UC Davis Active Directory Project (05/06/2003)

 

 

Applying Group Policy Templates (Generic)

 

This document is written for importing security templates into the Domain and Domain Controller level group policies.  You can follow the same steps to import security templates into OU level group policies.

 

Requirements for this step:

            Enterprise Administrator / Administrative Rights to an OU

 

 

Installation Steps

 

01] Gain access to Security Templates

02] Setup Group Policies and Import Security Templates

 

 

 

GAIN ACCESS TO SECURITY TEMPLATES  

 

The first thing you will need to do is to download the security templates provided.  These can be found on the Instructions and Downloads page (http://xeda.ucdavis.edu/docs). 

 

To create your own security templates, open an MMC console, add the Security Templates snap-in, choose a folder, right-click and choose New Template.

 

 

 

SETUP GROUP POLICIES AND IMPORT SECURITY TEMPLATES

 

01] Logon to the machine you will be using to setup the policies.  For out demonstrations, we logged onto banner3a.dept3.tr.ucdavis.edu.  You will need to have administrative rights to the section of Active Directory Users & Computers that you are assigning group policies too.

 

02] Open Active Directory Users & Computers.  You may use the built-in console, or use a custom MMC.

 

03] We will first be assigning security templates for the Domain Policy.  Right-click on the domain, and choose Properties.

 

                       

 

04] You will now see the property sheet for the domain.  Choose the Group Policy tab.

 

                       

 

05] Press the New button to create a new group policy.

 

                       

 

06] Name the group policy appropriately.  For our case, we will name if UCD - Domain Policy.

 

                       

 

07] Select the Properties button when the new group policy is selected.  Check the Security tab.  The default permissions should be acceptable.  Make sure the Authenticated Users have the check box for Apply Group Policy.  Hit OK when you are done.

 

                       

 

08] Now, select the Edit button.  This will bring up the Group Policy Editor.  Browse through Computer Configuration | Windows Settings | Security Settings.  Right-click on the Security Settings and choose Import Policy….

 

                       

 

09] Browse to the location of the security template you downloaded.  Select the proper security template.  Check the Clear this database before importing checkbox.  This will remove all other information in the Security Settings section of the group policy.  Click Open.  Hit okay several times to close the Group Policy editor and property sheets.

 

                       

 

10] We have now setup a new domain policy.  We will now configure a domain controller policy.  In the Active Directory Users and Computers console, select the Domain Controllers OU, right-click, and choose Properties.

 

                       

 

11] Hit the New button to create a new group policy.

 

                       

 

12] Name the group policy.  We will name this policy UCD - Domain Controller Policy.

 

                       

 

13] Press the Properties button.  Choose the Security tab.  Make sure Authenticated Users has Apply Group Policy checked.  Press the Okay button.

 

                       

 

14] Now, select the Edit button.  This will bring up the Group Policy Editor.  Browse through Computer Configuration | Windows Settings | Security Settings.  Right-click on the Security Settings and choose Import Policy….

 

                       

 

15] Browse to the location of the security template you downloaded.  Select the proper security template.  Check the Clear this database before importing checkbox.  This will remove all other information in the Security Settings section of the group policy.  Click Open.  Hit okay several times to close the Group Policy editor and property sheets.

 

                       

 

16] Now we need to setup the User Rights.  We do not have an import template for User Rights, since the rights are based on SIDS, which are different for each domain.  First, we will walk through how to set the rights.  The list of User Rights to assign can be downloaded from the Instructions and Documents section of the http://xeda.ucdavis.edu web site.

 

First, in the Group Policy Editor, browse to Computer Configuration | Windows Settings | Security Settings | User Rights Assignment.  You will see a large list of possible policies.  Double-click on the chosen policy.

 

                       

 

            You will now see a windows listing who has been granted access to this policy.  Select the Add button.

 

                       

 

You are now at a list box where you can enter accounts.  However, it is much easier to select the Browse button.

 

                       

 

            You can now select accounts and groups from any domain in the Active Directory.

 

                       

 

17] Congratulations.  You have applied security templates to group policies.