Windows Group Policy Management

Enterprise 2023-06-05 05:59:44 views: null

The management of group policy is generally an application belonging to the domain. What is the role of group policy? Group policy can realize the unified behavior policy management of users and computers in the domain control environment, such as unifying everyone's desktop background, unifying theme style, unifying user settings, etc.

Table of contents

basic knowledge

default setting

1. Publish software through Group Policy

2. Set the desktop background

3. Hide the C drive

4. Add shortcut

5. User settings

basic knowledge

Group Policy is divided into Computer Configuration and User Configuration

Computer Configuration: Used to manage policies that control specific items on a computer. Includes desktop appearance, security settings, operating system execution, file deployment, application distribution, and computer startup and shutdown script execution. These configurations are applied to a specific computer, and when the computer is started, the set Group Policy is automatically applied.

User Configuration: Administrative policies for managing more user-specific items. Includes application configuration, desktop configuration, application assignment, and computer startup and shutdown script running, among others. User Configuration Group Policy is applied when a user logs on to the computer.

Computer configuration application time limit

when the computer is turned on

After the computer is turned on, the domain controller automatically applies the

After the computer is turned on, non-domain controllers are automatically applied every 90-120 minutes

Apply manually

User-configured application time limit

Automatically applied when the user logs in

After the user logs in, the system will automatically apply once every 90-120 minutes

Apply manually

Manual application: open the command line and execute gpupdate /force

mission target:

  1. Publishing software through Group Policy, the published program will appear in the Add or Remove Programs dialog, and it can be installed from there. The software needs to be in msi format, which can be downloaded by itself, such as 7-zip or others.
  2. Find a picture you like, set the desktop background for Win10, and no modification is allowed.
  3. Hide the C drive of Win10 to prevent accidental deletion. At the same time, map a network drive for Win10 to store data.
  4. Add a shortcut to the desktop of Win10 users, and set the address to an address that you usually like to browse.
  5. Finally, you add ordinary domain users who log in to Win10 to the local administrator group of Win10 through group policy. After logging in to Win10, ordinary domain users check whether the verification results are added.

default setting

Use the environment of the last domain control service, prepare a domain control server, prepare a client, and join the domain.

Create a new user and use this user to log in to the domain on the client computer

 

 

1. Publish software through Group Policy

In the server manager of the domain control server, Tools--Group Policy Management

 

Open in sequence as shown in the figure, select New GPO

 

 

Open the newly created GPO

 

 

Add the newly created user

 

Right-click on the newly created Group Policy and select Edit

 

 

Because we want to install the software, the software installation package must be in a network location. If we set it as a local desktop, then there is this software package on the desktop of the domain server, but what about on the client computer? If the desktop of the client computer does not have this installation package, it must not be found, right?

So the installation location here must be set to a network location

Set up shareware

Put the installation package in a directory

 

Return to share share this folder

 

 

Add everyone read permission

 

 

Then the network address of the package becomes

\\IP address of domain server\share\7z2201-x64.msi

for example:

 

 

Enter the user name and password, I entered user here

 

 

This is shared success

Go back to the Group Policy Management Editor you just opened

Open User Configuration--Policy--Software Settings--Software Installation in turn, and right-click on the blank part on the right to create a new data package

 

Enter the network address just now in the file name, and then click OK

 

 

Published is for users to install themselves, assigned is for computers to install automatically, and the computer configuration cannot be set to Published

According to the requirements of the topic, the published program will be displayed in..., and you can install it, which is obviously installed by yourself, so we choose published

Open the client computer and refresh the group policy

 

Open the control panel of the client machine

 

 

You can see that there are released programs here, double-click to install

 

It can be seen that it can be installed normally

 

At this point, the group policy configuration for software installation is complete

2. Set the desktop background

First, put a wallpaper in the newly created share folder

In the same way, select the GPO we just created in the domain server and open the edit

 

Open User Configuration--Policies--Administrative Templates--Desktop--Desktop in turn, double-click to open the desktop wallpaper

 

 

Specify the desktop background location, and then confirm

 

 

After the update is complete, log out of the user and log in again

 

3. Hide the C drive

Open the editor of the newly created GPO and open it in turn

User Configuration--Policies--Administrative Templates--Windows Components--File Explorer

 

On the right interface, find the hidden drive and double-click to open it

 

 

 

Return to client refresh group policy

 

 

Turn on this computer to verify

 

successfully set

4. Add shortcut

Open the newly created GPO, select Edit

Open User Configuration--Preferences--Windows Settings--Shortcuts

 

Right click on the blank area on the right to create

 

Fill in the information in these four boxes and confirm

 

Return to client refresh group policy

 

 

successfully set

5. User settings

The requirement here is that on the client computer, the logged-in domain common user is added to the local administrator group of the client computer. The actual application effect in our environment is that the newly created user user in the domain is automatically added to the client computer. in the local administrators group

Open the newly created GPO, select Edit

Open User Configuration--Preferences--Control Panel Settings--Local Users and Groups

 

Right click on the blank area, select All Tasks - Add

 

Modify the contents of these two boxes

 

Client Refresh Policy

 

The client computer opens the server manager, tools - computer management

 

Find Local Users and Groups - Groups, double-click Administrators on the right

 

 

You can see that the user has been added here, and the setting is complete

Guess you like

Origin blog.csdn.net/qq_24032225/article/details/130239985
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com