ISBN 9788120335059,Windows Administration: Productivity Solutions For It Professionals: Resource Kit

Windows Administration: Productivity Solutions For It Professionals: Resource Kit




Microsoft Press



Microsoft Press

Publication Year 2008

ISBN 9788120335059

ISBN-10 8120335058


Number of Pages 752 Pages
Language (English)

Computer programming

The definitive resource for improving Windows administrator productivity. This book is an ideal addition to any administrator's toolkit. It delivers solutions to the issues Windows administrators face every day. Table of Contents Introduction Document Conventions System Requirements Web-Based Content Find Additional Content Online Companion Media Using the Scripts Resource Kit Support Policy Solution Collection 1: Role-Based Management Scenarios, Pain, and Solution The 80/20 rule Scripts and tools on the companion media Microsoft and third-party tools The Windows Administration Resource Kit online community Enough, already! 1-1: Enumerate a User's (or Computer's) Group Memberships Solution overview Introduction Active Directory Users and Computers DS commands Creating a batch script Enumerating group membership with VBScript Why VBScript? Next steps For more information Solution summary 1-2: Create a GUI Tool to Enumerate Group Memberships Solution overview Introduction HTML Applications Create an HTA For more information Solution summary 1-3: Extend Active Directory Users and Computers to Enumerate Group Memberships Solution overview Introduction Arguments and HTAs Integrating a custom HTA with an MMC snap-in using tasks Integrating a custom HTA with an MMC snap-in using display specifiers Tasks or display specifiers Solution summary 1-4: Understand Role-Based Management Solution overview Introduction Role groups Capability management groups Role groups are nested into capability management groups Other nesting Data, business logic, and presentation Third-party tools Solution summary 1-5: Implement Role-Based Access Control Solution overview Introduction Role groups Capability management groups Representing business requirements Implementing capabilities Automating and provisioning Solution summary 1-6: Reporting and Auditing RBAC and Role-Based Management Solution overview Introduction My Memberships Access Report Auditing internal compliance of your role-based access control Solution summary 1-7: Getting to Role-Based Management Solution overview Introduction A review of role-based management Discussing and selling role-based management The road to role-based management Token size Solution summary Solution Collection 2: Managing Files, Folders, and Shares 89 Scenarios, Pain, and Solution 2-1: Work Effectively with the ACL Editor User Interfaces Solution overview Introduction The ACL editor Evaluating effective permissions Solution summary 2-2: Manage Folder Structure Solution overview Introduction Create a folder structure that is wide rather than deep Use DFS namespaces to present shared folders in a logical hierarchy Solution summary 2-3: Manage Access to Root Data Folders Solution overview Introduction Create one or more consistent root data folders on each file server Use Group Policy to manage and enforce ACLs on root data folders Solution summary 2-4: Delegate the Management of Shared Folders Solution overview Introduction Dedicate servers that perform a file server role Manage the delegation of administration of shared folders Solution summary 2-5: Determine Which Folders Should Be Shared Solution overview Introduction Determine which folders should be shared Solution summary 2-6: Implement Folder Access Permissions Based on Required Capabilities Solution overview Introduction Implement a Read capability Implement a Browse To capability Implement an Edit capability Implement a Contribute capability Implement a Drop capability Implementing a Support capability Create scripts to apply permissions consistently Manage folder access capabilities using role-based access control Solution summary 2-7: Understand Shared Folder Permissions (SMB Permissions) Solution overview Introduction Scripting SMB permissions on local and remote systems Solution summary 2-8: Script the Creation of an SMB Share Solution overview Introduction Using Share_Createvbs Customizing Share_Createvbs Understanding Share_Createvbs Solution summary 2-9: Provision the Creation of a Shared Folder Solution overview Introduction Using Folder_Provisionhta Basic customization of Folder_Provisionhta Understanding the code behind Folder_Provisionhta and advanced customization Solution summary 2-10: Avoid the ACL Inheritance Propagation Danger of File and Folder Movement Solution overview Introduction See the bug-like feature in action What in the world is going on? Solving the problem Change the culture, change the configuration Solution summary 2-11: Preventing Users from Changing Permissions on Their Own Files Solution overview Introduction What about object lockout? Solution summary 2-12: Prevent Users from Seeing What They Cannot Access Solution overview Introduction One perspective: Don't worry about it A second perspective: Manage your folders A third perspective and a solution: Access-based Enumeration Solution summary 2-13: Determine Who Has a File Open Solution overview Introduction Using FileServer_OpenFilevbs Understanding FileServer_OpenFilevbs Solution summary 2-14: Send Messages to Users Solution overview Introduction Using Message_Notificationvbs Understanding Message_Notificationvbs Using PSExec to execute a script on a remote machine Listing the open sessions on a server Using and customizing FileServer_NotifyConnectedUsersvbs Solution summary 2-15: Distribute Files Across Servers Solution overview Introduction Using Robocopy to distribute files Using DFS Replication to distribute files Solution summary 2-16: Use Quotas to Manage Storage Solution overview Introduction What's new in quota management Quota templates Apply a quota to a folder Solution summary 2-17: Reduce Help Desk Calls to Recover Deleted or Overwritten Files Solution overview Introduction Enabling shadow copies Understanding and configuring shadow copies Accessing previous versions Solution summary 2-18: Create an Effective, Delegated DFS Namespace Solution overview Introduction Creating DFS namespaces Delegating DFS namespaces Linking DFS namespaces Presenting DFS namespaces to users Solution summary Solution Collection 3: Managing User Data and Settings Scenarios, Pain, and Solution 3-1: Define Requirements for a User Data and Settings Framework Solution overview Introduction Understand the business requirements definition exercise Define the high-level business requirements Determine key design decision that is derived from high-level business requirements Define requirements derived from key design decisions Solution summary 3-2: Design UDS Components That Align Requirements and Scenarios with Features and Technologies (Part I) Solution overview Introduction Understand UDS options Align user data and settings options with requirements and scenarios Validate the outcome for desktop, roaming, relocated, and traveling users Solution summary 3-3: Create, Secure, Manage, and Provision Server-Side User Data Stores Solution overview Introduction Create the user data store root folder Align physical namespace with management requirements such as quotas Provision the creation of data stores Configure file screens Solution summary 3-4: Create the SMB and DFS Namespaces for User Data Stores Solution overview Introduction Create the SMB namespace for user data and settings stores Design the logical view of user data and settings stores with DFS Namespaces Build a DFS namespace to support thousands of users Understand the impact of data movement and namespace changes Consider the impact of %username% changes Build an abstract DFS namespace for user data and settings (no site-based namespace, preferably no human names) Automate and provision the creation of user data stores and DFS namespaces Solution summary 3-5: Design and Implement Folder Redirection Solution overview Introduction Understand the role of folder redirection Configure folder redirection policies Configure folder redirection targets Configure folder redirection settings Support redirection for users on both Windows XP and Windows Vista Redirect without Group Policy: Favorites, Music, Pictures, and Videos Achieve a unified redirected folder environment for Windows XP and Windows Vista Solution summary 3-6: Configure Offline Files Solution overview Introduction Understand the cache Understand caching Understand synchronization Understand offline mode Leverage offline files for the UDS framework Put offline files to use Solution summary 3-7: Design and Implement Roaming Profiles Solution overview Introduction Analyze the structure of the Windows Vista user profile Review the components that create the user profile Configure the folders that will not roam Configure roaming profiles Recognize the "V2" of Windows Vista roaming profiles Unify the experience of Windows XP and Windows Vista users Work through the FOLKLORE of roaming profiles Identify the benefit of roaming profiles Manage the Application Data (AppDataRoaming) folder Solution summary 3-8: Manage User Data That Should Not Be Stored on Servers Solution overview Introduction Identify the types of data you want to manage as local only Design a local-only data folder structure Implement local-only file folders Ensure that applications will find relocated media folders Redirect Windows XP media folders that you are treating as local only Provide a way for users to find relocated folders Communicate to users and train them regarding local-only data Solution summary 3-9: Manage User Data That Should Be Accessed Locally Solution overview Introduction Determine the name for a local files folder Option 1: Use a roaming profile folder Option 2: Leverage offline files (Windows Vista only) Option 3: Create a local folder that is backed up to a network store Solution summary 3-10: Back Up Local Data Stores for Availability, Mobility, and Resiliency Solution overview Introduction Define the goals of a synchronization solution Utilize Robocopy as a backup engine Leverage Folder_Synchvbs as a wrapper for Robocopy Deploy Folder_Synchvbs and Robocopoy Determine how and when to run Folder_Synchvbs for each local store Launch Folder_Synchvbs manually Enable users to right-click a folder and back it up using a shell command Compare manual options for Folder_Synchvbs Run Folder_Synchvbs automatically Run Folder_Synchvbs as a scheduled task Run Folder_Synchvbs as a logon, logoff, startup, or shutdown script Log and monitor synchronization Solution summary 3-11: Design UDS Components That Align Requirements and Scenarios with Features and Technologies (Part II) Solution overview Introduction Recognize the crux of the challenge Identify the desired classes of data stores Analyze and classify your user data stores and data Solution summary Solution Collection 4: Implementing Document Management and Collaboration with SharePoint Scenarios, Pain, and Solution 4-1: Create and Configure a Document Library Solution overview Introduction Create a site Create a document library Configure document library settings Configure the document library title Enable or disable folders within the document library Change the default template for the library Configure security for a document library Solution summary 4-2: Manage Document Metadata Using Library and Site Columns Solution overview Introduction Create a column Work with custom columns from Microsoft Office clients Work with document properties from the SharePoint Web interface Modify or delete library columns Reorder columns Manage site columns Create site columns Use a site column in a list or library Modify and delete site columns Solution summary 4-3: Implement Managed Content Types Solution overview Introduction Create a content type Add one or more content types to a list or library Understand child site and list content types Protect a content type by making it read-only Do not change default SharePoint content types Solution summary 4-4: Configure Multiple Templates for a Document Library Solution overview Introduction Create a central library for templates Configure a content type for a template Configure a library to support the content types Solution summary 4-5: Add, Save, and Upload Documents to a Document Library Solution overview Introduction Create a new document with the New command Upload documents with the Upload commands Add documents to document libraries with Windows Explorer Save to a document library from a SharePoint-compatible application E-mail-enable a document library Solution summary 4-6: Create Shortcuts to Document Libraries for End Users Solution overview Introduction Create Network Places (Windows XP) Create Network Locations (Vista) Solution summary 4-7: Quarantine and Manage Uploads to a Document Library with Multiple Content Types Solution overview Introduction Solution summary 4-8: Work with Documents in a Document Library Solution overview Introduction View a document in a document library Edit a document in a document library Open a document with Office 2007 clients installed Solution summary 4-9: Monitor Changes to Libraries or Documents with Alerts and RSS Solution overview Introduction Subscribe to e-mail alerts for a library or document Monitor library activity using RSS Solution summary 4-10: Control Document Editing with Check Out Solution overview Introduction Require document checkout Check out a document Understand the user experience while a document is checked out Manage document check in Solution summary 4-11: Implement and Maintain Document Version History Solution overview Introduction Configure version history Manage the creation of major and minor versions Manage document versions Compare document versions Solution summary 4-12: Implement Content Approval Solution overview Introduction Configure content approval Understand the interaction of content approval, versioning, and checkout Solution summary 4-13: Implement a Three-State Workflow Solution overview Introduction Configure the choice field for the state Configure the three-state workflow Launch and manage workflows Solution summary 4-14: Organize and Manage Documents with Folders and Views Solution overview Introduction Use folders to scope document management Use views to scope the presentation and management of documents Solution summary 4-15: Configure WSS Indexing of PDF Files Solution overview Introduction Disable search within a library Enable indexing of PDFs Assign an icon to unrecognized file types Solution summary 4-16: Work with SharePoint Files Offline Solution overview Introduction Download a copy of a file Provide offline access to files using the local cache Use Outlook 2007 to take libraries and lists offline Other options for offline use of SharePoint document libraries Solution summary Solution Collection 5: Active Directory Delegation and Administrative Lock Down Scenarios, Pain, and Solution 5-1: Explore the Components and Tools of Active Directory Delegation Solution overview Introduction Use Active Directory object ACLs and ACL editor interfaces Manage access control entries on Active Directory objects Adhere to the golden rules of delegation Apply permissions with a friend: The Delegation Of Control Wizard Manage the presentation of your delegation Solution summary 5-2: Customize the Delegation Of Control Wizard Solution overview Introduction Locate and understand Delegwizinf Customize Delegwizinf Use Microsoft's super-duper Delegwizinf Solution summary 5-3: Customize the Permissions Listed in the ACL Editor Interfaces Solution overview Introduction Recognize that some permissions are hidden Modify Dssecdat Ensure the visibility of permissions that you are delegating Solution summary 5-4: Evaluate, Report, and Revoke Active Directory Permissions Solution overview Introduction Use Dsacls to report Active Directory permissions Use ACLDiag to report Active Directory permissions Use ADFind to report Active Directory permissions Use DSRevoke to report Active Directory permissions Evaluate permissions assigned to a specific user or group Revoke Active Directory permissions with DSRevoke Revoke Active Directory permissions with Dsacls Reset permissions to Schema defaults Solution summary 5-5: Assign and Revoke Permissions with Dsacls Solution overview Introduction Identify the basic syntax of Dsacls Delegate permissions to manage computer objects Grant permissions to manage other common object classes Use Dsacls to delegate other common tasks Solution summary 5-6: Define Your Administrative Model Solution overview Introduction Define the tasks that are performed Define the distinct scopes of each task Bundle tasks within a scope Identify the rules that currently perform task bundles Solution summary 5-7: Role-Based Management of Active Directory Delegation Solution overview Introduction Identify the pain points of an unmanaged delegation model Create capability management groups to manage delegation Assign permissions to capability management groups Delegate control by adding roles to capability management groups Create granular capability management groups Report permissions in a role-based delegation Solution summary 5-8: Scripting the Delegation of Active Directory Solution overview Introduction Recognize the need for scripted delegation Script delegation with Dsacls Solution summary 5-9: Delegating Administration and Support of Computers Solution overview Introduction Define scopes of computers Create capability management groups to represent administrative scopes Implement the delegation of local administration Manage the scope of delegation Get the Domain Admins group out of the local Administrators groups Solution summary 5-10: Empty as Many of the Built-in Groups as Possible Solution overview Introduction Delegate control to custom groups Identify protected groups Don't bother trying to un-delegate the built-in groups Solution summary Solution Collection 6: Improving the Management and Administration of Computers Scenarios, Pain, and Solution 6-1: Implement Best Practices for Managing Computers in Active Directory Solution overview Introduction Establish naming standards for computers Identify requirements for joining a computer to the domain Design Active Directory to delegate the management of computer objects Delegate permissions to create computers in the domain Create a computer object in Active Directory Delegate permissions to join computers using existing computer objects Join a computer to the domain Ensure correct logon after joining the domain Solution summary 6-2: Control the Addition of Unmanaged Computers to the Domain Solution overview Introduction Configure the default computer container Solution summary 6-3: Provision Computers Solution overview Introduction Use Computer_JoinDomainhta Provision computer accounts with Computer_JoinDomainhta Create an account and join the domain with Computer_JoinDomainhta Understand Computer_JoinDomainhta Distribute Computer_JoinDomainhta Solution summary 6-4: Manage Computer Roles and Capabilities Solution overview Introduction Automate the management of desktop and laptop groups Deploy software with computer groups Identify and manage other computer roles and capabilities Solution summary 6-5: Reset and Reassign Computers Solution overview Introduction Rejoin a domain without destroying a computer's group memberships Replace a computer correctly by resetting and renaming the computer object Replace a computer by copying group memberships and attributes Solution summary 6-6: Establish the Relationship Between Users and Their Computers with Built-in Properties Solution overview Introduction Use the managedBy attribute to track asset assignment of a computer to a single user or group Use the manager attribute to track asset assignment of computers to a user Solution summary 6-7: Track Computer-to-User Assignments by Extending the Schema Solution overview Introduction Understand the impact of extending the schema Plan the ComputerAssignedTo attribute and ComputerInfo object class Obtain an OID Register the Active Directory schema snap-in Make sure you have permission to change the schema Connect to the schema master Create the ComputerAssignedTo attribute Create the ComputerInfo object class Associate the ComputerInfo object class with the Computer object class Give the ComputerAssignedTo attribute a friendly display name Allow the changes to replicate Delegate permission to modify the attribute Integrate the Computer_AssignTohta tool with Active Directory Users and Computers Add other attributes to computer objects Solution summary 6-8: Establish Self-Reporting of Computer Information Solution overview Introduction Determine the information you wish you had Decide where you want the information to appear Report computer information with Computer_InfoToDescriptionvbs Understand Computer_InfoToDescriptionvbs Expose the report attributes in the Active Directory Users and Computers snap-in Delegate permissions for computer information reporting Automate computer information reporting with startup and logon scripts or scheduled tasks Take it to the next level Solution summary 6-9: Integrate Computer Support Tools into Active Directory Users and Computers Solution overview Introduction Add a "Connect with Remote Desktop" command Add an "Open Command Prompt" command Execute any command remotely on any system Use Remote_Commandhta to create specific command tasks for remote administration Solution summary Solution Collection 7: Extending User Attributes and Management Tools Scenarios, Pain, and Solution 7-1: Best Practices for User Names Solution overview Introduction Establish best practice standards for user object name attributes Implement manageable user logon names Prepare to add the second "John Doe" to your Active Directory Solution summary 7-2: Using Saved Queries to Administer Active Directory Objects Solution overview Introduction Create a custom console that shows all domain users Control the scope of a saved query Build saved queries that target specific objects Understand LDAP query syntax Identify some useful LDAP queries Transfer saved queries between consoles and administrators Leverage saved queries for most types of administration Solution summary 7-3: Create MMC Consoles for Down-Level Administrators Solution overview Introduction Create a console with saved queries Create a taskpad with tasks for each delegated ability Add productive tools and scripts to the taskpads Add procedures and documentation to the console Create an administrative home page within the console Add each taskpad to the MMC favorites Create navigation tasks Save the console in User mode Lock down the console view Distribute the console Solution summary 7-4: Extending the Attributes of User Objects Solution overview Introduction Leverage unused and unexposed attributes of user objects Extend the schema with custom attributes and object classes Create an attribute that exposes the computer to which a user is logged on Create an attribute that supports users' software requests Solution summary 7-5: Creating Administrative Tools to Manage Unused and Custom Attributes Solution overview Introduction Display and edit the value of an unexposed attribute Use the Object_Attributevbs script to display or edit any single-valued attribute Use Object_Attributehta to view or edit single-valued or multivalued attributes Solution summary 7-6: Moving Users and Other Objects Solution overview Introduction Understand the permissions required to move an object in Active Directory Recognize the denial-of-service exposure Carefully restrict the delegation to move (delete) objects Delegate highly sensitive tasks such as object deletion to tertiary administrative credentials Proxy the task of moving objects Solution summary 7-7: Provisioning the Creation of Users Solution overview Introduction Examine a user-provisioning script Create graphical provisioning tools Solution summary Solution Collection 8: Reimagining the Administration of Groups and Membership Scenarios, Pain, and Solution 8-1: Best Practices for Creating Group Objects Solution overview Introduction Create groups that document their purpose Protect groups from accidental deletion Consider the group type: security vs distribution Consider group scope: global, domain local, and universal Solution summary 8-2: Delegate Management of Group Membership Solution overview Introduction Examine the member and memberOf attributes Delegate permission to write the member attribute Solution summary 8-3: Create Subscription Groups Solution overview Introduction Examine scenarios suited to the use of subscription groups Delegate the Add/Remove Self As Member validated write Provide tools with which to subscribe or unsubscribe Solution summary 8-4: Create an HTA for Subscription Groups Solution overview Introduction Use Group_Subscriptionhta Understand Group_Subscriptionhta Take away lessons in the value of group standards Solution summary 8-5: Create Shadow Groups Solution overview Introduction Shadow groups and fine-grained password and account lockout policies Understand the elements of a shadow group framework Define the group membership query Define the base scopes of the query Develop a script to manage the group's member attribute based on the query, while minimizing the impact on replication Execute the script on a regular interval Trigger the script based on changes to an OU Solution summary 8-6: Provide Friendly Tools for Group Management Solution overview Introduction Enumerate memberOf and member Report direct, indirect, and primary group memberships List a user's membership by group type Display all members of a group Add or remove group members with Group_ChangeMemberhta Give users control over the groups they manage Identify notes and next steps for group management tools Solution summary 8-7: Proxy Administrative Tasks to Enforce Rules and Logging Solution overview Introduction Understand proxying Explore the components of the Proxy Framework Imagine what proxying can do for you Delegate group management to users with increased confidence and security Solution Collection 9: Improving the Deployment and Management of Applications and Configuration Scenarios, Pain, and Solution 9-1: Providing Software Distribution Points Solution overview Introduction Rationalize your software folder namespace Manage access to software distribution folders Share the Software folder, and abstract its location with a DFS namespace Replicate software distribution folders to remote sites and branch offices Create a place for your own tools and scripts Solution summary 9-2: New Approaches to Software Packaging Solution overview Introduction Determine how to automate the installation of an application Identify the success codes produced by application installation Use Software_Setupvbs to install almost any application Separate the configuration from the application installation Install the current version of an application Solution summary 9-3: Software Management with Group Policy Solution overview Introduction Prepare an application for deployment with GPSI Configure a GPO to deploy an application Scope the deployment of an application using application groups Filter the software deployment GPO with the application group Link the GPO as high as necessary to support its scope When to use GPSI GPSI and Microsoft Office 2007 Take it to the next level Solution summary 9-4: Deploy Files and Configuration Using Group Policy Preferences Solution overview Introduction Deploy files with Group Policy Files preferences Push registry changes using Registry preferences Solution summary 9-5: A Build-It-Yourself Software Management Infrastructure Solution overview Introduction Identify the challenges of deploying applications such as Microsoft Office 2007 Prepare a software distribution folder for Microsoft Office 2007 Create a setup customization file Launch an unattended installation of Office 2007 Identify the requirements for a build-it-yourself software management framework Customize Software_Deployvbs to enable application deployment Manage change using group membership Deploy an application using a scheduled task Give users control over the timing of installation Solution summary 9-6: Automate Actions with SendKeys Solution overview Introduction Use SendKeys to automate an action sequence Understand and customize Config_QuickLaunch_Togglevbs Set the default folder view to Details for all folders Automate with AutoIt Solution summary Solution Collection 10: Implementing Change, Configuration, and Policies Scenarios, Pain, and Solution 10-1: Create a Change Control Workflow Solution overview Introduction Identify the need for change Translate the change to Group Policy settings Test the change in a lab environment Communicate the change to users Test the change in the production environment Migrate users and computers in the production environment to the scope of the change Implement more GPOs with fewer settings Establish a GPO naming convention Ensure a new GPO is not being applied while you are configuring its settings Back up a GPO prior to and after changing it Document the settings and the GPO Carefully implement the scope of a GPO Establish a change management workflow with service levels Understand the behavior of client-side Group Policy application Solution summary 10-2: Extend Role-Based Management to the Management of Change and Configuration Solution overview Introduction Scope GPOs to security groups Manage exemptions from an entire GPO Manage exemptions from some settings of a GPO Link group-filtered GPOs high in the structure Maximize group management techniques to control GPO scoping Solution summary 10-3: Implement Your Organization's Password and Account Lockout Policies Solution overview Introduction Determine the password policies that are appropriate for your organization Customize the default GPOs to align with your enterprise policies Implement your password, lockout, and Kerberos policies Implement fine-grained password policies to protect sensitive and privileged accounts Understand PSO precedence Solution summary 10-4: Implement Your Authentication and Active Directory Auditing Policies Solution overview Introduction Implement your auditing policies by modifying the Default Domain Controllers Policy GPO Consider auditing failure events Align auditing policies, corporate policies, and reality Audit changes to Active Directory objects View audit events in the Security log Leverage Directory Service Changes auditing Solution summary 10-5: Enforce Corporate Policies with Group Policy Solution overview Introduction Translate corporate policies to security and nonsecurity settings Create GPOs to configure settings derived from corporate policies Scope GPOs to the domain Enforce corporate security and configuration policies Proactively manage exemptions Provide a managed migration path to policy implementation Determine whether you need more than one GPO for corporate policy implementation Solution summary 10-6: Create a Delegated Group Policy Management Hierarchy Solution overview Introduction Delegate permissions to link existing GPOs to an OU Delegate the ability to manage an existing GPO Delegate permission to create GPOs Understand the business and technical concerns of Group Policy delegation Solution summary 10-7: Testing, Piloting, Validating, and Migrating Policy Settings Solution overview Introduction Create an effective scope of management for a pilot test Prepare for and model the effects of the pilot test Create a rollback mechanism Implement the pilot test Migrate objects to the scope of the new GPO Solution summary 10-8: No-Brainer Group Policy Tips Solution overview Introduction Deploy registry changes with templates or registry preferences Use loopback policy processing in merge mode Run GPUpdate on a remote system to push changes Delegate permissions to perform RSoP reporting Scope network-related settings using sites or shadow groups Avoid WMI filters and targeting when possible: Use shadow groups instead No-brainer Group Policy settings