Group Policy: Advanced Targeting

Active Directory Group Policy is a powerful tool; however, many people don't realize its full potential. In this course, you'll learn how to use Active Directory to target complex edge cases as well as to replace manual tasks or logon scripts.
Course info
Rating
(32)
Level
Intermediate
Updated
Sep 13, 2016
Duration
2h 20m
Table of contents
Course Overview
Understanding Default GPO Targeting Limitations
Applying GPO Settings Using Security Groups
Applying GPO Settings Based on Computer Features
Using Item-level Targeting to Customize Preference Settings
Simplifying Your GPO Infrastructure
Description
Course info
Rating
(32)
Level
Intermediate
Updated
Sep 13, 2016
Duration
2h 20m
Description

If you thought GPO settings can only be applied by linking GPOs to OUs, then you've just barely touched the surface. In this course, Group Policy: Advanced Targeting, you will learn how to get the most out of group policy and this course may also enlighten you to features you didn't know existed. First, you'll learn how to control Group Policy settings using security groups rather than the GPMC. Next, you'll be walked through the end-to-end process for dynamic WMI filtering, as well as shown tools to help you decipher the WMI query language. Finally, you'll be shown how to replace logon scripts and other manual tasks quickly and easily by using Item Level Targeting and Group Policy Preferences. By the end of this course, you'll know how to address almost any edge case and understand how to replace your legacy logon scripts.

About the author
About the author

Peter is a technology enthusiast and has been immersed in IT ever since his days of programming 'Basic' on the Commodore 64. He has 20 years of professional experience supporting or architecting large and complex infrastructure environments for companies including Microsoft and various investment banks.

More from the author
Nutanix: The Big Picture
Beginner
2h 11m
Aug 31, 2018
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, I'm Peter Grant, and this course is Group Policy: Advanced Targeting. Group Policy is a powerful and essential part of any Active Directory infrastructure. And whilst most AD administrators know enough to perform their normal day-to-day operations, this course will take you further and show you how to get the most out of Group Policy. It may even enlighten you to features you didn't know existed. Now we're going to assume you've got a working knowledge of Group Policy. You should, for example, understand the basics of how to link a GPO to an organization or unit, but you don't need any prior knowledge of WMI filtering or any of the other techniques we will be covering. The key targeting techniques we'll look at are security filtering, WMI filtering, and my favorite, item-level targeting using Group Policy preferences. By the end of this course, you will know how to address almost any edge case and understand how to replace your legacy logon scripts. The techniques in this course will allow you to finally unlock the full potential of Group Policy once and for all. I hope you'll join me in this course to learn these powerful Group Policy targeting techniques.

Understanding Default GPO Targeting Limitations
In this module, you'll learn why advanced targeting is relevant and how it can help you. We'll do a quick recap on how standard GPO targeting works, and then we'll look at the limitations with the standard approach, and you'll start to understand how GPO filtering can help. So why should you learn about this concept of Advanced GPO Targeting? I mean, how is it going to help you in the real world? Well first of all, it may help you to consolidate your Active Directory, and specifically your organizational unit structure. And we'll work through a scenario of a company call Globomantics who presently have may OUs created purely to be more granular with the Group Policy settings. You'll learn how to solve targeting issues where you want to apply different Group Policy settings to users or computers within the same OU and where the approach of creating child OUs may not necessarily work. And you'll also see how you can control which users get Group Policy settings by using security groups. After all, we don't always want the user administration team playing around with the Group Policy Management Console while moving objects between different OUs.

Applying GPO Settings Using Security Groups
Security filtering is one of the main and perhaps the most commonly used ways to perform advanced GPO targeting. In this module, you'll learn how to configure GPO targeting using security groups, as well as some of the advantages and disadvantages to this approach. First up, you'll learn what security group filtering is. And by the way, sometimes I'll use the term filtering interchangeably with the term targeting, and this is because the way we do advanced targeting is often by filtering out or filtering in the GPOs that we want or don't want to apply. Next I'll cover GPO permissions, and it's critical to understand the two main permissions that users or computers must have on the GPOs in order for them to apply. I'll then do a step-by-step demonstration where we'll walk through the entire process of configuring filtering. And finally, you'll learn about the various design options and their considerations. So what is security filtering? Well, filtering as we learned in the first module is the ability to restrict which GPOs apply to users or computers even though they're within the scope of a particular Group Policy Object. And when I say in scope, I'm talking about whether that user or computer account is within a site domain or OU that the Group Policy Object is linked to. Filtering is done by modifying the GPO permissions, and it's only relevant if the GPO is within scope. So if the GPO is out of scope of the user or computer, then this is really irrelevant. It doesn't matter what permissions are on the Group Policy Object. Nothing's going to apply.