Complete Server 2008 Step By Step Tutorial v2

9.3. Click Advanced … button (Figure 0258).

Figure 0258 : Select Groups - Add
9.4. Click Find Now button (Figure 0259).

Figure 0259 : Select Groups - Advanced
151

9.5. Select Technical Support. What happened? (Figure 0260).

Figure 0260 : Select Groups – Search Results
Can you find Technical Support? Why do you think this happened?
9.6. Close all windows except Active Directory Users and Computers.
10 Now try adding the Technical Support group as a Member Of Intranet Users.
10.1. Double-click Technical Support group (Figure 0261).

Figure 0261 : Active Directory Users and Computers - Technical Support
152

10.2. Click Member Of tab (Figure 0262).

Figure 0262 : Technical Support Properties
10.3. Click Add … button (Figure 0263)

Figure 0263 : Add Button
10.4. Click Advanced … button (Figure 0264)

Figure 0264 : Select Groups - Add
153

10.5. Click Find Now button (Figure 0265)

Figure 0265 : Select Groups - Advanced
10.6. Select Intranet Users and click OK button (Figure 0266).

Figure 0266 : Select Groups – Search Result
What happened?

154

10.7. Click OK button (Figure 0267).

Figure 0267 : Select Groups – Intranet Users Group Added
Can you add the Technical Support group as a Member Of Intranet
Users?
Why do you think this is so?
11 Click OK button (Figure 0268).

Figure 0268 : Technical Support Properties – Member Of Intranet Users
12 Log off Administrator.
Summary
Windows Server 2008 running in native mode supports the use of different group types.
Global groups have access to user accounts and other global groups in the same
domain. Local groups allow you to access accounts outside the current domain, and
universal groups provide access across organizations (forests).

155

Exercise 10

Creating And
Applying Group

Policies

Zulfadli Bin Mohd Saad
Computer Engineering Technology,

Department of Electronic
MARA Vocational Institute, Lumut, Perak.

http://zcomby-server2008.blogspot.com/

156

Exercise 10 : Creating And Applying Group Policies

In this exercise you will create a new group policy and apply it to users within an
organizational unit.
Group Policies
Group policies are settings or configurations that can be applied to users, groups,
organizational units and domains. An administrator can create a group policy that
configures the computer or user settings, such as menu and desktop settings, folder
locations and default password settings.
Windows NT 4 and Windows 98 introduced system policies. Windows 2000, 2003 and
2008 extends these further using group policies.
EXERCISE 10.1
Creating a Group Policy

1. Log on server as Administrator (Figure 0269).

Figure 0269 : Administrator Login

157

2. Launch Group Policy Management. Click Start ► Administrative Tools ►
Group Policy Management (Figure 0270).

Figure 0270 : Launch Group Policy Management
3. Expand the Forest (Figure 0271).

Figure 0271 : Group Policy Management - Forest
158

4. Expand the Domains (Figure 0272).

Figure 0272 : Group Policy Management – Domains
5. Expand your domain.com (Figure 0273).

Figure 0273 : Group Policy Management – myserver.com
Now, you will create a new group policy for the Stkm OU. This new policy will apply to all
members of the Stkm OU though in another exercise that follows, you will override this.

6. Right-click the Stkm OU and select the Create a GPO in this domain, and
Link it here… (Figure 0274).

Figure 0274 : Group Policy Management – Create new GPO
159

7. Rename the policy as STKM Group Policy (Figure 0275).

Figure 0275 : Create New GPO
8. Click OK to continue (Figure 0275).
9. Right-click the STKM Group Policy and select Edit (Figure 0276).

Figure 0276 : Default Domain Policy - Edit
10. The group policy editor allows you to specify user and computer settings. In the

following steps, you will change some of these settings (Figure 0277).

Figure 0277 : Group Policy Management Editor

160

11. Expand User Configuration (Figure 0278).

Figure 0278 : Group Policy Management Editor – User Configuration
12. Expand the Policies folder (Figure 0279).

Figure 0279 : Group Policy Management Editor – Policies
13. Expand the Administrative Templates folder (Figure 0280).

Figure 0280 : Group Policy Management Editor – Administrative Templates
14. Click the Start Menu and Taskbar folder (Figure 0281).

Figure 0281 : Group Policy Management Editor – Start Menu and Taskbar
161

15. A large list of selections is available. Double click the option Add Logoff to the
Start Menu (Figure 0282).

Figure 0282 : Group Policy Management Editor – Add Logoff to the Start Menu
16. The Add Logoff to the Start Menu Properties appears. Click the Disabled button

to disable this setting (Figure 0283).

Figure 0283 : Add Logoff to the Start Menu Properties
17. Click OK to apply setting (Figure 0283).
18. The setting now displays as Disabled in the Group Policy Editor (Figure 0284).

Figure 0284 : Add Logoff to the Start Menu – Disabled

162

19. Configure the following settings.
Remove Run menu from Start Menu – Enabled
Remove Clock from the system notification area – Enabled
Desktop\Desktop\Enable Active Desktop – Enabled
Desktop Wallpaper – Enabled
Wallpaper Name : C:\WINDOWS\Web\Wallpaper\Autumn.jpg
Wallpaper Style : Stretch
(This uses wallpaper from the Windows XP Pro installed on C drive of client PC)

20. Close the group policy editor.
21. Refresh the Group Policy Management. On the Menubar; click Action ► Refresh

(Figure 0285).

Figure 0285 : Group Policy Management – Refresh
22. Close the Group Policy Management windows.

163

Update Group Policy
23. Launch the Run application. Click Start ► Run… (Figure 0286).

Figure 0286 : Launch the Run Application
24. Key-in gpupdate in the Open : box (Figure 0287).

Figure 0287 : Run Windows
25. Click OK to run the gpupdate (Figure 0288).

Figure 0288 : Updating Policy

26. Log off the server.

164

EXERCISE 10.2

Test the Group Policy

The group policy has been applied to members of the Stkm Organizational Unit. There
are two members; Zul Zcomby and Ocah Blue. You will now test this policy to see if it
works.

27. Log on the server as zul.zcomby.

27.1. Press Ctrl + Alt + Del.

27.2. Click Switch User button (Figure 0289).

Figure 0289 : Switch User button

27.3. Click Other User button (Figure 0290).

Figure 0290 : Other User button

27.4. Enter user as zul.zcomby and password as comby (Figure 0291).

Figure 0291 : Logon to server using user account

27.5. Press ENTER.

165

28. Do you have the RUN command on the Start Menu?
YES / NO

29. Do you have Clock on the system notification area?
YES / NO

Now verify that the settings are also applied to the client computer. Log on to the
Client computer as ocah.blue.
30. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0292).

Figure 0292 : Windows XP Logon
31. Log on the client computer as ocah.blue and ocah as password (Figure 0293).

Figure 0293 : Log On To Server Using Client Workstation
166

32. Do you have the RUN command on the Start Menu?
YES / NO

33. Do you have Clock on the system notification area?
YES / NO

34. Were the wallpaper displayed on the client computer?
YES / NO

35. All the group policy setting should be applied (Figure 0294).

Figure 0294 : Client Computer – Ocah Blue

36. Log off the client computer.
37. Log off the Server.

167

Log on to client computer as zul.akmal
38. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0295).

Figure 0295 : Windows XP Logon
39. Log on the Windows XP Professional as zul.akmal and akmal as password

(Figure 0296).

Figure 0296 : Log On To Server Using Client Workstation
40. Were the group policy setting applied?

YES / NO
41. If not, why do you think this is so?

Because zul.akmal not a member of the Stkm OU. The group policy applied only
to the members of the Stkm OU.
42. Log off the client computer.

168

EXERCISE 10.3
Disabling The Group Policy
In this exercise you will disable the group policy of Stkm OU.
43. Log on server as Administrator (Figure 0297).

Figure 0297 : Administrator Login
44. Launch Group Policy Management. Click Start ► Administrative Tools ►

Group Policy Management (Figure 0298).

Figure 0298 : Launch Group Policy Management

169

45. Expand the Forest (Figure 0299).

Figure 0299 : Group Policy Management - Forest
46. Expand the Domains (Figure 0300).

Figure 0300 : Group Policy Management – Domains
47. Expand your domain.com (Figure 0301).

Figure 0301 : Group Policy Management – myserver.com
170

You are now going to disable the policy of Stkm OU. This is a better option than
removing the policy, as if you decide to re-implement the policy at a later date, it will still
be there.

48. Expand the Stkm OU (Figure 0302).

Figure 0302 : Group Policy Management – Stkm
49. Click the Stkm Group Policy (Figure 0303).

Figure 0303 : Group Policy Management – STKM Group Policy
50. A warning box appears. The Group Policy Management remind you that you

have selected a link to a GPO and changes you make will impact all other
locations linked with the GPO (Figure 0304).

Figure 0304 : Group Policy Management Console – Warning
51. Click OK to continue (Figure 0304).

171

52. Right-click the Stkm Group Policy and select Link Enabled (Figure 0305).

Figure 0305 : STKM Group Policy – Details
53. Now you can see under Link Enabled; the status Yes have changed to No

(Figure 0306).

Figure 0306 : STKM Group Policy – GPO Status
54. Close the Group Policy Management windows.

172

Update Group Policy
55. Launch the Run application. Click Start ► Run… (Figure 0307).

Figure 0307 : Launch the Run Application
56. Key-in gpupdate in the Open : box (Figure 0308).

Figure 0308 : Run Windows
57. Click OK to run the gpupdate (Figure 0309).

Figure 0309 : Updating Policy

58. Log off the server.

173

Now verify that the group policy is disabled. Log on to the Client computer as
zul.zcomby.
59. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0310).

Figure 0310 : Windows XP Logon
60. Log on the Windows XP as zul.zcomby and comby as password (Figure 0311).

Figure 0311 : Log On To Server Using Client Workstation
61. Were the policies now disabled?

YES / NO
62. Log off the client computer.
Summary
In this exercise you created a group policy and applied it to an organizational unit.
Only a fraction of the available settings were explored. Applying a group policy is a
way of controlling security and configuring groups of users with common settings.
This can help reduce the cost of ownership and the level of administrator support by
restricting what users can do or change on their computers.

174

Exercise 11

Creating And
Sharing Resources

Zulfadli Bin Mohd Saad
Computer Engineering Technology,

Department of Electronic
MARA Vocational Institute, Lumut, Perak.

http://zcomby-server2008.blogspot.com/

175