Tag Archives: server

70-742 Additional Notes – Restoring the Default GPOs

70-742

You may find yourself in a situation where you need to restore the default domain policy or the default domain controllers policy to their original configurations. Thankfully – there is a tool for this – it is the aptly named dcgpofix.exe command line tool. This tools offers the following options:

  • /ignoreschema- this permits the command to run regardless of the AD scheme version in use
  • /target – permits you to specify exactly what object you want to restore
  • /? – permits the display of help on the command

70-742 Additional Notes – Item-Level Targeting with Group Policy Objects (GPO)

GPO

Item-level targeting is a feature of Group Policy that allows preference settings to be applied to individual users and/or computers within the scope of the Group Policy Object (GPO) that contains the preferences. Policy settings can also be filtered, but there are several important differences between item-level targeting of preference settings and the filters that can be used with policy settings:

  • Policy settings within a GPO can only be filtered on an all-or-nothing basis: either the entire GPO will apply to a target or it won’t. Item-level targeting allows individual preference settings within a GPO to be applied or not, based on specified criteria. Different preference settings can be applied to different groups of targets.
  • Policy settings are filtered using either security filters or WMI filters. Security filters are static and not very granular. WMI filters are dynamic and can be very granular, but the WMI Query Language in which they are written is complex and has a steep learning curve. Item-level targeting provides a great deal of granularity and an intuitive user interface for constructing filters.
  • Item-level targeting allows an administrator to specify a list of conditions that must be met in order for a preference setting to be applied to a user or computer object. The conditions in the list are connected by Boolean AND or OR operators. When the list is evaluated, if the result is true, the setting is applied; if the result is false, it isn’t.

A wide variety of criteria are available for targeting settings to users and computers, including the following:

  • Battery Present Targeting
  • Computer Name Targeting
  • CPU Speed Targeting
  • Date Match Targeting
  • Disk Space Targeting
  • Domain Targeting
  • Environment Variable Targeting
  • File Match Targeting
  • IP Address Range Targeting
  • Language Targeting
  • LDAP Query Targeting
  • MAC Address Range Targeting
  • MSI Query Targeting
  • Network Connection Targeting
  • Operating System Targeting
  • Organizational Unit Targeting
  • PCMCIA Present Targeting
  • Portable Computer Targeting
  • Processing Mode Targeting
  • RAM Targeting
  • Registry Match Targeting
  • Security Group Targeting
  • Site Targeting
  • Terminal Session Targeting
  • Time Range Targeting
  • User Targeting
  • WMI Query Targeting

70-742 Additional Notes – Software Deployment Using Group Policy

70-742

Group Policy is one of your many options for automating the deployment of software in your Enterprise and is a huge topic for the 70-742 exam. You can use such policy to deploy applications to computer or users. Be sure to audit your Group Policy settings to ensure that you are only deploying the application once to a target user or system. Obviously, whenever possible, consider having the policy for distribution as high up in the directory structure as possible.

Windows Installer packages make software distribution in in this manner possible. You assign or publish the software using Software Installation in Group Policy. This is only possible if your file type fits one of the following categories:

  • Native Windows Installer package (.msi)
    • Provide the best overall deployment experience
    • Take full advantage of the Windows Installer
    • Allows for components to install on demand and also permits applications to self heal
    • You can enact modifications with a .mst file
    • You can enact software patches with a .msp file
  • Repackaged application (.msi) files
    • You can repackage an application that does not have a native Windows Installer Package
    • Keep in mind that the installation occurs as a single component; unlike what is possible with native Windows Installer Packages
  • An application file (.zap) – this installs the application by using its original setup.exe program; note that these files can only be published, not assigned
    • Define the setup.exe or install.exe into a .zap file in order to deploy them
    • A .zap file is a text file that contains information on how to publish the application
    • This approach is less flexible than native Windows Installer packages – for example, you would not be able to override the need for administrative privileges for installation

    InformIT (Pearson Education)