MCSA 70-410 18. Group Policy Security Filtering
Summary
TLDRThis video demonstrates how Group Policy (GPO) works and how to use security filtering to control which users and computers receive specific GPO settings. The tutorial explains how GPOs are applied at the site, domain, or organizational unit (OU) level, and how to refine their scope using security filtering. The video shows a practical example of applying a policy to a specific user group, such as 'Sales Users', while excluding others like 'Sales Managers'. It also covers key permissions and troubleshooting steps for ensuring the policy is correctly applied.
Takeaways
- 😀 Group Policy (GPO) cannot be applied directly to security groups, it must be linked to a site, domain, or organizational unit (OU).
- 😀 GPOs can apply to both user accounts and computer accounts within a domain, depending on the settings in the policy.
- 😀 Security filtering allows GPOs to be applied selectively to specific users or computers within a linked OU, based on their membership in security groups.
- 😀 In order for a GPO to be applied to a user or computer, both 'Read' and 'Apply Group Policy' permissions must be granted, either explicitly or through group membership.
- 😀 By default, GPOs are applied to all users and computers under the 'Authenticated Users' group, which includes all objects authenticated in Active Directory.
- 😀 The Group Policy Management Console (GPMC) is used to check and modify security filtering settings for a GPO.
- 😀 Permissions for security filtering can be viewed and modified by navigating to the 'Delegation' tab and the 'Advanced' settings for the GPO.
- 😀 After creating and linking a GPO to an OU, it is important to check and adjust the security filtering if you want to apply the policy to only specific groups, like 'Sales User' but not 'Sales Manager'.
- 😀 In this demonstration, a simple policy (locking the taskbar) was applied to a group of users, and the results were tested on machines running different versions of Windows.
- 😀 Security filtering was applied to the 'Sales User' group, ensuring that the policy only affected users in that group, such as 'Raja', but not other users like 'Sanji' who were members of the 'Sales Manager' group.
Q & A
What is Group Policy and how is it applied in an Active Directory environment?
-Group Policy is a feature in Active Directory that allows administrators to manage and configure settings for users and computers within the domain. It is applied at the site, domain, or organizational unit (OU) level, and can target both user and computer accounts.
What is the purpose of security filtering in Group Policy?
-Security filtering allows administrators to refine which users and computers receive the settings defined in a Group Policy Object (GPO). It helps apply policies only to specific security groups within the domain or OU.
Can Group Policy be applied directly to security groups?
-No, Group Policy cannot be applied directly to security groups. Instead, it is linked to sites, domains, or OUs, and security filtering is used to limit the policy's application to specific security groups within those containers.
What are the default permissions for a GPO, and who is affected by them?
-By default, all GPOs have 'Read' and 'Apply Group Policy' permissions set for the 'Authenticated Users' group, which includes both users and computers. This means that, unless modified, the policy will apply to all authenticated users and computers in the domain or OU.
What role does the 'Authenticated Users' group play in the application of GPOs?
-The 'Authenticated Users' group is a default security principle that encompasses all authenticated users and computers in the domain. By default, all GPOs apply to members of this group, meaning the policy is applied to all authenticated users and computers unless security filtering is modified.
How can you limit the application of a GPO to specific users or computers?
-You can limit the application of a GPO by using security filtering. This involves removing the 'Authenticated Users' group from the security filtering section and adding specific security groups, such as 'Sales User,' so that only members of that group receive the GPO settings.
What does the demonstration in the video show regarding the application of a GPO to specific groups?
-The demonstration shows how a GPO that locks the taskbar is initially applied to all authenticated users, but then security filtering is used to apply the GPO only to members of the 'Sales User' group, excluding members of the 'Sales Manager' group.
How does security filtering affect the application of policies to individual users like Raja and Sanj?
-In the demonstration, security filtering ensures that the taskbar lock policy applies to 'Raja' because he is a member of the 'Sales User' group. However, it does not apply to 'Sanj' because he is a member of the 'Sales Manager' group, which is excluded from the security filter.
What steps did the administrator take to implement security filtering in the demonstration?
-The administrator removed the 'Authenticated Users' group from the security filtering section of the GPO and added the 'Sales User' group. This ensured that the GPO was only applied to users who were members of the 'Sales User' group, like 'Raja.'
What is the impact of applying a GPO with security filtering only to certain users or computers?
-The impact is that only users or computers that are members of the specified security groups will receive the GPO settings, allowing for more granular control over who receives specific configurations. In the demonstration, only 'Raja' received the taskbar lock policy, not 'Sanj,' because of the security filtering applied.
Outlines
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenMindmap
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenKeywords
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenHighlights
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenTranscripts
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenWeitere ähnliche Videos ansehen
How to setup a Windows Print Server and deploy printers using Group Policy
MCSA 19 Group Policy Loopback Processing Mode
How to create a File server for a small company
Aplicar Proxy por GPO no WIndows Server 2022
MSP Training with DefensX - Part 2
Creating users and groups in Windows 10, and controlling file permissions
5.0 / 5 (0 votes)