Mainos / Advertisement:

Ero sivun ”Group Policy Management/en” versioiden välillä

Kohteesta Taisto
Siirry navigaatioon Siirry hakuun
(Ak: Uusi sivu: In GPO policies are split to two groups, Computer and User policies. Part of the policies are available to both groups and part are available only to one group.)
(Ak: Uusi sivu: Path: Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Password Policy)
 
(12 välissä olevaa versiota samalta käyttäjältä ei näytetä)
Rivi 46: Rivi 46:
 
In GPO policies are split to two groups, Computer and User policies. Part of the policies are available to both groups and part are available only to one group.  
 
In GPO policies are split to two groups, Computer and User policies. Part of the policies are available to both groups and part are available only to one group.  
  
=== Salasanakäytänteet ===
+
=== Password policies ===
  
Nämä asetukset ovat määritetty oletuksena (Default Domain Policy).
+
These settings are defined by default in Default Domain Policy.
  
Polku:
+
Path:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Password Policy
+
  Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Password Policy
  
Salasanakäytänteistä voit määrittää toimialueelle salasanamääritykset.
+
From Password Policies you can also define password restrictions/definitions for the domain.
  
* Enforce password history (Salasanahistoria)
+
* Enforce password history
* Maximum password age (Salasanan pienin sallittu ikä ennen kuin sallitaan muutos)
+
* Maximum password age
* Minimum password age (Suurin sallittu salasanan ikä)
+
* Minimum password age
* Password must meet complexity requirements (Salasanan tulee noudattaa vaatimustasoja)
+
* Password must meet complexity requirements
* Store password using reversible encryption (Talleta salasanat kryptattuna)
+
* Store password using reversible encryption
  
 
<gallery>
 
<gallery>
Tiedosto:Group policy management password policy 1.png|Yleisnäkymä salasanakäytönnöistä.
+
Tiedosto:Group policy management password policy 1.png|Overview of password policies.
 
</gallery>
 
</gallery>
  
=== Käyttäjien uloskirjautumisen käytänteet ===
+
=== User logout policies ===
  
Polku:
+
Path:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Account Lockout Policy
+
  Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Account Lockout Policy
  
* Account lockout duration (Aika, kuinka kauan käyttäjätili on lukittuna)
+
* Account lockout duration
* Account lockout threshold (Maksimimäärä kirjautumisen yrityksiä)
+
* Account lockout threshold
* Reset account lockout counter after (Ajastimen nollaus, sallii taas yritykset)
+
* Reset account lockout counter after
  
 
<gallery>
 
<gallery>
Rivi 78: Rivi 78:
 
</gallery>
 
</gallery>
  
=== Käyttäjien oikeudet ===
+
=== User policies ===
  
Polku:
+
Path:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy
+
  Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy
  
=== Valvontakäytänteet ===
+
=== Supervisory policies ===
  
Polku:
+
Path:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Password Policy
+
  Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Password Policy

Nykyinen versio 26. elokuuta 2015 kello 12.07

Muut kielet:
English • ‎suomi

Group Policy Management (GPO) is automatically installed when you install Active Directory Domain Services on the server. GPO can not be installed without AD DS.

GPO is used to manage workstations and servers connected to a domain. Using a simple and easy interface you can define each computer- or user groups specific settings.

GPO is used in nearly any organization or business.

GPO comes defined out of the box with Default Domain Policy and Default Domain Controller Policy.


Updating GPO in a workstation or server using the command line:

 gpupdate

Part of the policies are updated immediately when this is run, but some of them require you to log in again and some even require you to reboot the PC to update.

Basic functions

  1. Open Group Policy Management
  2. Select Default Domain Policy, this policy is applied to the entire domain
  3. Select the Settings tab
  4. Here is a list of the default policies enabled in the domain
  5. You can edit policies by selecting them with the right mouse button and pressing EDIT
  6. You can now look for the policy you wish to edit

Domain Controllers

Domain Controllers have some default policies defined for them too.

List of default policies

In GPO policies are split to two groups, Computer and User policies. Part of the policies are available to both groups and part are available only to one group.

Password policies

These settings are defined by default in Default Domain Policy.

Path:

 Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Password Policy

From Password Policies you can also define password restrictions/definitions for the domain.

  • Enforce password history
  • Maximum password age
  • Minimum password age
  • Password must meet complexity requirements
  • Store password using reversible encryption

User logout policies

Path:

 Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Account Lockout Policy
  • Account lockout duration
  • Account lockout threshold
  • Reset account lockout counter after

User policies

Path:

 Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy

Supervisory policies

Path:

 Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Password Policy
Mainos / Advertisement: