Disk Quotas/Group Policy

It is a new feature of 2000&03
Using this feature an administrator can restrict the users from using disk space.

i.e. an administrator can limit the size of the disk space usage. Quotas can be implemented in two ways
On computer basis (local machine) User basis (network resource)
Quotas can be implemented only on NTFS volumes.

Implementing & quota for a user (user basis) On member server
Login as administrator
Open my computer
Right click on D or E drive
Properties
Quota
Check the box enable quota management and
Deny disk space to users Click on quota entries tab Select quota
New quota entry
Select the user
Set limit disk space to the user (in KB or MB only) Verification
Login as user
Open the restricted or quota drive
Try to save something

Implementing quota on computers
On member server Login as admin Open my computer E drive properties Quota
Enable quota management Deny disk space to user Select limit disk space
Specify the limits in KB or MB Apply – ok
Organizational Units (OU)
It is a logical component of AD It is a container object
It can contain objects like users, groups, computers, share folder, printer, and contacts.
OUs are basically used for dividing a single domain into smaller portions for efficient management and organization of the resources



Creation of OUs:
On DC
Start >P>admin tools>ADUC Right click on the domain New
Organizational unit
Give the name of the unit






Delegate Control:
Useful when an administrator to handover partial administration of the domain to an assistant  administrator delegate control can be assigned to sub admins on OUs or on domains.
Assigning Delegate control for sub administrator. On DC
Open                                                                                                                           ADUC
select domain controller (right click) New user
Right click on OU Delegate control
Next – add the user we’ve created. Next>select as our wish
Next – finish

Verification:
Move on to member server Login as sub administrator Start – run – dsa.msc
Try to create users in delegated OU

Taking back delegation of control from a User: On DC
Open ADUC Click on view Advanced features
Select the OU which we want to take back control
Right click > properties
Security
Select the sub admin user
Remove apply – ok
It is a feature of 2000&03 with which an administrator can have full control on users and  computers. Using group policy we can implement security, policies, software deployment, folder redirection, Internet explorer maintenance.

 
Group policies enable the users either to access or to be denied of an object. Group policy can be implemented on computers &users.

Group Policy Object (GPO)
GPO defines polices implemental for the objects. One group policy object can be linked with multiple objects like site, domains, DCs, OUs, etc…
The order in which the group policy is applied. When user logs in
Computer policy
Eg: no shut down, no time setting
User profile
Eg. Local, roaming, mandatory

User policy (local computer) Site
Domain
OU

Implementing group policy on OU: Aim: Deny accessing Control Panel

On DC
Open ADUC Create an OU
Create user within the OU Right click >properties Group policy> new> Specify GPO name
Edit
Expand user configuration Select administrative templates Control panel
Double click prohibit access to control panel” Select enable
Apply – ok

Policy inheritance:
If we implement policy on sites it applies to all the domains and OUs within that site. All the domains & OUs within that site inherit policy from its parent.

Block policy inheritance:
Block policy inheritance is useful for blocking the inheritance of the policy from its parent object

Note: 1. Useful when we have to perform shorter administrative tasks.
2. When there is conflict between two policies applied to the same object.

 
Implementing block policy inheritance: On DC
Open                                                                                                                           ADUC
create an OU and a child OU within it. Create a user a/c in child OU
On the parent OU deny control panel
Select child OU > properties
Group policy
Check the box block policy inheritance

Verification
Move client machine log in as user, we have created in child OU. We should notice control panel.

No override: It is an option available from group policy useful when we want to override all the policies implemented on the child objects

Implementing override
On DC
Open ADUC
Select the parent OU We have created Properties
Group policy
Options select no over ride
Note: No over ride is opposite to block policy inheritance;

Important group policies User configuration Administration templates Windows components Windows explorer

-Prevent access to drive
-No entire network
-Remove map drive

Under user configuration Administrative templates Expand system
-Run only allowed windows applications
-Do not run specified applications

Group policies are of two types.
1. Computer configuration
Ø   Software settings
Ø   Windows settings
Ø   Security settings
2. User configuration

 
Ø   Software setting
Ø   Windows setting
Ø   Administrative templates

Group Policy – II
 Devamını oku...

Paylaş |