Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2008 R2 : GPO Administrative Tasks (part 2) - Creating and Utilizing Starter GPOs

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/9/2011 2:41:52 PM

Creating and Utilizing Starter GPOs

The Windows 7 and Windows Server 2008 R2 GPMC includes a feature and GPO function named starter GPOs. This function allows administrators to create or load base GPOs with preconfigured administrative template settings and values, which can be used to prepopulate new GPOs. If any starter GPOs exist, an administrator creating a new GPO from a Windows 7 or a Windows Server 2008 R2 GPMC console will have the option of using any existing starter GPO to prepopulate newly created GPOs with a number of setting values. Once the starter GPO functionality is enabled, Group Policy administrators can create new starter GPOs customized for their organization’s needs.

Starter GPOs can be viewed within the GPMC and can be edited using the Group Policy Starter GPO Editor, but the files are stored within the domain controller sysvol folders. As an example, starter GPOs for the companyabc.com domain would be located at the \\companyabc.com\SYSVOL\companyabc.com\StarterGPOs folder. Microsoft provides some starter GPOs that will be automatically installed when starter GPO functionality is enabled. These currently include templates for two environments as described in the Windows client security guides. These are the Enterprise Client (EC) environment scenario and the Specialized Security Limited Functionality (SSLF) client environment scenario.

The Enterprise Client (EC) environment, as described in the Windows client security guide, is an Active Directory domain infrastructure that runs Windows Server 2003 and Windows Server 2008 servers and Windows Vista and Windows XP client workstations where functionality is as important as security. The preconfigured settings in the EC starter GPOs have been designed to enable the necessary functionality to allow businesses to function with centrally managed user and computer configuration management as well as security management and audit settings.

The Specialized Security Limited Functionality (SSLF) environment, as described in the Windows client security guide, is designed to provide security configurations and guidelines for environments that require higher security, which outweighs the importance of smoother user experiences and manageability. As an example of this, the Windows Vista SSLF Computer starter GPO would deny logon through Terminal Services functionality, whereas the Windows Vista EC Computer policy leaves this setting undefined. This policy setting allows Administrators and/or members of the Remote Desktop Users groups to connect using Remote Desktop Connection or Terminal Services clients.

Caution

Any Group Policy administrator must take the highest precautions to ensure that no group policies deployed on a network are released without thorough testing in an isolated lab environment. This is especially true when considering deploying policies built on the EC or SSLF starter GPO policies.


The starter GPOs included with Windows Server 2008 R2 GPCM include the following policies:

  • Windows Vista EC Computer

  • Windows Vista EC User

  • Windows Vista SSLF Computer

  • Windows Vista SSLF User

  • Windows XP EC Computer

  • Windows XP EC User

  • Windows XP SSLF Computer

  • Windows XP SSLF User

For more information about the EC and SSLF starter GPOs, refer to the Windows client security guides online.

Enabling Starter GPOs

Before starter GPOs can be put to use, the functionality must first be enabled in the domain. Enabling this function is about as simple as pushing a button. To enable the starter GPO feature, perform the following steps:

1.
Log on to a designated Windows 7 or Windows Server 2008 R2 administrative system.

2.
Open the Group Policy Management Console.

3.
Expand the domain to expose the Starter GPOs container and select it.

4.
In the right pane, click the Create Starter GPOs Folder button.

Once the task is completed, the eight out-of-the-box starter GPOs will be available for review in the GPMC. Also, the Group Policy administrator can now create new starter GPOs from scratch and can also create new GPOs by using starter GPOs as templates.

Note

The starter GPOs included with Windows 7 and Windows Server 2008 R2 are read-only and cannot be edited directly. Copies of the built-in starter GPOs can be edited.


Creating a Starter GPO

Starter GPOs can be created or added to a domain in a few ways. A starter GPO can be created from scratch using a blank template, it can be created by restoring from a starter GPO backup folder, or it can be imported from a provided starter GPO cabinet file. Before the release of the Windows 7 and Windows Server 2008 R2 Group Policy Management tools, the Microsoft EC and SSLF starter GPO policies were provided as separate downloads, stored in cabinet backup files. If an organization has not yet adopted Windows Server 2008 R2 domain controllers, this is the only way to import these starter GPO policies. To create a starter GPO from a backup, please refer to the “Backing Up and Restoring Starter GPOs” section. To create a new starter GPO, perform the following steps:

1.
Log on to a designated Windows Server 2008 R2 administrative system.

2.
Open the Group Policy Management Console.

3.
Expand the domain to expose the Starter GPOs container and select it.

4.
Verify that the starter GPO functionality is enabled by viewing the right pane.

5.
Right-click the Starter GPOs container in the tree pane, and select New.

6.
In the New Starter GPO dialog box, type in a name for the new starter GPO, and enter a comment to describe what will be included in this starter GPO and when and where it should be applied as a template.

7.
Click OK to create the new starter GPO.

8.
To configure settings in the new starter GPO, right-click the GPO and select Edit to open the GPO in the Group Policy Starter GPO Editor.

9.
When the GPO is configured as desired, close the Group Policy Starter GPO Editor.

10.
In the GPMC, right-click the newly configured starter GPO, and select Backup to back up this individual starter GPO.

11.
Specify a destination folder to back up the GPO, enter a description for this backup, and click Back Up to back up the starter GPO.

12.
When the backup completes, review the backup results and click OK to close the window.

13.
Close the GPMC tool.

Creating Starter GPOs from Cabinet Files

To create a new starter GPO from a cabinet file (*.cab), perform the following steps:

1.
Log on to a designated Windows Server 2008 R2 administrative system.

2.
Open the Group Policy Management Console.

3.
Expand the domain to expose the Starter GPOs container and select it.

4.
Verify that the starter GPO functionality is enabled by viewing the right pane.

5.
In the right pane, near the bottom, select the Load Cabinet button.

6.
In the Load Starter GPO dialog box, click the Browse for CAB button to specify the folder location of the starter GPO cabinet file.

7.
Locate the cab file, select it, and click Open to return to the Load Starter GPO dialog box.

8.
Back in the Load Starter GPO dialog box, the dialog box will display the version information of the cab file in comparison with any existing starter GPOs. Also, the comment will be displayed and the administrator can view the settings. Click OK to load or import the cab file to the domain starter GPO repository.

9.
If an existing starter GPO has the same name, it will be overwritten and a confirmation dialog box will require the administrator to click OK to accept this change.

10.
Once the cab file is imported, close the GPMC.
Other -----------------
- Windows Server 2008 R2 : Designing a Group Policy Infrastructure
- Windows Server 2008 R2 : Policy Management Tools (part 3) - Event Viewer
- Windows Server 2008 R2 : Policy Management Tools (part 2)
- Windows Server 2008 R2 : Policy Management Tools (part 1) - Group Policy Management Console & Group Policy Object Editor
- Windows Server 2008 R2 : Group Policy Administrative Templates Explained
- Windows Server 2003 : Deploying DNS Servers (part 4) - Viewing and Clearing the DNS Server Cache
- Windows Server 2003 : Deploying DNS Servers (part 3) - Creating Resource Records
- Windows Server 2003 : Deploying DNS Servers (part 2) - Understanding Server Types
- Windows Server 2003 : Deploying DNS Servers (part 1) - Installing the DNS Server Service & Configuring a DNS Server
- Windows Server 2008 R2 : Elements of Group Policy (part 5)
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server