This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.
Other Group Policy Management Tools
|
365
Locating GPT Files on Domain Controllers
For various reasons—for example, to diagnose a problem with available GPOs prop-
agating in your domain to administrative workstations—you might want to inspect
the directory structure of the GPTs for certain GPOs. First, you need to retrieve the
specific GUID for the policy, and then you can find the folder that contains the hard
files associated with that policy.
To actually match a specific policy within Active Directory to the specific GPT files
on a domain controller inside its SYSVOL share, first you need to locate the GUID
on the container in Active Directory where the GPO is applied. Using the GPMC,
select the appropriate GPO, and then select the Details tab in the righthand pane.
Copy the GUID from there. Then, open Explorer and navigate to \\domainname.com\
sysvol, which will open the SYSVOL share on the nearest domain controller. Open
the Policies directory, and then open the folder whose name matches the GUID of
the GPO you selected within the GPMC.
Hopefully, you probably will not need to do this very often, as the interface and
propagation techniques for GP in Windows Server 2003 are resilient and efficient.
But the information is indeed here, just in case.
Other Group Policy Management Tools
It’s important to note that there are several paid third-party tools available to assist
you in managing GPOs, their scope and effect, and their application, including the
following:
FAZAM
FAZAM tracks changes to GPOs, provides version control for GPOs, allows new
or changed GPOs to move into production only after being tested and approved,
eliminates the risk of making changes to a live production environment, handles
multiple users making simultaneous changes, and enhances GPO administra-
tion delegation. However, there are reports that this tool does not work well
with Windows 2000 and is fully functional only on Windows Server 2003.
FAZAM is available at http://www2.fullarmor.com/solutions/group.
Table 6-2. Common CSE GUIDs
CSE GUID
Application Management
C6DC5466-785A-11D2-84D0-00C04FB169F7
Folder Redirection 25537BA6-77A8-11D2-9B6C-0000F8080861
IP Security E437BC1C-AA7D-11D2-A382-00C04F991E27
Scripts 42B5FAAE-6536-11D2-AE5A-0000F87571E3
Security 827D319E-6EAC-11D2-A4EA-00C04F79F83A

Get Learning Windows Server 2003, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.