Module 1: Group Policy Essentials

• Group Policy Entities and Policy Settings
• Understanding Local Group Policy
• Local Group Policy on Pre-Vista Computers
• Local Group Policy on Vista/Windows 7 and Windows Server 2008 [R2] Computers
• Active Directory–Based Group Policy
• Group Policy and Active Directory
• Linking Group Policy Objects
• Examining the Resultant Set of Policy at the Site Level, Domain Level, OU Level
• Group Policy, Active Directory, and the GPMC
• GPMC Overview
• Implementing the GPMC on Your Management Station
• Active Directory Users and Computers vs. GPMC
• The GPMC-centric View
• Applying a Group Policy Object to the Site Level, Domain, and OU
• Understanding Group Policy Object Linking Delegation
• Granting OU Admins Access to Create New Group Policy Objects

Module 2: Managing Group Policy with the GPMC

• Common Procedures with the GPMC
• Raising or Lowering the Precedence of Multiple Group Policy Objects
• Understanding GPMC’s Link Warning
• Stopping Group Policy Objects from Applying
• Block Inheritance and the Enforced Function
• Filtering the Scope of Group Policy Objects with Security
• Understanding Who Can Create and Use WMI Filters?
• Performing RSoP Calculations with the GPMC
• What’s-Going-On Calculations with Group Policy Results
• What-If Calculations with Group Policy Modeling
• Backing Up and Restoring Group Policy Objects
• Searching for Group Policy Objects with the GPMC
• The GPMC At-a-Glance Compatibility Table

Module 3: GPMC 2.0—Filtering, Comments, and Starter GPOs

• Updated GPMC Filters
• Results of Your Filter
• The All Settings Node
• Comments
• Starter GPOs

Module 4: Group Policy Processing Behavior Essentials

• Group Policy Processing Principles
• Initial Policy Processing
• Background Refresh Policy Processing
• Security Background Refresh Processing
• Special Case: Moving a User or a Computer Object
• Policy Application via Remote Access, Slow Links, and after Hibernation
• Windows 2000 and Windows XP Group Policy via RAS Speed Determination and Policy Reapplication
• Windows Vista/Windows 7 Group Policy via RAS Speed Determination and Policy Reapplication
• What Is Processed over a Slow Network Connection?
• Using Group Policy to Affect Group Policy
• Affecting the User Settings of Group Policy
• Affecting the Computer Settings of Group Policy

Module 5: Advanced Group Policy Processing

• GPO Targeting with WMI Filters
• Tools (and References) of the WMI Trade
• WMI Filter Syntax
• Creating and Using a WMI Filter
• Final WMI Filter Thoughts
• Group Policy Loopback Processing
• Group Policy with Cross-Forest Trusts
• What Happens When Logging onto Different Clients across a Cross-Forest Trust?
• Disabling Loopback Processing When Using Cross-Forest Trusts
• Cross-Forest Trust Client Matrix
• Understanding Cross-Forest Trust Permissions
• Intermixing Group Policy and NT 4 System Policy

Module 6: Troubleshooting Group Policy

• Under the Hood of Group Policy
• Inside Local Group Policy
• Inside Active Directory Group Policy Objects
• The Birth, Life, and Death of a GPO
• How Client Systems Get Group Policy Objects
• The Steps to Group Policy Processing
• Client-Side Extensions
• Where Are Administrative Templates Registry Settings Stored?
• Why Isn’t Group Policy Applying?
• Reviewing the Basics
• Advanced Inspection
• Client-Side Troubleshooting
• RSoP for Windows 2000
• RSoP for Windows Server 2008 [R2], Windows 7, Vista, Windows 2003, and Windows XP
• Advanced Group Policy Troubleshooting with Log Files
• Using the Event Viewer
• Turning On Verbose Logging
• Group Policy Processing Performance
• Group Policy Diagnostic Best Practice Analyzer (GPDBPA)

Module 7: ADM and ADMX Template Management

• Policies vs. Preferences
• ADM vs. ADMX File Distinction
• GPMC 1.0 ADM File Introduction
• GPMC 2.0 ADMX File Introduction
• ADM vs. ADMX Files—At a Glance
• Creating and Editing GPOs in a Mixed Environment
• How Do You Currently Manage Your Group Policy Objects?
• What Happens When You Create a New GPO?
• What Happens When You Edit an Existing GPO?
• GPMC 2.0 Management Stations and the Central Store
• The Windows ADMX/ADML Central Store
• ADM and ADMX Templates from Other Sources
• Using ADM Templates from Other Sources
• Using ADMX Templates from Other Sources
• ADMX Migrator and ADMX Editor Tools
• Finding the Policy Settings You Need and Cracking the ADM/ADMX Files
• Microsoft’s Policy Settings Spreadsheets for Windows XP and Windows Vista/7
• Last-Ditch Effort Troubleshooting via Registry Punch

Module 8: Implementing Security with Group Policy

• The Two Default Group Policy Objects
• GPOs Linked at the Domain Level
• Group Policy Objects Linked to the Domain Controllers OU
• Oops, the “Default Domain Policy” GPO and/or “Default Domain Controllers Policy” GPO Got Screwed Up!
• The Strange Life of Password Policy
• What Happens When You Set Password Settings at an OU Level
• Fine-Grained Password Policy with Windows Server 2008 [R2]
• Inside Auditing With and Without Group Policy
• Auditing with Group Policy
• Advanced Auditing with Windows 7 and Windows 2008 R2
• Logon, Logoff, Startup, and Shutdown Scripts
• Script Processing Defaults (and Changing Them)
• Restricted Groups
• Tricking Restricted Groups So It’s Not “Rip and Replace”
• Which Groups Can Go into Which Other Groups via Restricted Groups?
• Software Restriction Policy
• AppLocker (Advanced Software Restrictions) for Windows 7 and 2008 R2
• Securing Workstations with Templates
• Security Templates
• Your Own Security Templates
• The Security Configuration and Analysis Snap-In
• Applying Security Templates with Group Policy
• The Security Configuration Wizard
• Security Configuration Wizard Primer and Installation
• A Practical SCW Example
• Converting Your SCW Policy to a GPO
• SCW Caveats

Module 9: Windows Vista/7 and Windows Server 2008 [R2]

• Security Enhancements with Group Policy
• Wireless (802.3) and Wired Network (802.11) Policies
• 802.11 Wireless Policy for Windows XP
• 802.11 Wireless Policy and 802.3 Wired Policy for Windows Vista
• Managing Internet Explorer with Group Policy
• Internet Explorer Maintenance (IEM)
• Internet Explorer’s Group Policy Settings
• Controlling User Account Control (UAC) with Group Policy
• Just Who Will See the UAC Prompts, Anyway?
• Understanding the Group Policy Controls for UAC
• UAC Policy Setting Suggestions
• Configuring Windows Firewall with Group Policy
• Manipulating the Windows XP and Windows Server 2003 Firewall
• Windows Firewall with Advanced Security (for Windows Vista/7 and Windows Server 2008 [R2])—WFAS
• IPsec (Now within Windows Firewall with Advanced Security)
• How Windows Firewall Rules Are Ultimately Calculated

Module 10: Group Policy Preference Extensions

• What Is the New Power of the Group Policy Preference Extensions?
• Group Policy Preference Extensions Concepts
• Preference, Not Policy
• The Overlap of Group Policy vs. Group Policy Preference Extensions and Associated Issues
• The Lines and Circles and the CRUD Action Modes
• Group Policy Preference Extensions Tips, Tricks, and Troubleshooting
• Quick Copy, Drag and Drop, Cut and Paste, and Sharing of Settings
• Multiple Preference Items at a Level
• Temporarily Disabling a Single Preference Item or Extension Root
• Environment Variables
• Managing Group Policy Preference Extensions: Hiding Extensions from Use
• Troubleshooting: Reporting, Logging, and Tracing

Module 11: Additional Information and Tools

• Group Policy Tools
• Migrating Group Policy Objects between Domains
• Basic Inter-domain Copy and Import
• Copy and Import with Migration Tables
• Microsoft Tools Roundup
• Group Policy Tools from Microsoft
• Profile Tools from Microsoft
• Utilities and Add-Ons
• Third-Party Vendors List

Topics available for Private and Custom Classes:
The following topics are introduced in the public course and are available for more in-depth coverage in a private and/or custom course.

Module 1: Advanced Group Policy Management (AGPM)

• The Challenge of Group Policy Change Management
• Architecture and Installation of AGPM
• AGPM Architecture
• Installing AGPM
• What Happens after AGPM is Installed?
• Firing Up GPMC the First Time
• GPMC Differentials
• What’s With All the Access Denied Errors?
• Does the World Change Right Away?
• Understanding the AGPM Delegation Model
• AGPM Delegation Roles
• AGPM Common Tasks
• Understanding and Working with AGPM’s Flow
• Controlling Your Currently Uncontrolled GPOs
• Creating a GPO and Immediately Controlling It
• Check Out of a GPO
• Viewing Reports about a Controlled GPO
• Editing a Checked-Out Offline Copy of a GPO
• Check In of a Changed GPO
• Deploying a GPO into Production
• Making Additional Changes to a GPO and Labeling a GPO
• Using History and Differences to Roll Back a GPO
• Using “Import from Production” to Catch Up a GPO
• Uncontrolling, Restoring, and Destroying a GPO
• AGPM Tasks with Multiple Admins
• Email Preparations and Configurations for AGPM Requests
• Adding Someone to the AGPM System
• Requesting the Creation of New Controlled GPO
• Approving or Rejecting a Pending Request
• Editing the GPO Offline via Check Out/Check In
• Requesting Deployment of the GPO
• Analyzing a GPO (as a Reviewer)
• Committing to AGPM via Group Policy Permissions
• Preventing Admins from Creating Live GPOs
• Preventing Original GPO Owners from Modifying Their Existing GPOs
• Optional: Modifying the Schema to Force New GPOs to Only Be Writeable by AGPM
• Advanced Configuration and Troubleshooting of AGPM
• Troubleshooting AGPM Permissions
• Leveraging AGPM Templates
• Changing Permissions on GPO Archives
• Backing Up, Restoring, and Moving the AGPM Server
• Changing the Port that AGPM Uses
• Events from AGPM
• Leveraging the Built-in AGPM ADM Template
• Final Thoughts

Module 2: Scripting Group Policy Operations with PowerShell

• Understanding How to Use PowerShell to Do More with Group Policy
• Preparing for Your PowerShell Experience
• Adding Our Starter Code (as an Include)
• Documenting Your Group Policy World with PowerShell
• Manipulating GPOs with PowerShell
• Making PowerShell Even Easier with Pay Tools
• Other 3rd party tools to manage GPOs
• Replacing Microsoft’s GPMC Scripts with PowerShell Equivalents