1
00:00:03,060 --> 00:00:07,500
Now let's review what we've learned about group policy preferences in this module.

2
00:00:07,530 --> 00:00:13,290
So group policy preferences provides a variety of non enforced settings on everything from local user

3
00:00:13,290 --> 00:00:15,720
management to drive mapping to power options.

4
00:00:15,900 --> 00:00:17,490
The list is fairly long.

5
00:00:18,390 --> 00:00:24,390
It also supports four action types within each of those areas, or within at least most of those areas.

6
00:00:24,420 --> 00:00:29,730
Not all of them support these action types, but many of them do, including the ones that we looked

7
00:00:29,730 --> 00:00:32,940
at and they are create, update, replace and delete.

8
00:00:33,900 --> 00:00:39,720
Now of those replace will basically make a preference act a lot like a non tattooing registry entry

9
00:00:39,720 --> 00:00:44,850
from admin templates because it will be removed and then re added that each processing cycle.

10
00:00:45,840 --> 00:00:52,050
So item level targeting is a feature that's available in GP preferences and it allows for setting filtering

11
00:00:52,050 --> 00:00:54,390
based on up to 27 criteria.

12
00:00:54,540 --> 00:00:59,520
Everything from is the computer running on battery to the IP subnet of the computer.

13
00:00:59,640 --> 00:01:02,070
To all you the computer is in to the group.

14
00:01:02,070 --> 00:01:05,100
The user is in a wide variety of criteria.

15
00:01:06,010 --> 00:01:11,380
And these can be combined with each other to form sort of complex conditional statements about the state

16
00:01:11,380 --> 00:01:15,340
of the user computer and whether or not it processes those preferences.

17
00:01:16,340 --> 00:01:22,130
So we looked at cheap local user and group management and that's an area of GP preferences that allows

18
00:01:22,130 --> 00:01:27,840
you to manage locally user and group creation as well as updates and deletes to those two types of objects.

19
00:01:27,860 --> 00:01:33,830
And remember we did talk about the password issue within GPP preferences and how passwords and their

20
00:01:33,830 --> 00:01:38,090
use have been deprecated by Microsoft because they're not stored securely.

21
00:01:39,050 --> 00:01:45,800
So areas like local users and groups, services, dried mappings, ODC data sources and scheduled tasks

22
00:01:45,800 --> 00:01:51,440
all implement or let you implement password policies or password changes or password storage.

23
00:01:51,620 --> 00:01:53,990
And all of those can be considered unsecure.

24
00:01:54,950 --> 00:02:00,440
So you'll want to make sure that if you use those, you tread with caution, because essentially they

25
00:02:00,440 --> 00:02:03,110
can't be they shouldn't be considered secure.

26
00:02:04,130 --> 00:02:06,200
GPP drive and printer mappings.

27
00:02:06,380 --> 00:02:11,660
We looked into those and showed how you can map drives to you and see paths and you can control who

28
00:02:11,660 --> 00:02:15,920
gets those drive mappings based on an item level target for security groups.

29
00:02:16,040 --> 00:02:17,060
As an example.

30
00:02:17,980 --> 00:02:24,040
Printer mappings, you can have shared printers, TCP IP printers or local printers, and you can map

31
00:02:24,040 --> 00:02:25,900
both per computer or per user.

32
00:02:25,930 --> 00:02:31,780
And then finally, we looked at the GPP registry extension, which allows that kind of free form delivery

33
00:02:31,780 --> 00:02:33,070
of registry values.

34
00:02:34,040 --> 00:02:39,050
You can either enter individual values or you can create collections of values where you can use the

35
00:02:39,050 --> 00:02:44,330
registry wizard, which we went through, to basically capture the state of a particular set of registry

36
00:02:44,330 --> 00:02:49,940
keys and values from a known good machine and propagate that out to all other machines or users that

37
00:02:49,940 --> 00:02:51,200
process, that preference.

38
00:02:52,180 --> 00:02:54,970
So lots of power within GPP registry.

39
00:02:54,970 --> 00:03:01,300
And I'd go so far as to say that unless you have to use admin templates, GPP registry is a much better

40
00:03:01,300 --> 00:03:06,670
way to make registry changes because it does allow that kind of free form ability within the UI.

41
00:03:07,570 --> 00:03:13,270
So when the next module, we're going to dive into another scenario, which is the use of scripts both

42
00:03:13,270 --> 00:03:18,460
start up and shut down as well as log on and log off scripts within group policy.