Mainos / Advertisement:

Group Policy Management

Kohteesta Taisto
Versio hetkellä 26. elokuuta 2015 kello 12.03 – tehnyt Frans (keskustelu | muokkaukset)
Siirry navigaatioon Siirry hakuun
Muut kielet:
English • ‎suomi

Group Policy Management (GPO) is automatically installed when you install Active Directory Domain Services on the server. GPO can not be installed without AD DS.

GPO is used to manage workstations and servers connected to a domain. Using a simple and easy interface you can define each computer- or user groups specific settings.

GPO is used in nearly any organization or business.

GPO comes defined out of the box with Default Domain Policy and Default Domain Controller Policy.


Updating GPO in a workstation or server using the command line:

 gpupdate

Part of the policies are updated immediately when this is run, but some of them require you to log in again and some even require you to reboot the PC to update.

Basic functions

  1. Open Group Policy Management
  2. Select Default Domain Policy, this policy is applied to the entire domain
  3. Select the Settings tab
  4. Here is a list of the default policies enabled in the domain
  5. You can edit policies by selecting them with the right mouse button and pressing EDIT
  6. You can now look for the policy you wish to edit

Domain Controllers

Domain Controllers have some default policies defined for them too.

List of default policies

In GPO policies are split to two groups, Computer and User policies. Part of the policies are available to both groups and part are available only to one group.

Password policies

These settings are defined by default in Default Domain Policy.

Path:

 Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Password Policy

From Password Policies you can also define password restrictions/definitions for the domain.

  • Enforce password history
  • Maximum password age
  • Minimum password age
  • Password must meet complexity requirements
  • Store password using reversible encryption

Käyttäjien uloskirjautumisen käytänteet

Polku:

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Account Lockout Policy
  • Account lockout duration (Aika, kuinka kauan käyttäjätili on lukittuna)
  • Account lockout threshold (Maksimimäärä kirjautumisen yrityksiä)
  • Reset account lockout counter after (Ajastimen nollaus, sallii taas yritykset)

Käyttäjien oikeudet

Polku:

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy

Valvontakäytänteet

Polku:

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Password Policy
Mainos / Advertisement: