TechNotes

caiphn · April 2007

Hello everyone. I used this sites TechNotes, forum and TestOut for my Network+ exam and passed quite easily, in fact felt sort of over-studied afterwards. (Perhaps I just got an easier test) Now it would be to my advantage to get my 70-290. I am going through the TechNotes right now, and had a few questions and comments. (I am a huge fan of the notes on this site, and have used them for A+ OS/HW and Network+ and found them to be brilliant!) Please excuse my ignorance in regards to any silly questions.

Re: TechNotes: Managing Groups

In the 'Groups' paragraph, the last sentence states 'Which item a group can contain and where they can be used for....' should it not read what they can be used for?

In The 'Group Types' paragraph, the definition of Security Groups reads 'Security groups are also used for assigning right to users..' where it should be rights. I know these are minor grammatical details, just something I noticed.

Question: What is the good, straight forward definition of Group Policy? I was reading a Wikipedia definition, and like I said, I'm a little slow so bare with me:

The policy settings are stored in Group Policy Objects (GPOs). A GPO is internally referenced by a Globally Unique Identifier (GUID). In the notes it mentions security groups are also used for assigning rights to users, for example by using group policies. How does the group type 'security groups' tie into Group Policies?

What does it mean that a GPO is internally referenced by a GUID? Internally referenced is what I'm hungup on. Thanks!

Does functional level simply refer to the operating system?

rock360 · April 2007

[qoute]Question: What is the good, straight forward definition of Group Policy? I was reading a Wikipedia definition, and like I said, I'm a little slow so bare with me:

The policy settings are stored in Group Policy Objects (GPOs). A GPO is internally referenced by a Globally Unique Identifier (GUID). In the notes it mentions security groups are also used for assigning rights to users, for example by using group policies. How does the group type 'security groups' tie into Group Policies?

What does it mean that a GPO is internally referenced by a GUID? Internally referenced is what I'm hungup on. Thanks!

Does functional level simply refer to the operating system?[/quote]

Because theres two groups type, security and distrobution, security groups are for assigning user rights so obviously there the ones that use group policys. A guid is a 128 (?) bit number for that specific group policy, since gpos can be used at more than one group that's its referance number pretty much.

dynamik · April 2007

I'd say the first two are grammatical errors, although groups do kind of have a "where" aspect associated with them as you can assign them to different domains, etc.

Think of a GPO as a user or computer setting with a varying range of affect. GPOs can be Local or assigned to a OU, Site, or Domain. You can use GPOs to do things such as publish software to users, manage password complexity and remove the "run" option for users. There are hundreds of these that can be adjusted to suit your needs. The best way to get acquainted with them is to just browse around and see what's available.

A GUID is just a number that all objects have, which windows uses to reference them. Users, computers, etc. all have GUIDs. Just think of it as being akin to DNS where domain.com is really just a friendly name for 123.123.123.13. Would you rather modify the "Password Complexity" setting or the 3F2504E0-4F89-11D3-9A0C-0305E82C3301 setting? Scroll down to the "uses" section: http://en.wikipedia.org/wiki/Guid

Security groups are used to control access while distribution groups are used for things such as email lists. However, You can't assign GPOs to groups. You can only assign them to OUs, Sites, and Domains, in addition to the Local Computer Policy.

The functional level does not refer to the OS version. Think of functional levels as compatibility levels where different features are available. There are different functional levels for working with NT4 DCs, 2000 DCs, or strictly 2003 DCs. Obviously you're going to have less and less features available the further you go back.

rock360 · April 2007

wth? you cant assign GPO's to groups??

dynamik · April 2007

MS wouldn't really create counterintuitive naming conventions like that, would they?

sprkymrk · April 2007

rock360 wrote:

wth? you cant assign GPO's to groups??

Nope.

http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx

Q. Can I apply a Group Policy object directly to a security group?
A. You cannot apply a Group Policy object directly to a security group. However, you can use security filtering to refine which users or computers will receive and apply Group Policy settings. The Group Policy Management Console (GPMC) is the tool to manage security filtering. For more information about security filtering, see the Core Group Policy Technical Reference.

royal · April 2007

You can use Groups to filter what groups get assigned a GPO, however.

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html

Webmaster · April 2007

In the 'Groups' paragraph, the last sentence states 'Which item a group can contain and where they can be used for....' should it not read what they can be used for?

I guess my Dutch sneaked in there. It should indeed be 'what' in English (in Dutch it's 'waarvoor' litterally 'wherefor' meaning 'for what'.)

In The 'Group Types' paragraph, the definition of Security Groups reads 'Security groups are also used for assigning right to users..' where it should be rights.

Yes, rights instead of right.

I know these are minor grammatical details, just something I noticed.

I'm thankful you reported them, I'll fix them both today.

And thanks for the kind words on the TechNotes!

Johan

caiphn · May 2007

Thanks for the indepth explanation, dynamik. Much appreciated, it is much clearer to me now.

TechNotes

Comments