Group Policy. Jeremy Moskowitz
Читать онлайн книгу.Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer, and consultant. He has taught and presented on PowerShell and the benefits of automation to IT pros all over the world. Jeff has written for numerous online sites and print publications, is a contributing editor at Petri.com, a Pluralsight author, and a frequent speaker at technology conferences and user groups. His latest book is PowerShell In Depth: An Administrator's Guide, Second Edition, with Don Jones and Richard Siddaway (Manning Publications, 2013). You can keep up with Jeff on Twitter (http://twitter.com/JeffHicks) and on his blog (http://jdhitsolutions.com/blog).
Alan Burchill works as a manager for Avanade Australia based in Brisbane. He has a normal day job as the lead global Active Directory administrator for a large multinational corporation. Alan has been working with Microsoft technologies for over 17 years and is a regular speaker at Microsoft TechEd and Ignite conferences. He has been a Microsoft Valuable Professional in the area of Group Policy for the past six years. He regularly blogs about Group Policy and other related topics at his website called Group Policy Central at www.grouppolicy.biz. Alan also runs the Brisbane Infrastructure Users Group (www.bigau.org), where he organizes monthly meetings about Microsoft Infrastructure-related topics, and he is the organizer of the annual Infrastructure Saturday event (www.infrastructuresaturday.com), which is a full-day community event about Microsoft Infrastructure Technologies. You can reach him via his website or via Twitter @alanburchill
.
Introduction
Windows 10 is here.
Alas, Windows 8 and 8.1, we hardly knew ye.
And Windows 9 – we just skipped you entirely and jumped ahead to Windows 10.
For people buying this book for the first time, welcome. For people who have bought previous editions and are returning again (or again and again and again) – thank you for coming back.
Group Policy and Active Directory go hand in hand. If you have Active Directory, you get Group Policy.
If you’re very new to Group Policy, here’s the inside scoop. Group Policy has one goal: to make your administrative life easier. Instead of running around from machine to machine, tweaking a setting here or installing some software there, you’ll have ultimate control from on high.
Like Zeus himself, controlling the many aspects of the mortal world below, you will have the ability, via Group Policy, to dictate specific settings pertaining to how you want your users and computers to operate. You’ll be able to shape your network’s destiny. You’ll have the power. But you need to know how to tap into this power and what can be powered.
In this introduction and throughout the first several chapters, I’ll describe just what Group Policy is all about and give you an idea of its tremendous power. Then, as your skills grow, chapter by chapter, we’ll build on what you’ve already learned and help you do more with Group Policy, troubleshoot it, and implement some of its most powerful features.
For those of you who are already somewhat Group Policy savvy, there is some good and some bad news (which is the same news): From a Group Policy perspective, Windows 10 is not radically different from its Windows 7 or Windows 8 siblings.
Ironically, Group Policy’s innards did get the most recent update between Windows 8 and Windows 8.1, and those carry forward to Windows 10. I’ll explain these when the time comes, so you can understand the behavior changes. Take a look at Table I-1 for how the Windows Group Policy engine evolved when the internal version number changed.
Table I-1: How Windows and Group Policy evolved
Again, Table I-1 shows changes from a “Group Policy guts” perspective and is not necessarily reflective of what you can do (the actions you can perform) with Group Policy.
Knowing what’s changed within the Group Policy guts is a dual-edged sword. On the one hand, you could say to yourself, “Awesome! If I’m already an expert at Windows 7 and Group Policy, there’s not a huge hill to climb!” And that would be true. On the other hand, it’s also true that because Windows 8 through 10 didn’t shake things up too much, with regard to Group Policy “guts,” there’s not a lot of whiz-bang newness to uncover and show off. That being said, the updates in Windows 8.1 (which carry forward to Windows 10) will be covered in Chapter 3.
In a way, I really like the dual-edged sword. I like that there are a variety of new goodies and things you can do with Group Policy for Windows 10, some interesting updates, but not a radical head-spinning change. I like the fact that what is already working in practice doesn’t change that much. I like knowing that the time already invested in getting smarter in Group Policy isn’t for nothing, and you and I won’t have to relearn everything we ever knew all over again.
So, even though the “guts” haven’t changed all the much, there’s always new “stuff” you can accomplish with Group Policy as each operating system comes out.
As you likely already know, Group Policy is, at its heart, an “on-prem” system for management. Isn’t this antithetical to Microsoft’s new battle cry of “Mobile first, cloud first?”
If you want to read Microsoft’s own perspective on this, see:
http://news.microsoft.com/2014/03/27/satya-nadella-mobile-first-cloud-first-press-briefing/
Shouldn’t Group Policy get a huge overhaul in its underlying technology to align with “Mobile first, cloud first?”
Perhaps it doesn’t need it. Because Group Policy is, by its very nature, extensible, we can extend Group Policy to the cloud when needed if paired with (at least two) “add-ons.” Microsoft DirectAccess (beyond the scope of this book, but briefly touched upon in Chapter 3) enables Windows machines to act as if they are always connected on-premise, even though they might be over the Internet at a coffee shop. That being said, DirectAccess only works with the more pricey Enterprise version of the Windows client.
PolicyPak Cloud (demonstrated in Chapter 3 and “name dropped” throughout the book) can take existing Group Policy directives and get them to the cloud for use on traveling and even non-domain-joined machines. PolicyPak Cloud works with any version of Windows and isn’t limited to the more pricey Enterprise version.
If you’ve done some work already with Group Policy, you might notice that it could be described as various components under one roof; it roughly breaks down as follows:
● Group Policy Administrative Templates
● Group Policy Security Settings
● Group Policy Preferences
● Everything else, including third-party extensions
With all that power, and extendibility, Group Policy continues to stay not just relevant but, indeed, central to any Active Directory administrator’s tool belt of required knowledge.
And because Group Policy is extensible, it can keep working in a “Mobile first, cloud first” world.
Group Policy Defined
If we take a step back and try to analyze the term Group Policy, it’s easy to become confused. When I first heard the term, I didn’t know what to make of it.
I