GPO Modeling and GPO Results in the GPMC
When an organization decides to perform administrative and management tasks using group policies, it is essential that the system administrators understand how to check to see if Group Policy processing is working correctly. In the case when Active Directory hierarchies are being restructured, or if new policies are being deployed, performing a simulated application of group policies to review the results can help avoid unexpected issues. To perform Group Policy simulations, an administrator can use Group Policy Modeling, available in the GPMC. Group Policy Modeling is the equivalent of Resultant Set of Policies (Planning), which is the name of the administrative right that must be delegated in Active Directory to run this tool. To perform Group Policy Modeling, perform the following tasks:
- Log on to a designated Windows Server 2008 R2 administrative server.
- Open the Group Policy Management Console from the Administrative Tools menu.
- In the tree pane, select the Group Policy Modeling node, right-click the node, and select Group Policy Modeling Wizard.
- On the Welcome page, click Next to continue.
- On the Domain Controller Selection page, specify a domain controller or accept the default of using any domain controller, and click Next.
- On the User and Computer Selection page, the Group Policy Modeling Wizard can be used to run a simulation based on a specific user and computer in their current locations, or containers can be specified for either the user or computer to simulate GPO processing of a specific user, logging on to a Computer in a specific container. For this example, select the Users container and the Computers container of the domain to determine which policies and settings will be applied by default. Click Next to continue.
- On the Advanced Simulations page, loopback processing, slow network connections, and site-specific testing can be specified. Accept the defaults and click Next to continue.
- On the User Security Groups page, specific security groups can be specified to run policy modeling against. Accept the defaults and click Next to continue.
- On the Computer Security Groups page, specific security groups can be specified to run policy modeling against. Accept the defaults and click Next to continue.
- On the WMI Filters for Users page, select the All Linked Filters option button, and click Next to continue.
- On the WMI Filters for Computers page, select the All Linked Filters option button, and click Next to continue.
- On the Summary of Selections page, review the choices and if everything looks correct, click Next to run the GPO modeling tool.
- When the process completes, click Finish to return to the GPMC and review the modeling results.
- In the Settings pane, the summary of the computer and user policy processing will be available for view. Review the information on this page and then click on the Settings tab to review the final GPO settings that would be applied.
- Close the GPMC and log off.
In situations when Group Policy is not delivering the desired results, GPO Results can be run to read and display the Group Policy processing history. GPO Results are run against a specific computer, but can also be used to collect user policy processing. To run GPO Results to review the GPO processing history, perform the following steps:
- Log on to a designated Windows Server 2008 R2 administrative server.
- Open the Group Policy Management Console from the Administrative Tools menu.
- In the tree pane, select the Group Policy Results node, right-click the node, and select Group Policy Results Wizard.
- On the Welcome page, click Next to continue.
- On the Computer Selection page, choose to run the policy against another computer and locate a Windows 7 system that a user has already logged on to. Also be sure to uncheck the Do Not Display Policy Settings for the Selected Computer in the Results check box, and click Next.
- On the User Selection page, select the Display Policy Settings For option button, and then select the Select a Specific User option button. Select a user from the list, and click Next to continue. Only users who have previously logged on to the selected computer will be listed and they will only be listed if the user running the tool is a domain admin or has been granted the right to run Resultant Set of Policies (Logging) for the particular users.
- On the Summary of Selections page, review the choices and click Next to start the GPO Results collection process.
- When the process completes, click Finish to return to the GPMC.
- When the process completes, the results will be displayed in the Settings pane on the Summary, Settings, and Policy Events tabs. Review the results and close the GPMC when finished.
In this tutorial:
- Group Policy Management for Network Client
- Windows Group Policies
- Domain Group Policies
- Group Policy Feature Set
- User Configuration Policy Node
- Planning Workgroup and Standalone Local Group Policy Configuration
- Planning Domain Group Policy Objects
- Domain GPOs
- Active Directory Site GPOs
- Managing Computers with Domain Policies
- Managing User Account Control Settings
- Creating a Software Restriction Policy
- Creating Application Control Policies (AppLocker)
- Deploying Printers Windows Server 2008
- Mapping Drives Using Preferences User Drive Maps Extension
- Configuring Basic Firewall Settings with Group Policy
- Configuring Windows Update Settings
- Configuring Power Options Using Domain Policies
- Managing Users with Policies
- Configuring Folder Redirection
- Removable Storage Access
- Managing Active Directory with Policies
- Configuring Restricted Groups for Domain Security Groups
- Extending Group Policy Functionality
- Synchronous Foreground Refresh
- GPO Modeling and GPO Results in the GPMC
- Managing Group Policy from Administrative or Remote Workstations