Manage Group Policy Processing

Introduction

The Manage Group Policy Processing module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

• Manage GPO Processing
• Configure Inheritance in Group Policy Objects
• Manage GPO Security and WMI Filtering
• Implement Loopback Processing in GPO
• Manage GPO Slow Link Processing and Client Side Extensions

Lab Time: It will take approximately 1 hour to complete the exercises in this lab.

Exam Objectives

The following exam objectives are covered in this lab:

• Understand processing order and precedence
• Configure blocking of inheritance
• Configure enforced policies
• Manage security filtering and Windows Management Instrumentation (WMI) filtering
• Enable loopback processing
• Manage slow link processing and GPO caching
• Configure client-side extension (CSE) behaviour
• Force a GPO update

Exercise 1 - Manage GPO Processing

Group Policy Objects (GPO) is a change and configuration management tool that apply controls to user or computer environment in an Active Directory domain. In a corporate network, administrator can enforce settings to control configuration of operating system settings and programs, apply user restrictions and enforce security.

GPOs can be applied for a local computer whether as a standalone computer or as a domain workstation. This means that the policy will apply to the workstation regardless who signs-in to the device.

For configuring domain-wide policies like password policy and account lockout, a domain-linked GPO is applicable as this will apply to computers and users in the domain. For creating restrictions that apply to a user or security in a company department, an OU-based GPO can be implemented.

Exercise 2 - Configure Inheritance in Group Policy Objects

When a user signs-in to a domain, Group Policy Objects are processed in this order: Local computer > Site > Domain then Organizational unit or simply using this acronym L-S-D-OU. However, there are times when you don’t want the GPO to apply to a user or computer due to special requirement and this is where modifying Group Policy Inheritance becomes important.

Exercise 3 - Manage GPO Security and WMI Filtering

In this exercise, you will enable advanced features called Security Filtering and Windows Management Instrumentation (WMI) filtering which are two features that allow an administrator to limit the application of GPOs based on user group membership in a domain and system hardware settings of a computer such as the installed operating system version.

Exercise 4 - Implement Loopback Processing in GPO

For organizations that maintain domain-joined computers located in common areas like training rooms or public computers--kiosks; administrators have the option of implementing loopback processing mode. This feature prevents special purpose computers from inheriting group policy settings in the event a roaming domain user signs on to those workstations.

Exercise 5 - Manage GPO Slow Link Processing and Client Side Extensions

Most organizations will give their employees access to corporate data via a remote connection through virtual private networks (VPN). Since users will dial up to the servers, their network connection will vary depending on network conditions.

GPOs can be used to detect whether a connection is considered slow link and manage how GPO client side extensions will apply when users connect via VPN.