LECTURE 8

Configure and Manage Group

Policy
 Configure and Manage Group Policy
Configure Group Policy in Windows
Managing Group Policy in Windows
Linux Users and Groups
 Group Policy is a tool that is available to administrators
that are running a Windows 2000 or later Active Directory
Domain.
 It allows for centralized management of settings on client
computers and servers joined to the domain as well as
providing a rudimentary way to distribute software.
 Group Policy provides centralized management and
configuration of operating systems, applications, and users'
settings in an Active Directory environment.
 A set of Group Policy configurations is called a Group
Policy Object (GPO).
  Active Directory Domain Services (ADDS) is a
server role within Microsoft Windows that is used to
store and structure objects.
 Objects managed within ADDS can be computers,
users or groups.
 To add additional configuration and management to
object types within ADDS, group policy is used.
 Group Policy is a feature within Windows used to
control configuration and behavior settings.
 A collection or group of settings are called group
policy objects.

s://study.com/academy/lesson/group-policy-objects-in-windows-server-2012-r2-overview-types.html#:~:tex
%20are%20three%20types%20of%20GPOs%20%2D%20local%2C%20nonlocal%20and%20starter,create%2
Os%20within%20ADDS.
 Introduction to Group Policy
 https://www.youtube.com/watch?v=cKbgHa
QG6BI&list=PL1l78n6W8zyor7Fd46FQpFL8q
o4cb0xMT
 Installing group policy
 https://www.youtube.com/watch?v=7LxGCEx
HDgU&list=PL1l78n6W8zyor7Fd46FQpFL8qo
4cb0xMT&index=2
Windows group policy types
 The three Group Policy types are Local, Non-local, and Starter.
 Local GPOs (GPO stands for Group Policy Object) apply to the local computer only on
Windows client.
 Often referred to as LGPO which stands for Local Group Policy Object.
 Non-local- apply settings to one or multiple Windows clients by linking them to sites,
domains or organizational units (OUs) within ADDS.
 Starter - are templates used to create new GPOs within ADDS.
 Group Policy Types and components
 https://youtu.be/0sei0cE2aUw
* Active Directory Domain Services (ADDS)
 Benefits of Group Policy Objects

 Ease of administration -- system administrators

can deploy software, patches and other updates via GPO.
 Better password policy enforcement -- GPOs determine
password length, reuse rules and establish other
requirements for passwords to keep a company's network
safe.
 Group Policy Processing Order
 https://www.youtube.com/watch?v=UmEyq49rYyk

 Group Policy Preferences

 https://www.youtube.com/watch?v=vPCiFU_0l5E
 Components of Group Policy Settings Preferences
 https://www.youtube.com/watch?v=M_JORkMO62U&list=PL1l78n6
W8zyor7Fd46FQpFL8qo4cb0xMT&index=4

 Creating and linking GPOs

 https://www.youtube.com/watch?v=Igru_UrBVZI&list=PL1l78n6W8z
yor7Fd46FQpFL8qo4cb0xMT&index=5

 Filtering Group Policy

 https://www.youtube.com/watch?v=hkBWKEw9I6I&list=PL1l78n6W
8zyor7Fd46FQpFL8qo4cb0xMT&index=8
 Configure a Central Store
 https://www.youtube.com/watch?v=0-0luRhTES4&list
=PL1l78n6W8zyor7Fd46FQpFL8qo4cb0xMT&index=9
 Linux Users and Groups

 Linux was designed to allow more than one user to have

access to the system at the same time.
 In order for this multiuser design to work properly, there
needs to be a method to protect users from each other.
 This is where permissions come in to play.

ef: https://www.linode.com/docs/guides/linux-users-and-groups/
  User groups play an important role on Linux systems.
 They provide an easy way for a selected groups of users to share
files with each other.
 They also allow sysadmins to more effectively manage user
privileges, since they can assign privileges to groups rather than
individual users.

f: https://www.networkworld.com/article/3409781/mastering-user-groups-on-linux.html
Read, Write & Execute Permissions
 Permissions are the “rights” to act on a file or directory.
 The basic rights are read, write, and execute.
• Read - a readable permission allows the contents of the file to be viewed.
 A read permission on a directory allows you to list the contents of a directory.
• Write - a write permission on a file allows you to modify the contents of that file. For
a directory, the write permission allows you to edit the contents of a directory (e.g.
add/delete files).
• Execute - for a file, the executable permission allows you to run the file and execute
a program or script. For a directory, the execute permission allows you to change to
a different directory and make it your current working directory.
• Users usually have a default group, but they may belong to several additional
groups.
Viewing File Permissions
 To view the permissions on a file or directory, issue
the command ls -l <directory/file>.
 Remember to replace the information in the <> with
the actual file or directory name.
 Below is sample output for the ls command:
-rw-r--r-- 1 root root 1031 Nov 18 09:22 /etc/passwd
 The first ten characters show the access
permissions.
Viewing File Permissions
 The first dash (-) indicates the type of file (d for directory, s for special
file, and - for a regular file).
 The next three characters (rw-) define the owner’s permission to the file.
 In this example, the file owner has read and write permissions only.
 The next three characters (r–) are the permissions for the members of
the same group as the file owner (which in this example is read only).
 The last three characters (r–) show the permissions for all other users and
in this example, it is read only.
Creating and Deleting User
Accounts

 To create a new standard user, use the useradd

command.
 The syntax is as follows:
 useradd <name>
 Add user
 Most user accounts on Linux systems are set up with the user and group names the same.
 The user "jdoe" will be set up with a group named "jdoe" and will be the only member of that
newly created group.
 The user’s login name, user id, and group id will be added to the /etc/passwd and/etc/group
files when the account is added.

f: https://www.networkworld.com/article/3409781/mastering-user-groups-on-linux.html
To remove the user

 To remove the user, their home folder, and their files, use this
command:
 userdel -r <name>
Explanation of each lines
 chmod Command

 The command chmod is short for change mode.

 chmod is used to change permissions on files and
directories.
 The command chmod maybe used with either
letters or numbers (also known as octal) to set the
permissions.

Ref: https://www.linode.com/docs/guides/linux-users-and-groups
 It is important to remember that the first character of the first column of a file listing
denotes whether it is a directory or a file.
 The other nine characters are the permissions for the file/directory.
 The first three characters are for the user, the next three are for the group, and the
last three are for others.
 The example drwxrw-r– is broken down as follows:
chmod Command
Leveraging Users and Groups
 In many cases, user permissions are used to provide your system with greater
security without any direct interaction. Many operating systems create specific
system user accounts for different packages during the installation process.
 The best practice is to give each user their own login to your system. This
protects each user’s files from all other users.
 Furthermore, using specific accounts for users allows more accurate system
logging, particularly when combined with tools like sudo. We recommend
avoiding situations where more than one individual knows the password for a
user account for maximum security.
 In contrast, groups are useful for allowing multiple independent user accounts
to collaborate and share files.
 If you create groups on a machine for common tasks on a per-task basis (e.g.
web editors, contributors, content submitters, support) and add relevant users
to the relevant groups, these users can all edit and run the same set of files
without sharing these files with the world.
 Use of the chown command with file permissions of 770 and 740 would help
accomplish this goal.
 Ref: https://www.linode.com/docs/guides/linux-users-and-groups
 Ref: https://www.linode.com/docs/guides/linux-users-and-groups
 Error:How to fix the specified server cannot perform the requested operation. – YouTube
 The specified server cannot perform the requested operation | ManageEngine Endpoint Central
 Error: FIX: The Sign-in method you're trying to use isn't allowed
 The error "The Sign-in method you're trying to use isn't allowed. For more info, contact your network administrator",
commonly appears when you try to log on using the "Guest" account to a Windows 10 PC, or to a Domain Controller with
any other user than then Domain Administrator. The error appears, because by default you cannot sign in locally with
any user that hasn't administrator permissions on a Domain Controller or to a Windows 10 PC . SOULUTION:
Fix “The sign in method you’re trying to use isn’t allowed” - YouTube
The End