MCITP Self-Paced Training Kit (Exam 70-686): Windows® 7 Enterprise Desktop Administrator > Lesson 2: Creating a Client Baseline Configuration > Using GPO Accelerator

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

MCITP Self-Paced Training Kit (Exam 70-686): Windows® 7 Enterprise Desktop Administrator

Search

Table of Contents

MCITP Self-Paced Training Kit (Exam 70-686): Windows® 7 Enterprise Desktop Administrator

A Note Regarding Supplemental Files

Exam 70-686: Pro: Windows 7, Enterprise Desktop Administrator

Introduction

1. Preparing to Deploy Windows 7

2. Designing a Client Life Cycle

3. Creating and Managing System Images

4. Configuring Clients

Before You Begin

Lesson 1: Designing a Client Configuration Strategy

Lesson 2: Creating a Client Baseline Configuration

Deploying a Baseline Configuration

Using GPO Accelerator

Configuring Windows Error Reporting

Creating Auditing Policies

Creating a Folder Redirection Policy

Designing a User Profile Strategy

Lesson Summary

Lesson Review

Chapter Review

5. Configuring Security and Internet Explorer

6. Designing a Windows 7 Client Deployment Strategy

7. Designing Lite-Touch and Zero-Touch Deployments

8. Planning a Windows 7 Client Update Strategy

9. Deploying Applications

10. Using Application Deployment Tools

11. Troubleshooting Internet Explorer and Group Policy Issues

12. Troubleshooting Networking and Authentication-Authorization Issues

A. Answers

Glossary

B. About the Authors

C. System Requirements

Index

About the Authors

Although many desktop administrators create their baseline configurations from scratch by creating new, empty GPOs, you can choose from other alternatives. The GPO Accelerator is a command-line tool provided by Microsoft that enables administrators to implement the EC or SSLF workstation environment automatically on an AD DS network.

The GPO Accelerator is a free download, included as part of the Security Compliance Management Toolkit. When you execute the GPOAccelerator.msi file on a Windows server or workstation, the installer adds a script file called GPOAccelerator.wsf and an executable called GPOAccelerator.exe.

In this case, the script file does all the work. The executable is just a wizard that enables you to select program features using a graphical interface, as shown in Figure 4-30. After you make your selections, the wizard executes the script from the command line, inserting the appropriate parameters.

Figure 4-30. The graphical interface for GPO Accelerator

When you run GPOAccelerator, the tool first creates the appropriate GPOs, as shown in Figure 4-31, and populates them with a standardized group of configuration settings for the environment you have chosen.

Figure 4-31. GPOs created by GPO Accelerator

Then the GPO Accelerator can create a hierarchy of OUs in your domain, as shown in Figure 4-32, and link the GPOs to the proper OUs.

Figure 4-32. OUs created by GPO Accelerator

The GPOs that the GPOAccelerator tool creates contain a large variety of settings, including the following:

Password policies that force users to change their passwords regularly
Account lockout policies that prevent people from trying to guess user passwords
Audit policies that monitor security events
Event log settings that enlarge the sizes of the logs
Windows Update settings that cause workstations to download updates and prompt for installation

These and many other settings implement the EC and SSLF environments described in the “Windows 7 Security Guide.” Although Microsoft has tested these environments in typical settings, you must test them thoroughly yourself on your own network before you implement them on a production network.