Policies

  •  In the Group Policy Object Editor, the administrator sees hundreds of policies that can be changed. For example, a policy may allow a user to (or not too) access the command prompt.
  • Since group policies effectively edit the registry for computers and users, anything that is stored as registry key can be modified and changed through a Group Policy. You can do this by creating a custom ADM file.

Policy Settings

  • You edit most policy settings by double-clicking the title of the policy setting, which opens a dialog box that provides specific options.
  • In most cases, when you can double click the title of a policy setting, the dialog box contains any relevant defining information about the policy setting.
    image003

Policy Settings Values

  • Not Configured: Specifies that no change is made to the registry for this setting.
  • Enabled: Updates the registry with the GPO policy settings.
  • Disabled: Removes the specific GPO policy settings from the registry.

Group Policy Sections

Group Policy Object Editor consists of two main sections:

  • Computer Configuration, which holds settings that are applied to computers (At startup and periodic background refresh).
  • User Configuration, which holds settings that are applied to users (At login and periodic background refresh) and these sections are further divided into the different types of policies that can be set, such as Software Settings, Windows Settings and Administrative Templates.

How Group Policies are Managed

Group Policy Object Editor administrative tool gets installed when Windows 2003-2012 Active Directory is installed.

  • It can be launched from Group Policy Management Console.
  • It can be launched from Active Directory Management tools.

Group Policy Management Console

image005

  • Group Policy Management Console a free download from Microsoft. (Recommended)
  • The GPMC lets administrators manage Group Policy for multiple domains and sites within one or more forests, all in a simplified user interface (UI) with drag-and-drop support.
  • Supports backup, restore, import, copy, and reporting of Group Policy Objects (GPOs).

ADM Files

 ADM (Administrative Template files) are used to populate user interface settings in the Group Policy Object Editor, enabling administrators to manage registry-based policy settings.

  • Are available directly from Microsoft for Microsoft OS and Application policy settings.
  • Can be created by an administrator.

Adding Administrative Template files

  1. In the GPO editor, right-click on Administrative Templates and Select Add/Remove Templates.Add Remove Templets
  2. Select Add to add a template.
    Add button
  3. Browse through the directory that contains the ADM file and select OK.
    Browse for ADMADM added

Group Policy Refresh Interval

  • Group Policies are not immediately refreshed when changes are made.
  • Windows XP, Vista, 7, 8 computers in domain environment update by default every 90 minutes.
  • Local Group Policy changes take place from 0 – 5 minutes.
  • To force a computer to refresh it’s group policy settings, run the following command:
    C:\> gpupdate /force

GPO Backup Settings

  • Deployment Token: A unique identifier available in the administrator console. To retrieve it, go to Users tab → Install → Centralized Deployment.
  • Get Email From:
    • Active Directory: Read email from the Active Directory. If not available, auto generate sign up email as “username@domain”.
    • Manually Specified: Set a sign in email. You must disable Auto Generate Password.
  • Auto Generate Password:
    • Set it to Enable if you wish the program to auto generate the password which you can reset later on.
    • Set to Disable if you wish to specify a password for all users.
  • Password Token: Set the password token. If you are using an existing user email, supply the password generator with the password associated to the account.
  • Instant Storage Limit (GB): Instant storage limit assigned in GB, if empty then there is no limit.
  • Cold Storage Limit (GB): Cold storage limit assigned in GB, if empty then there is no limit.
  • Policy Name: Assign a Policy; case sensitive, must be entered as it was created in the policies tab. If empty, the user will set up the backup (user defined).

    If the Account already has a policy assigned to it, this will be ignored.

    GPO Backup Settings

Zoolz Group Policy Settings and the Registry

  • When a policy is enabled, it is stored in the registry under: HKLM or HKCU\Microsoft\Windows\CurrentVersion\CloudBackup
    Then under the specific product and GPO item you are configuring.

Exporting CloudBackup Group Policy Settings from the Registry

  • Right-click the product branch in the registry and select Export.
  • Type the registration file name you want to save it as and click Save.

Importing Settings from a Registry File

  • Importing .reg files is only required for machines that are not part of a domain.
    • You can manually import it into the registry by double-clicking on the registration file.
    • You can import it into the registry by using a command line:
      reg import filename.reg
      Or
      regedit /s filename.reg for silent imports