Awinish's Technical Blog

Lets continue the journey of learning & Share.!!

Archive for the ‘Group Policy’ Category

Active Directory/GPO Guides

Posted by Awinish on July 2, 2011


Post-Graduate AD Studies

http://blogs.technet.com/b/askds/archive/2010/07/27/post-graduate-ad-studies.aspx

Everything you need to get started with Active Directory

http://blogs.technet.com/b/ashleymcglone/archive/2012/01/03/everything-you-need-to-get-started-with-active-directory.aspx

Infrastructure Planning and Design

http://www.microsoft.com/download/en/details.aspx?id=732

AD DS Design Guide

http://technet.microsoft.com/en-us/library/cc754678%28WS.10%29.aspx

Active Directory Domain Services Operations Guide

http://technet.microsoft.com/en-us/library/cc816807%28WS.10%29.aspx

http://www.microsoft.com/download/en/details.aspx?id=16849

Windows Server 2008 Step-by-Step Guides

http://www.microsoft.com/download/en/details.aspx?id=17157

Active Directory Design Guide by Microsoft

http://www.microsoft.com/download/en/details.aspx?id=8133

Remote Desktop Services in Windows Server 2008 R2: Step-by-Step Guides

http://blogs.technet.com/b/mattmcspirit/archive/2009/08/05/remote-desktop-services-in-windows-server-2008-r2-step-by-step-guides.aspx

Microsoft has released group policy for beginners. I saw the guide & found really helpful for beginners who actually wants to start from basics. It can be found at below link.

http://www.microsoft.com/download/en/details.aspx?id=20092

For reading it online, refer below.

http://technet.microsoft.com/en-us/library/hh147307%28WS.10%29.aspx

Group policy master site(Videos,Guides etc.)

http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx

Group policy webcast series video

http://www.microsoft.com/events/series/grouppolicy.aspx

 

Advertisements

Posted in Directory Services, Group Policy | Tagged: , | 3 Comments »

Folder Redirection

Posted by Awinish on April 14, 2011


I always wanted to include folder redirection materials on my blog especially for my reference & for others too. I have seen lot of questions related with folder redirection in various blogs/forum like what is the permission on redirected folder should be, is folder to be manually created or let folder redirection creates it automatically during first log on. Here i would say let the folder be created automatically. The other question is even administrator can’t access home folder created by folder redirection, the reason is its by design & an administrator has to be manually granted explicit rights.

Enabling the administrator to have access to redirected folders

http://support.microsoft.com/kb/288991

Automatic creation of user folders for home, roaming profile and redirected folders.

http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx

NTFS permissions for Redirected Folders

http://support.microsoft.com/kb/274443

Profile Version in XP & below is V1 where as profile Version for Vista & above is V2, so when you migrate the profile from XP to WIN7 a new profile is created even though profile still exists & other reason is windows XP & Win7 have different folder architecture for profiles like XP it stores the profile under document & settings where as in Vista & above its C:\users.

Managing Roaming User Data Deployment Guide

http://technet.microsoft.com/en-us/library/cc766489%28WS.10%29.aspx

One of the article, i personally used in the past understanding & configuring folder redirection is below by Ace Fekay, the reason is its been well documented with the supporting links. Thanks to Ace for wonderful article.

http://msmvps.com/blogs/acefekay/archive/2009/09/08/folder-redirection.aspx

 

Posted in Group Policy | Tagged: | 1 Comment »

Loopback Group Policy Explained

Posted by Awinish on November 11, 2010


Loopback group policy are used to apply user configuration settings on the computer. The loopback policy comes to rescue when you want to apply users configuration settings to the computer irrespective of what what users are login to the particular system.There is two mode basically one is Replace and other Merge mode.  When you select replace mode in the loopback GPO, computer and user configuration configured in that OU will be applied irrespective of the which OU user belongs to and what user configuration GPO has defined in that OU. When you select Merge mode, user and computer configuration configured in the loopback GPO as well as user configuration GPO for the user belongs to the different OU will be applied. In case of conflict user configuration from the loopback GPO will win.

http://social.technet.microsoft.com/wiki/contents/articles/windows-server-understand-user-group-policy-loopback-processing-mode.aspx

Loopback policy is very effective GPO setting, but it requires proper understanding & planning,before it can be implemented in the live environment. I always believe without proper understand or something new to be tried has to go via lab testing else your production environment will become testing environment and can cause serious business loss to the clients. For testing,create a independent lab which can be either using virtual PC or VMware software. Always, test the GPO before applying to the production because reverting the changes requires time and may not be as simple as applying.

Additional references to help you better understand.

http://technet.microsoft.com/en-us/library/cc782810%28WS.10%29.aspx

http://cbfive.com/blog/post/Demystifying-Loopback-Policy-Processing.aspx

http://kudratsapaev.blogspot.in/2009/07/loopback-processing-of-group-policy.html

 

Posted in Directory Services, DNS/DHCP, Group Policy | Tagged: , | Leave a Comment »

Fine Grained Password Policy In The Win 2008/R2

Posted by Awinish on November 9, 2010


Windows 2003 and below supports only single password policy in the domain and it wasn’t possible to configure multiple or different password or account lockout policy for the different set of users or groups within the same domain. The different password policy sometimes force to create different domain if you are hosting AD for the multiple clients due to their requirements. Windows 2008/R2 supports multiple password policy in the domain, which was most requested features in the newest OS. Microsoft heard it & introduced the different password policy in windows 2008 & above called as Fine Grained Password Policy(FGPP).

The requirement for implementing the Fine Grained Password Policy(FGPP) is domain functional level required to be windows at 2008 & above. This means your all the DC in the particular domain where you want to implement FGPP should be running DC’s in windows 2008 & above.

Windows Server 2008 – Fine Grained Password Policy Walkthrough

http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx

Here is the step by step link to configure Windows 2008 Fine Grained Policy.

http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx

Tool to manage fined grained password policy using GUI.

http://www.specopssoft.com/documentation/specops-password-policy-basic-documentation

AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide

http://technet.microsoft.com/en-us/library/cc770842.aspx

AD DS: Fine-Grained Password Policies

http://technet.microsoft.com/en-us/library/cc770394%28v=ws.10%29.aspx

 

Posted in Directory Services, Group Policy | Tagged: , , | Leave a Comment »