googletoolbar
Hklm
\uninstall\
googletoolbar
Hklm
\uninstall\
googletoolbar
Configure the GPOManage the set of GPOs with scripts
Sales GPO
Hklm\uninstall\googletoolbar
Hklm
\uninstall\
googletoolbar
Hklm
\uninstall\
googletoolbar
Finance GPO
Hklm
\uninstall\
googletoolbar
Hklm
\uninstall\
googletoolbar
Hklm
\uninstall\
googletoolbar
Accounting GPO
Hklm
\uninstall\
googletoolbar
Hklm
\uninstall\
googletoolbar
Hklm
\uninstall\
googletoolbarSlide6
GP PowerShell Cmdlets
Import-module
GroupPolicy
get-help *-
gp
*
New
Set
Remove
Misc
GetSlide7
GP PowerShell ExamplesSlide8
PowerShell
Group Policy cmdlet overview
DEMO
Kevin Sullivan
Principal Program Manager – Lead
MicrosoftSlide9
More GP PowerShell ExamplesSlide10
…and more GP PowerShell ExamplesSlide11
Moving on….
And now for something completely differentSlide12
Save Time
Remove login scriptsSlide13
Save Power (Schemes)Slide14
Group Policy
Preferences
New
in R2:
Vista+ support Power Plans and Scheduled Tasks
Targeting and configuration beyond policySlide15
Configuring
Familiar Experience
Powerful browsersGranular: Red/GreenSlide16
Preferences
Group Policy PreferencesDEMO
Kevin Sullivan
Principal Program Manager – Lead
MicrosoftSlide17
Targeting
Item level targeting, not GPO level
Robust targeting
29 types
Boolean logic (And, Or, Not)
Collections
Intuitive UI
No need to learn query languages
Granular item level targetingSlide18
What do you mean ‘item’?
{
Printer GPO_1
HP Lobby Printer
Users:
ExecAssistants
{
Printer GPO
HP Lobby Printer
Users:
ExecAssistants
IP range: 10.0.0.1-.23
Hours: 9am-5pm, Mon-Fri
DEFAULT
HP Lobby Printer
Users:
ExecAssistants
IP range: 10.0.0.24-.72
{
Printer GPO_2
HP Lobby PrinterUsers: ExecAssistants
{Printer GPO_3
HP Lobby Printer
Users:
ExecAssistants
{
Printer GPO_4
HP Lobby Printer
Users:
ExecAssistants
{
Printer GPO 5
HP Lobby Printer
Users:
ExecAssistants
{
Printer GPO_6
HP Lobby Printer
Users:
ExecAssistants
IP range: 11.0.0.1-.37
IP range: 11.0.0.38-.77
IP range: 12.0.0.1-.37Slide19
Granular Actions
Create : create newR
eplace : delete and recreate if present, else create.Update : update if present, else create.Delete: remove
True PreferenceSlide20
Preferences
Group Policy PreferencesDEMO
Kevin Sullivan
Principal Program Manager – Lead
MicrosoftSlide21
Light Weight
Multiple items
XMLDescriptions/Comments
Easy to author, easy to understandSlide22
Policy vs. PreferenceSlide23
Save Time – Replace Scripting
Easy to Set up, Report, Maintain
Use cases:
drive mappings, default printers,
shortcuts, local users
and groups, file and folder options…
Replace logon scripts
Reduce number
of
images
Fewer scripts = less complicated, less time to applySlide24
What have we learned
TimeAutomation to script day-to-day tasksScript to maintain healthy environment
Object model to make interesting decisions when scripting
Money
Manage power using Preferences
Admins can focus on troubleshooting instead of maintenance
Headache
Reduce logon time
Replace logon scripts with easy to manage Preferences
No need for custom ADMXSlide25
Deploying GP Preferences
Client Side Extension (CSE)
Download: XP+, Server 2003, VistaUpdate: Windows Vista Sp1
In box: Windows 7
GPMC
Windows Server 2008
Windows Vista SP1 + RSAT
Windows Server 2008 R2
Windows 7 + RSAT
Management Console
ClientSlide26
Links & Resources
Group Policy Team Blog
http://blogs.technet.com/grouppolicy
RSAT Windows Vista SP1 32-bit Edition (KB941314):
http://go.microsoft.com/fwlink/?LinkId=115118
RSAT Windows Vista SP1 64-bit Edition (KB941314):
http://go.microsoft.com/fwlink/?LinkId=116472
Group Policy TechNet page
http://www.microsoft.com/technet/grouppolicy
Group Policy Settings Reference Windows Vista SP1
http://www.microsoft.com/downloads/details.aspx?familyid=2043B94E-66CD-4B91-9E0F-68363245C495&displaylang=en
Group Policy Preferences : Getting Started
http://technet.microsoft.com/en-us/library/cc731892.aspx
Recording and Resources for
This Academy Live Session
http://
Academy
Slide27
Resources
Required Slide
www.microsoft.com/teched
Sessions On-Demand & Community
Microsoft Certification & Training Resources
Resources for IT Professionals
Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
LearningSlide28
Related Content
Breakout Sessions/Chalk TalksBC-12 MDOP: Advanced Group Policy Management 4.0Slide29
Please Complete An Evaluation Form
Your input is important!
Multiple ways to access Online Evaluation Forms:CommNet stations located throughout conference venuesVia a Windows phone device
Via the CommNet “Julian” offline Windows phone evaluation and session scheduling tool
From any wired or wireless connection to:
https://www.MyTechReady.com
For more information please refer to your Pocket Guide
1.
2.
Speaker – Click
Here
to Launch Video
3
.
4
.Slide30
Product Overview:
www.microsoft.com/online/windows-intune.mspx
TechCenter:http://social.technet.microsoft.com/Forums/en-US/category/microsoftonlineservices/
Windows Intune Team Blog:
http://blogs.technet.com/windowsintune
Where do I find out more?Slide31
Weekly, Monthly and Quarterly Rhythm of Topical Content
What is the Springboard Series?
To the IT pro, our goal is
Be the definitive resource for Desktop IT pros
Open, honest; show don’t tell
Information at right time, right level across Adoption Lifecycle
Inside of Microsoft we are
A turnkey IT pro engagement platform for depth and breadth
The program to mobilize MS marketing and field to
focus on desktop OS IT pros
Visit the Springboard Series on TechNet at www.microsoft.com/springboard
The Springboard Series IT pro experience offers dynamic content
and structured guidance across the adoption lifecycle
DEPLOY
PILOT
MANAGE
EXPLORE
DISCOVER
Is it worth the pain?
How does it change
my
work?Is our environment ready?
Is the organization ready?
How do I maintain
and optimize?
one-Windows
TechCenter
in 10 languages
Virtual
Roundtable Events
Springboard Technical Experts Panel Event Support
and Resources
Straight-talk Monthly Feature Articles and Overview Guides
TalkingAboutWindows
Video BlogsSlide32
Resources
Required Slide
www.microsoft.com/teched
Sessions On-Demand & Community
Microsoft Certification & Training Resources
Resources for IT Professionals
Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
LearningSlide33
Complete an evaluation on
CommNet
and
enter to win!
Required SlideSlide34
Sign up for Tech·Ed 2011 and save $500
starting June 8 – June 31sthttp://northamerica.msteched.com/registration
You can also register at the
North
America 2011
kiosk
located at
registration
Join us in Atlanta next year
Slide35
©
2010 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Slide36