How to Troubleshoot Group Policy in Windows 10
•Descargar como PPTX, PDF•
2 recomendaciones•908 vistas
This document provides an overview of how to troubleshoot group policy in Windows 10. It discusses options for deploying configuration settings with group policies, including applying them manually or using Active Directory. It also covers how group policies are processed, including the processing order and factors that affect precedence. Additionally, it discusses tools for troubleshooting group policy such as RSOP and event logs. It provides guidance on resolving common group policy application issues like ensuring the client is connected and authenticated and the policy is assigned properly.
Recomendados
Más contenido relacionado
La actualidad más candente
Similar a How to Troubleshoot Group Policy in Windows 10
Similar a How to Troubleshoot Group Policy in Windows 10 (20)
Más de Global Knowledge Training
Más de Global Knowledge Training (20)
Último
Último (20)
How to Troubleshoot Group Policy in Windows 10
- 1. How to Troubleshoot Group Policy in Windows 10
- 2. © Global Knowledge Training LLC. All rights reserved. Page 2 Lesson 1: Overview of Group Policy Application Options for Deploying Configuration Settings with Group Policies Processing Group Policies Modifying the Group Policy Processing Order Group Policy Filtering Loopback Processing Synchronous and Asynchronous Processing of GPOs
- 3. © Global Knowledge Training LLC. All rights reserved. Page 3 Options for Deploying Configuration Settings with Group Policies • You can apply Group Policy settings when you: • Manage settings manually in the local GPO • Use AD DS to distribute the settings • Group Policy settings consist of: • Computer configuration • User configuration • Policy settings • Preferences
- 4. © Global Knowledge Training LLC. All rights reserved. Page 4 Processing Group Policies • Computer settings are applied at startup and then at regular intervals, while user settings are applied at sign-in and then at regular intervals • Group Policy processing order: 1. Local GPOs 2. Site-level GPOs 3. Domain GPOs 4. OU GPOs Order of processing
- 5. © Global Knowledge Training LLC. All rights reserved. Page 5 Modifying the Group Policy Processing Order • The last processed GPO has highest precedence • Other options that affect precedence: • Link Order • Enforced • Block Inheritance • Link Enabled
- 6. © Global Knowledge Training LLC. All rights reserved. Page 6 Group Policy Filtering
- 7. © Global Knowledge Training LLC. All rights reserved. Page 7 Loopback Processing
- 8. © Global Knowledge Training LLC. All rights reserved. Page 8 Synchronous and Asynchronous Processing of GPOs • Default processing of Group Policy on Windows Servers • Group Policy for computer is processed prior to logon • Group Policy for users is processed before the shell is active • Ensures reliable processing of Group Policy Synchronous • Default processing of Group Policy on client computers • Client computers do not wait for network before fully initializing • Existing users are logged on using cached credentials • Group Policy is applied in the background • Results in shorter logon period Asynchronous
- 9. © Global Knowledge Training LLC. All rights reserved. Page 9 Lesson 2: Resolving Client-Configuration Failures and GPO Application Issues Identifying How GPO Settings Take Effect Ways to Resolve GPO Application Issues Tools for Troubleshooting RSoP Examining Event Logs for GPO Events Resolving GPO Application Failures
- 10. © Global Knowledge Training LLC. All rights reserved. Page 10 Identifying How GPO Settings Take Effect • The following process is required to apply Group Policy settings: • GPO replication • Replicate group changes • Refresh Group Policy • Options to initiate Group Policy setting preferences: • User can sign in, sign out, or restart the computer • Start a manual refresh • Most client-side extensions do not reapply unchanged GPO settings
- 11. © Global Knowledge Training LLC. All rights reserved. Page 11 Ways to Resolve GPO Application Issues To troubleshoot GPO settings, you should: • Determine whether the GPO was sent to the correct computer, user account, or OU • Enable loopback processing for special use computers • Force a GPO to take effect with gpupdate /force • Restart the computer
- 12. © Global Knowledge Training LLC. All rights reserved. Page 12 Tools for Troubleshooting RSoP
- 13. © Global Knowledge Training LLC. All rights reserved. Page 13 Examining Event Logs for GPO Events
- 14. © Global Knowledge Training LLC. All rights reserved. Page 14 Resolving GPO Application Failures • Verify that the client computer is connected and authenticated • Verify that the GPO is assigned properly to the computer or user • Verify that the GPO configuration has the proper settings
- 15. © Global Knowledge Training LLC. All rights reserved. Page 15 Lab Demo: Generating GPO Results Report. Exercise 1: Using GPMC to generate reports Exercise 2: Using command prompt to generate report. Logon Information Virtual machines: 10982C-LON-DC1 10982C-LON-CL1 User name: AdatumAdministrator Password: Pa55w.rd Estimated Time: 10 Minutes
- 16. © Global Knowledge Training LLC. All rights reserved. Page 16 Course Supporting and Troubleshooting Windows 10 (M10982)
Notas del editor
- Provide an overview of the lesson.
- This topic should be a review for most students. Cover this content quickly, unless the students are unfamiliar with local GPOs.
- Use this topic to ensure that students understand the basic process for GPO application, and that GPOs at the organizational unit (OU) level override domain-level GPOs. Additionally, be sure to mention security filtering, Windows Management Instrumentation (WMI) filtering, and slow-link processing as exceptions to the default processing order.
- Explain that there are exceptions to the typical precedence in Group Policy processing, and then describe when you would use each of the options that the slide lists: Link Order. Use to ensure that a specific GPO that is linked to an OU has precedence on that OU. Enforced. Use to apply standardized settings for an OU or department. Block Inheritance. Use to allow a department to operate independently of the GPOs applied in the rest of the OU. Link Enabled. Use to disable processing of a GPO during troubleshooting.
- Explain security and WMI filtering, and the effect of both on Group Policy processing. Mention that with WMI filtering, the client computer evaluates the filter to determine whether to apply Group Policy. However, with security filtering, the domain controller decides whether to apply Group Policy. Mention that, therefore, the result is that the Group Policy does not apply to all users or computers in the same part of Active Directory Domain Services (AD DS).
- Explain to students that you do not use loopback processing for most computers. Rather, you use it only for specific scenarios when you need to modify the normal user configuration. Discuss with students why this is useful for settings such as classrooms or conference room.
- The key concept for students to understand from this topic is that the asynchronous processing that Windows 10 uses might result in the Windows operating system delaying the application of GPO settings, because users might need to reboot the computer before the settings take effect.
- Provide an overview of the lesson.
- Use this slide to summarize the details regarding when GPO settings take effect. This should answer questions such as, “When do I change a policy setting,” and “When will that setting actually apply to a user or computer?“ Do not provide too much detail about the replication technologies themselves, but rather, point out that both the Group Policy container and Group Policy template must replicate to the domain controller from which a client obtains its policies. Point out that the Group Policy container and Group Policy template use different replication technologies that are not always synchronized. Other points to make: We recommend that organizations implement the Always Wait For Network At Startup And Logon policy setting. Otherwise, a change to a policy setting might take several signin/signout or restart cycles before it takes effect, and it is not possible to predict how long this will take. To manage the application of new policy settings effectively, enable Always Wait For Network At Startup And Logon. Make sure that students understand that this does not slow down the startup or signin process significantly. Users will not complain that it is noticeably slower. Also, make sure that students understand that when a system is not connected to the network, it ignores this setting, so this setting is not applied to disconnected laptop users. Users cannot change most policy settings, particularly managed policy settings. However, if users are administrators of their machines, it is possible for them to change some settings. Those changes will never be reverted to match the settings that the GPOs specify, because most client-side extensions will reapply policy settings only when a GPO has changed. The exceptions to this rule are security settings, which reapply every 16 hours, regardless of whether the GPO has changed. If your organization is concerned about enforcing its policy settings, and if it is possible for users to change those settings, then you should configure the client-side extensions to reapply policy settings even if the GPO has not changed. You can use Group Policy to configure the policy processing behavior of each client-side extension.
- This topic lists some common ways that you can resolve GPO application issues. If you have experience with resolving GPO application issues, include additional troubleshooting tips based on your experience. Students also might have methods that they wish to share. Point out to students that they used the gpupdate /force command in the previous practice demonstration.
- Consider demonstrating the three major logs in which you can find Group Policy events. Point out that RSoP reports also display Group Policy events, particularly in the Advanced view. Mention that the Group Policy Operational log is a great way to learn exactly how Group Policy applies to Windows operating systems.
- Use this topic as an opportunity to reinforce the lesson’s contents before beginning the lab.
- Exercise 1: Resolving Group Policy Application (1) In this exercise, you will resolve the reported GPO application problem that tier 1 help-desk staff could not resolve. Note: For the complete exercise scenario, please refer to the student guide.