In this lab we examine Group Policy Objects (GPOs) and how to control linking, priority, inheritance, and loopback processing. This is the foundation on how to configure GPOs. Next lab we look at using Group Policy to manage users and computers.
In this video, we demote the last DC in the child domain. We also remove the AD DS Role and DNS Role. (Note: the removal of the DNS Role takes place off camera. It is handled the same way as removing the AD DS Role. Be sure to remove the DNS Role.)
I recorded this separately to give you a reference to add a computer to a domain. It's not sudh a big deal once you've done it 268 times. :-)
We use local policy to eliminate the option to get to System Properties by right clicking on the Computer icon.
We configure a Group Policy Object (GPO) to override the local policy setting created in Project 7.1, Part B.
In this video, we create some test accounts and GPO links to test various functions. Some of the innocuous properties that we disable for these tests are not found in Server 8, thanks to a lack of a Start menu. This section will likely be re-recorded in the future to better illustrate the concepts here.
Testing the new GPOs on the new accounts. Again, success is limited due to changes with Server 8.
Configure priority order for GPOs. It is possible to have cponflicting GPOs, especially as users are part of more than one group. Understanding how to set the priority can help in troubleshooting GPO issues.
Here we configure blocking policy inheritance (which is very similar to blocking NTFS Security Permission inheritance in folders). We also configre enformcement of policy links.
We configure and test Group Policy Loopback Processing. GPOs generally depend on where users or groups are located within the AD structure. Group Policy Loopback Processing allows GPOs to be linked to particular computers.
This cleanup is important for subsequent labs.