1
00:00:03,030 --> 00:00:03,810
Okay.

2
00:00:04,680 --> 00:00:09,620
Now I am on a Windows client machine and I'm going to walk through the process of getting the GMP PC

3
00:00:09,630 --> 00:00:15,180
installed on both a client operating system like Win7 or Wind ten and a server operating system.

4
00:00:16,080 --> 00:00:20,460
So the assumption is that you've gone ahead and gone to the Microsoft Download site.

5
00:00:21,330 --> 00:00:23,690
And in this case, I did a search on RSA.

6
00:00:23,910 --> 00:00:28,920
And you'll see here that the first entry is Remote Server Administration Tools for Windows Client.

7
00:00:29,860 --> 00:00:32,530
I'm going to go ahead and I've already installed this.

8
00:00:33,450 --> 00:00:38,370
But if you were to go ahead and click this and run this install, it will perform a feature upgrade

9
00:00:38,370 --> 00:00:42,910
and add the remote server administration tools now once they're added.

10
00:00:42,930 --> 00:00:47,520
As I mentioned in my previous clip, the pmc's not actually installed yet.

11
00:00:47,520 --> 00:00:48,720
It needs to be added.

12
00:00:49,620 --> 00:00:54,570
So what you do is come into the ADD, remove programs, control panel applet and go to turn Windows

13
00:00:54,570 --> 00:00:55,800
features on or off.

14
00:00:56,680 --> 00:01:01,060
And keep in mind, this is the same for both Windows seven or Windows ten.

15
00:01:01,960 --> 00:01:04,780
So it they both work basically the same way.

16
00:01:05,620 --> 00:01:10,840
And once that comes up, what we're going to do is drill into the feature administration tools and.

17
00:01:11,750 --> 00:01:12,500
Okay.

18
00:01:13,370 --> 00:01:18,890
So now we've got feature administration tools under remote server administration tools and in featured

19
00:01:18,890 --> 00:01:20,130
administration tools.

20
00:01:20,150 --> 00:01:23,120
You'll see here the group policy management tools are checked.

21
00:01:24,020 --> 00:01:25,790
Normally this would be unchecked.

22
00:01:25,790 --> 00:01:31,310
Right after you install the resets, you would come in here and check this and it would make the change

23
00:01:31,310 --> 00:01:37,640
and add PMC to your system so you'd be good to go and you can just come to your command prompt and type

24
00:01:37,850 --> 00:01:42,800
PMC Dot MSI, or you can go to administrative tools that actually aren't on the start menu.

25
00:01:43,610 --> 00:01:48,740
But if you had administrative tools in the start menu, you could see group policy management.

26
00:01:49,650 --> 00:01:51,120
That's one of the options.

27
00:01:52,020 --> 00:01:57,780
Now, if we shift gears to a server 2012 box, if I'm in server manager, which is sort of the, you

28
00:01:57,780 --> 00:02:03,360
know, the configuration dashboard for Windows Server as of 2008 or two and come in under management,

29
00:02:03,360 --> 00:02:04,620
add roles and features.

30
00:02:05,480 --> 00:02:06,490
Click next.

31
00:02:07,380 --> 00:02:08,400
Click next.

32
00:02:09,280 --> 00:02:12,580
Click next, click through the server roles.

33
00:02:12,580 --> 00:02:16,690
And once you get into features, you'll see group policy management as an option.

34
00:02:17,560 --> 00:02:23,530
Now this is an Active Directory domain controller and PMC gets installed by default when you promote

35
00:02:23,530 --> 00:02:25,600
an Active Directory domain controller.

36
00:02:26,510 --> 00:02:31,220
If this were just a member server, you could come down to this feature list and just click on group

37
00:02:31,220 --> 00:02:34,850
policy management and you would get that the PMC installed.

38
00:02:35,780 --> 00:02:40,700
So that's really all it takes to get PMC on your systems for managing group policy.

39
00:02:41,610 --> 00:02:46,260
You know, in terms of which is which platform is better to manage group policy.

40
00:02:47,150 --> 00:02:48,170
I know a lot of it.

41
00:02:48,320 --> 00:02:51,440
Shops that don't like administrators logging into servers.

42
00:02:52,340 --> 00:02:57,920
So there's a tend tends to be a preference of installing end and doing group policy management from

43
00:02:57,920 --> 00:03:01,010
a desktop SKU like Windows seven or Windows ten.

44
00:03:01,850 --> 00:03:04,940
I think it really just depends on your own best practices.

45
00:03:05,880 --> 00:03:08,070
I don't think one is better than the other.

46
00:03:09,000 --> 00:03:14,970
Some folks like to have all of their admin tools on their server box and they'll use that as kind of

47
00:03:14,970 --> 00:03:17,040
the place to go to do administration.

48
00:03:17,910 --> 00:03:21,480
I think that's perfectly reasonable if your policies allow that.

49
00:03:22,410 --> 00:03:27,060
So let's shift gears and talk a little bit about the cross domain stuff that I had mentioned.

50
00:03:27,960 --> 00:03:32,820
So PMC, as I mentioned, has the support for cross domain management.

51
00:03:33,690 --> 00:03:38,400
And what you can see here is that I've got the the forest that I am currently installed in is there

52
00:03:38,400 --> 00:03:39,780
to test scuttled.

53
00:03:40,990 --> 00:03:41,570
Okay.

54
00:03:41,590 --> 00:03:46,390
So what I am going to do is right click on the group policy management node on the top there.

55
00:03:47,340 --> 00:03:48,510
Select that forest.

56
00:03:48,510 --> 00:03:53,040
And I've got the name of a forest that I'm trusted with here called Steam Test Dot Net.

57
00:03:53,910 --> 00:03:56,070
And as you can see, it adds the forest.

58
00:03:56,070 --> 00:04:01,290
And then I have the ability to browse its GPOs, its own use and manage it just as I would manage the

59
00:04:01,290 --> 00:04:02,790
my own domain in forest.

60
00:04:03,710 --> 00:04:09,470
I'll also mention that if you click on the domains node and say show domains, if you are in a multi-domain

61
00:04:09,470 --> 00:04:14,420
forest, you could selectively show or hide domains in that forest using this dialogue.

62
00:04:15,260 --> 00:04:19,220
So there is a lot of options here in terms of managing multiple domains.

63
00:04:20,100 --> 00:04:24,750
And again, you have to have permissions to be able to edit domains on this foreign forest.

64
00:04:25,650 --> 00:04:30,630
You'll note the edit option is blanked out in in this for this particular GPO.

65
00:04:31,470 --> 00:04:37,200
And that's because even though I can read the GPOs and read the ad structure in steam test dot net.

66
00:04:38,100 --> 00:04:44,160
I cannot actually write to or edit those GPOs unless I'm explicitly given permissions to do so in that

67
00:04:44,160 --> 00:04:44,700
domain.

68
00:04:45,600 --> 00:04:52,140
So that's just a something to keep in mind as you're managing, you know, remote domains through PMC.

69
00:04:52,980 --> 00:04:56,790
And again, remember, the PMC requires those trusts.

70
00:04:57,730 --> 00:05:03,250
It doesn't support this notion of a run as like some of the other Active Directory related tools do.

71
00:05:04,060 --> 00:05:08,980
So you need to have trust to all the domains that you're managing in order to actually read, end and

72
00:05:08,980 --> 00:05:11,230
potentially write to those GPOs.