Article DirectoryJust another article directory

To help you analyze the cumulative effects of MCITP Certification, Windows Server 2003 provides the Resultant Set Of Policy Wizard, which uses existing GPO settings to report the effects of GPOs on users and computers. You can also use the Resultant Set Of Policy Wizard in an entirely different manner to simulate the effects of planned GPOs. To accomplish polling of existing GPOs and the simulation of planned GPOs, the Resul?tant Set Of Policy Wizard uses two modes, Logging mode and Planning mode, to create RSoP queries. Logging mode reports the existing GPO settings for a user or computer. Planning mode simulates the GPO settings that a user and computer might receive, and it enables you change the simulation.
Logging Mode
RSoP Logging mode enables you to review existing GPO settings, software installation applications, and security for a computer account or a user account. Use Logging mode to
Find failed or overwritten policy settings
See how security groups affect policy settings
Find out how local policy is affecting group policies
When you create an RSoP query in Logging mode, each of the applications that are available for installation, the folders that will be redirected (and to where), and each policy setting that will be applied to the user or computer, as well as the security group’s effect on those policies, are reported.
In RSoP Logging mode, you can create an 70-686 exam RSoP query only for user accounts and computer accounts. In addition, only users and computers that have logged on to the domain are available for an RSoP query.
If at any time while navigating the Resultant Set Of Policy Wizard you have finished entering information for your RSoP simulation, select the Skip To The Final Page Of This Wizard Without Collecting Additional Data check box and click Next.
To create an RSoP query for an existing user and computer, you must either be logged on to the local computer as a user, be a member of the local Administrators, Domain Administrators, or Enterprise Administrators group, or have permission to generate RSoP for the domain or OU in which the user and computer accounts are contained. You must be an enterprise administrator if the RSoP query includes site GPOs that cross domain boundaries in the same forest. This section describes how to create RSoP queries in Logging mode and Planning mode.
Loopback processing. This option simulates enabling of the GPO setting User Group Policy Loopback Processing Mode, located in Computer Configuration,
Administrative Templates, System, Group Policy. The simulation can be set to Merge or Replace. Select Merge to simulate the appending of the GPO list
obtained for the computer at computer startup to the a Exams list obtained for the user. Select Replace to simulate replacement of the GPO list for the user with the GPO list already obtained for the computer at computer startup.

Read more on Generating RSoP Queries with the Resultant Set Of the Policy Wizard…

As discussed in Lesson 1, the policies in a GPO apply only to CompTIA A+ Essentials users who have the Read and Apply Group Policy permissions for the GPO set to Allow. However, by default, all users in the Authenticated Users group have Read and Apply Group Policy permissions set to Allow for all new GPOs. This means that by default, all users are affected by the GPOs set for their domain, site, or OU regardless of the other groups in which they might be members. Therefore, there are two ways of filtering GPO scope:
Clear the Apply Group Policy permission (currently set to Allow) for the Authenticated Users group, but do not set this permission to Deny. Then determine the groups to which the GPO should be applied and set the Read and Apply Group Policy permissions for these groups to Allow.
Determine the groups to which the GPO should not be applied and set the Apply Group Policy permission for these groups to Deny.
Recall from Chapter 9, “Administering Active Directory Objects,” that if you deny permission to a user to gain access to an object, the user will not have that permission, even if you allow the permission for a group of which the user is a member.
To filter the scope of a GPO, complete the following steps:
1.Access the Group Policy Object Editor for the GPO.
Right-click the root node, and then click Properties.In the Properties dialog box for the GPO, click the Security tab, shown previously in Figure 10-14, and then click the security group through which to filter this GPO.
If you need to change the list of security groups through which to filter this GPO,you can add or remove security groups using Add and Remove.
4.Set the permissions as shown in A+ Exams, and then click OK.
To specify the No Override option, complete the following steps:
1.Open the Active Directory Users And Computers console to specify the No Override option for a domain or OU, or open the Active Directory Sites And Services
console to specify the No Override option for a site.
2.In the console, right-click the site, domain, or OU to which the GPO is linked,click Properties, and then click the Group Policy tab.
3.In the Properties dialog box for the object, in the Group Policy tab, select the GPO, and then click Options.
In the Options dialog box for the GPO, shown in Figure 10-18, select the No Override check box to specify that other GPOs should be prevented from overriding
settings in this GPO, and then click OK.
The east.humongous.com administrator, Sharon Salavaria, has configured a GPO, named Required_Set, that she says is mandatory for her entire domain. She also has several GPOs that she’s configured at the domain, but she doesn’t consider those policies mandatory. The Administration and Regional Sales OU administra?tors have blocked policy inheritance to their OUs. Sharon wants to be sure that they receive at least the Required_Set GPO. What should she clo?
Sharon should configure the Required_Set GPO for No Override. The Required Set MCSE exams will be inherited by all the OUs, but the administrators of those OUs will not have to accept the other GPOs she has configured.

Read more on Filtering GPO Scope with Security Groups…

Before attempting to implement Group Policy, you must be familiar with CompTIA A+ certification concepts that affect Group Policy operations. This lesson defines Group Policy, explains how GPOs work, and provides an overview of the settings in a GPO. It also shows you how Group Policy affects startup and logging on, how it is applied, and how security groups are used to filter Group Policy.
Group policies are collections of user and computer configuration settings that specify how programs, network resources, and the operating system work for users and computers in an organization. Group Policy can be set up for computers, sites, domains, and OUs. For example, using group policies, you can determine the programs that are available to users, the programs that appear on the user’s desktop, and Start menu options. Although the name “Group Policy” suggests that you might set policies for global, domain local, or global groups, this is not the case. Instead, think of Group Policy as groupings of policy settings that are linked to computers, sites, domains, and OUs.
Off the Record As stated in this A+ Exams section, group policies apply to computer and user accounts. A common misconception is that group policies can be applied to groups. Although group policies do not apply to groups, group membership can affect the application of Group Policy. For example, if a user or computer account belongs to a group that is specifically denied the ability to apply Group Policy, that account will not receive the Group Policy. This concept is known as filtering GPO scope with security groups, and is discussed in Lesson 3.
You can see a mapping of the Group Policy GUID and name in the Active Directory Replication Monitor (Replmon.exe). To see this, add a domain controller as the monitored server, and then right-click that domain controller and select Show Group Policy Object Status.
You can determine which administrative groups can administer (create, modify, delete) GPOs by defining permissions for each GPO in the GPO’s Security tab, just like you would for any other object. Planning administrative control of GPOs is discussed in Lesson 2.
To open the Group Policy Object Editor from the Active Directory Users And Computers console, complete the following steps:
1.Click Start, point to Administrative Tools, and then click Active Directory Users And Computers.
2.In the console tree, right-click the domain or OU you want to set Group Policy for,and then click Properties.
3.Click the Group Policy tab, click an entry in the Group Policy Object Links list to select an mcsa existing GPO, and then click Edit. (Or, click New to create a new GPO, and then click Edit.)The Group Policy Object Editor for the domain or OU GPO is now available.

Read more on the Understanding Group Policy…

For optimum security, Microsoft recommends A+ certificate that you do not assign administrators to the Administrators group and that you avoid running your computer while logged on as an administrator. This lesson examines reasons why you should not run your computer as an administrator and the actions you should take to ensure security for administrators.
Why You Should Not Run Your Computer as an Administrator
Running Windows Server 2003 as an administrator makes the system vulnerable to Trojan horse attacks and other security risks. The simple act of visiting an Internet site can be extremely damaging to the system. An unfamiliar Internet site might contain Trojan horse code that can be downloaded to the system and executed. If you are logged on with administrator privileges, a Trojan horse could possibly reformat your hard drive, delete all files, create a new user account with administrative access, and so on.
Therefore, you should not assign yourself to the A+ Exams Administrators group and you should avoid running your computer while logged on as an administrator. For most computer activity, you should assign yourself to the Users or Power Users group. When you log on as a member of the Users group, you can perform routine tasks, including running programs and visiting Internet sites, without exposing your computer to unnecessary risks. As a member of the Power Users group, you can perform routine tasks and also install programs, add printers, and use most Control Panel items. If you need to perform an administrator-only task, such as upgrading the operating system or configuring system parameters, you should log on as an administrator, perform the task, and then log off. If you frequently need to log on as an administrator, you can use the Run As program to start programs as an administrator.
You use the Active Directory Users And Computers console to create groups,delete groups, add members to groups, and change the group scope.
With the necessary permissions, you can create groups in any domain in the forest, in an OU, or in a container you have created specifically for groups. The name you select for a group must be unique in the domain where you create the group.
You cannot change the group scope for free practice questions domains with a domain functional level set to Windows 2000 mixed.

Read more on the Administration Strategies…

The Microsoft Certified Technology Specialist mcts exam: Windows 7, Configuring certification training offered through SEEK Learning will provide you with all the skills you need to pass the MCTS 70-680 exam and get certified.

Read more on How will this course advance my career…

A maximum of three replication hops between domain controllers, due to the addition of 220-701 test cost connection objects by the KCC Intersite Replication To ensure replication between sites, you must connect them manually by creating site links. Site links represent network connections and allow replication to occur. A single KCC per site generates all connections between sites. Active Directory uses the network connection information to generate connection objects that provide efficient replication and fault tolerance, as shown in Figure 1-12.
You provide information about the replication transport used, cost of a site link, times when the link is available for use, and how often the link should be used. Active Directory uses this information to determine which site link is used to replicate information. Customizing replication schedules so replication occurs during specific times, such as when network traffic is light, makes replication more efficient.
As an administrator, you must configure sites and replication to ensure that the most up-to-date information is available to users. Replication and site link configuration are discussed in more detail in Chapter 5, “Configuring Sites and Managing Replication.”
A domain controller stores and replicates:
The schema partition data for a forest.
The configuration partition data for all domains in a forest.
The domain partition data (all directory objects and properties) for its A+ Exams domain.
This data is replicated to additional domain controllers in the domain. For the purpose of finding information, a partial replica containing commonly used attributes of all objects in the domain is replicated to the global catalog.
A global catalog stores and replicates:
The schema partition data for a forest
The configuration partition data for all domains in a forest
A partial replica containing commonly used attributes for all directory objects in the forest (replicated between global catalog servers only)
A full replica containing all attributes for all directory objects in the domain in which the global catalog is located
A second CD-ROM contains a 180-day evaluation edition of Microsoft Windows Server 2003, Enterprise Edition.
Caytion The 180-day Evaluation Edition provided with this training is not the full retail product and is provided only for the purposes of training and evaluation. Microsoft Technical Support free CompTIA practice IT questions does not support this evaluation edition.

Read more on Intrasite replication topology…