The Ultimate Windows Server 1002003 System Administrators Guide [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

The Ultimate Windows Server 1002003 System Administrators Guide [Electronic resources] - نسخه متنی

Robert Williams, Mark Walla

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید



GPO IMPLEMENTATION


The previous sections of this chapter provide some understanding of Group Policy application and usage. Before we discuss actually implementing GPO, there are a few systemic issues to address regarding Group Policy behavior.

Refreshing Policy Settings


Understanding the basic Group Policy refresh schedule is helpful when changing group policies on your local system. Once a group policy has been changed on a domain controller, the group policies on the local system must be refreshed in order to take effect. Client computers that are not domain controllers receive policy refreshes every 90 minutes plus or minus a random time interval. The random interval helps distribute client requests evenly so that they do not all come in at the same time. To change the interval in a GPO, select Computer Configuration Administrative Templates System Group Policy Group Policy refresh interval for computers (Figure 8.30).

Figure 8.30. Setting Client Group Policy Refresh Intervals


Domain controllers refresh group policies more frequently. The default Group Policy setting for DCs, via Computer Configuration Administrative Templates System Group Policy Group Policy refresh interval for domain controllers, sets the refresh interval for every 5 minutes (Figure 8.31). This is why successive examples should be executed on a domain controller.

Figure 8.31. Setting Domain Controller Group Policy Refresh Intervals


NOTESecurity policy refresh can be instigated from the command line. The gpudate command has replaced secedit utility. Use secedit for Windows 2000 servers and gpupdate for Windows 2003 servers. These commands are discussed in the appendix; its basic forms are:


secedit /refreshpolicy machine_policy /enforce (for Windows 2000 computer settings)
secedit /refreshpolicy machine_policy /enforce (for Windows 2000 user settings)
gpupdate /enforce (Windows Server 2003)

Group policies are also refreshed when the system is started. Obviously, shutting down and booting a system could prove troublesome when simply trying to refresh policy settings.

PDC Operations Manager


In addition to performing the functions of the primary domain controller (PDC Emulator), the PDC Operations Manager is the default domain controller that handles Group Policy modifications. When the PDC Operations Manager is not available, an error message is displayed and the administrator may select another domain controller to handle changes. When you do this, be sure that all previous Group Policy changes have propagated throughout the domain and that no other administrator is currently making modifications.


/ 158