background top icon
background center wave icon
background filled rhombus icon
background two lines icon
background stroke rhombus icon
header logo icon

Download "Настройка WSUS-сервера и групповых политик - GPO [Основы системного администрирования]"

input logo icon
"videoThumbnail Настройка WSUS-сервера и групповых политик - GPO [Основы системного администрирования]
Similar videos from our catalog
|

Similar videos from our catalog

Video tags
|

Video tags

itskillsup
windows
it
настройка windows
windows server 2016
сервер windows
курс по windows
курс по windows server
windows server 2012
it skills up
групповые политики
gpo
настройка gpo
wsus
wsus сервер
group policy
windows server update service
обновление windows
wsus windows server 2019
wsus windows server 2012
windows server
сервер
Основы системного администрирования
wsus server 2012 r2
Настройка WSUS-сервера и групповых политик - GPO
GPO
wsus gpo
windowsserver
Subtitles
|

Subtitles

subtitles menu arrow
  • ruRussian
Download
00:00:01
Today the following stand was prepared: a
00:00:03
deployed operating system windows
00:00:06
server 2012 on this machine the
00:00:12
following active directory domain services are also installed service the
00:00:18
domain controller itself directly from the directory service
00:00:20
dhcp services and services on ios
00:00:24
respectively this is all already working everything is
00:00:26
running also used as a client
00:00:31
operating system
00:00:33
windows 7 but the current operating
00:00:36
system has
00:00:37
not yet been entered into the domain structure,
00:00:40
let's talk about these
00:00:45
steps
00:00:47
again, accordingly, to
00:00:49
do this you need to go to the control panel,
00:00:52
then you need to go to the
00:00:55
system and security tab, after that
00:00:58
select the system tab on the
00:01:00
left you need to select select
00:01:04
additional system parameters
00:01:08
then select the computer name here,
00:01:13
click change and, accordingly, select
00:01:17
that we will be part of the domain and
00:01:20
write accordingly the name of
00:01:25
our domain, go through ios, then you
00:01:38
will need to enter an account,
00:01:40
namely the administrator account,
00:01:49
and here is the procedure for
00:01:55
introducing computers at home, yes please,
00:01:58
all the computers are successfully installed at home, find
00:02:01
skills about dot ru
00:02:02
after which a
00:02:06
reboot is required on the client machine, so we return
00:02:11
to our domain controller
00:02:15
that here in the server manager there is
00:02:20
such a tab called tools and
00:02:22
here we can find such a
00:02:27
service item users and computers active
00:02:30
directory,
00:02:32
respectively, here you can perform
00:02:34
various manipulations with users
00:02:38
then there are users you can add,
00:02:40
you can delete, you can block
00:02:44
user accounts, but you can also perform
00:02:47
certain actions with them, so now
00:02:52
I propose to do,
00:02:57
I propose to create
00:02:59
divisions that we will
00:03:01
store user accounts in,
00:03:04
well, let's imagine that in this case
00:03:07
the division will be stored as an
00:03:09
account records of the
00:03:10
organization's employees, both by
00:03:16
the department for the charter to protect
00:03:20
the container of accidental deletion, and already
00:03:25
in this department I will create
00:03:27
one user so the user
00:03:34
will be a test user use,
00:03:43
then you need to specify a password for
00:03:45
users also do not forget
00:03:49
about these passwords that are set by
00:03:55
default in the Windows
00:03:58
Server 12 operating system r2
00:04:00
password must
00:04:02
not consist of seven characters contain
00:04:08
uppercase symbols uppercase letters
00:04:11
symbols and numbers like this require a
00:04:16
password change at the next login no
00:04:18
current laboratory bench this is not
00:04:20
required
00:04:22
therefore we will not require a change from the
00:04:25
user
00:04:26
and accordingly we will prohibit
00:04:29
users from changing the password
00:04:31
independently then everything is ready the
00:04:35
account is created so in addition to the account
00:04:39
in the domain controller,
00:04:42
connected computers are also added,
00:04:45
computers we can find in the following
00:04:48
next folder called
00:04:50
computers
00:04:51
here you go, here is a
00:04:54
computer and one I suggest
00:04:59
transferring the user’s personal computer to the created division
00:05:02
because here this folder is different
00:05:05
from the division, I’ll explain why a little later,
00:05:08
so let’s create another
00:05:17
division where we will store the
00:05:19
computers and the name is good, so now
00:05:32
to transfer the added computers, it’s
00:05:35
enough to drag the
00:05:46
sushi to the working system no, it won’t interfere,
00:05:49
everyone please computer we’re with you
00:05:51
moved so now
00:05:56
and now we will move directly to
00:05:58
creating and editing
00:06:02
group policies, respectively, what
00:06:05
are group policies group
00:06:07
policies are certain rules that are
00:06:12
applied to
00:06:15
user accounts and
00:06:24
personal computers,
00:06:26
in turn, the
00:06:30
following two concepts follow from the current definition: this is a
00:06:33
group group policy object and the
00:06:36
Group Policy container, so I
00:06:39
suggest going to the
00:06:42
Group Policy management snap-in and
00:06:44
viewing these things in more detail, let's go here,
00:06:49
in the tools tab there
00:06:53
is a Group Policy management console,
00:06:56
so this is
00:07:01
the console that is presented here,
00:07:04
presented here by the destinies of us forest IT
00:07:07
skills are in this the forest, accordingly,
00:07:11
includes a certain number of
00:07:14
domains and here it is, the IT domain we created
00:07:19
skills of dotka ru
00:07:21
so with regards to group
00:07:24
policy objects from a container in group
00:07:26
policy, a group policy object is a
00:07:31
certain set of rules that we can
00:07:33
apply either to a computer or to an account,
00:07:38
this is just a certain file
00:07:42
in which we will further add
00:07:45
some rules that will be
00:07:47
applied either to the computer or to the
00:07:49
account,
00:07:50
and the Group Policy container is
00:07:52
directly the division itself
00:07:55
that was created in the
00:07:59
Active Directory Users and Computers snap-in, here it is, that
00:08:03
is, these are the
00:08:06
divisions 100 in pisa and domain
00:08:10
controllers
00:08:11
are essentially group
00:08:13
policy containers, and to these containers we
00:08:16
will already apply the
00:08:18
created rule that will be
00:08:20
stored in group policy objects,
00:08:24
so accordingly, where will we
00:08:26
start, let's look at the already created
00:08:33
group policy objects, the first is this
00:08:38
default domain policy, what is it? a
00:08:43
certain set of rules that
00:08:46
was already initially presented in the system and
00:08:52
it is applied to all departments in
00:08:58
our domain controller,
00:09:00
regardless of which
00:09:04
computers and which
00:09:08
accounts are actually used, that is, the
00:09:11
rules created here will be
00:09:13
applied to all devices in our
00:09:16
domain structure like this the next
00:09:20
division is domain controllers
00:09:25
in this division 0 it is in this
00:09:29
container that the policies for the
00:09:33
domain controller are presented,
00:09:36
that is, in our domain system there can
00:09:38
be more than one domain controller,
00:09:40
and the rules specified here will be
00:09:44
applied directly to them, so the
00:09:49
next moment of writing and becoming these are
00:09:54
directly those the divisions that
00:09:56
I created just a minute ago, and
00:09:59
they are automatically displayed here, so let's
00:10:04
go further, this card will
00:10:07
contain all the group
00:10:09
policy objects that we will create here,
00:10:12
they will be stored here in one
00:10:15
place
00:10:17
if our system has a
00:10:21
sufficiently large number of
00:10:25
certain containers then the easiest way is
00:10:29
to make some kind of
00:10:31
editing of these rules
00:10:32
directly from here and further
00:10:36
filters in the world,
00:10:40
respectively, here is a certain
00:10:43
set of filtering rules that
00:10:45
allow us, when creating group
00:10:50
policies, to filter out the rules for
00:10:53
certain operating systems, well, let’s say
00:10:56
in the current one a domain controller is used
00:10:59
based on the
00:11:01
Windows 2012 r2 operating system,
00:11:04
but no one prohibits the use of
00:11:06
client computers running the
00:11:08
Windows 7 and Windows 8 operating systems,
00:11:10
Windows 81
00:11:12
and Windows 10, for each client
00:11:15
operating system there will be a
00:11:19
unique set of
00:11:22
policies, so using the current filters
00:11:26
you can accordingly send each group of
00:11:29
client operating systems
00:11:33
its own rules, so accordingly, for
00:11:36
this, the current filters are used in we
00:11:40
will and May and, accordingly,
00:11:44
the following directories are the initial
00:11:47
group policy objects or
00:11:49
starting group policy objects in the
00:11:52
current directory
00:11:53
contains certain rule templates that are
00:11:59
presented by default we can with
00:12:01
you, take this or that template in which a
00:12:04
certain set of policies will already be presented
00:12:06
and apply it to the rules
00:12:15
that we will create in the future,
00:12:17
be sure to include here a template with an already created
00:12:20
set of rules and let’s edit it somehow
00:12:22
or leave it as is if
00:12:24
we are satisfied with this this is, in general,
00:12:29
some kind of initial set of rules with
00:12:33
group policies, so there are
00:12:41
no questions yet, so let’s move on
00:12:43
accordingly, the first thing you and I
00:12:46
will try to do is create rules
00:12:50
for our entire domain
00:12:55
using the default domain policy policy. In
00:12:57
general, in pirates, Microsoft does not
00:13:05
recommend editing already created ones
00:13:08
group policy objects, that is, these are
00:13:11
the policies
00:13:13
that were already initially
00:13:14
presented and the default domain policy
00:13:16
and default domain controller policy,
00:13:18
but microsoft does not recommend
00:13:22
editing them, but in laboratory conditions,
00:13:25
in general,
00:13:27
this will not harm our system in any way, but in
00:13:29
production and if you you will go more precisely,
00:13:34
you need to create general rules for the
00:13:36
entire domain, then please create a
00:13:39
new creation process, I will show you a little
00:13:41
later, so let's try to
00:13:45
edit an already created policy with a
00:13:48
report in cui si so to
00:13:51
edit it you need to right-click
00:13:53
on the group
00:13:55
policy object and click on the edit button
00:13:58
A snap-in will open for us in which you and I
00:14:01
can edit these same
00:14:06
rules, as I said earlier,
00:14:09
Group Policy Objects can be
00:14:12
applied to computers and to
00:14:16
users like this, respectively, I
00:14:21
suggest setting up a password policy for the
00:14:26
current domain controller,
00:14:29
so for this we go to the computer configuration,
00:14:35
then select policies further
00:14:39
windows configuration
00:14:43
security settings account policy and
00:14:49
remove password policy and here is a
00:14:54
list of what is set by default
00:15:00
to log password and maximum
00:15:02
validity period and so on so here
00:15:07
we will try to change let's
00:15:10
change the complexity requirements
00:15:18
as appropriate I said earlier, we do
00:15:21
n’t have the right to
00:15:24
use simple passwords in the domain structure, so let’s
00:15:29
disable this item and try to create an
00:15:34
account with a simple password,
00:15:36
so the minimum password length
00:15:38
is 7 characters, let’s change it to
00:15:48
so the
00:15:50
minimum password validity period is 1 day,
00:15:54
the maximum password validity period,
00:15:56
let’s let's set not 42 days
00:15:59
years, roughly speaking a month, so all the
00:16:11
GPO we have
00:16:13
edited now the current policy
00:16:16
must be applied to the domain controller,
00:16:23
how this is done, for this you need to
00:16:27
go to the Windows command line
00:16:33
using the key combination win p, call the
00:16:37
line execute and write here cmd
00:16:42
we have a console open in order to
00:16:47
apply the edited policies we
00:16:51
need to write the following command
00:16:56
gpd
00:17:04
milks the space bar hear force so the
00:17:11
policy update is in progress while the
00:17:19
policy update for the computer is completed
00:17:21
successfully the user policy update is
00:17:23
completed successfully
00:17:26
so let's check whether an account is being created
00:17:38
with a simple password I wanted to
00:17:49
see in the west, so on, we perform
00:17:57
similar actions,
00:18:00
broadcast the user password again and
00:18:02
let's give a
00:18:07
simple password consisting of these numbers
00:18:10
and pressed,
00:18:13
the account is created and the
00:18:17
Group Policy group was successfully applied,
00:18:20
so now I propose to consider
00:18:25
creating a group policy for
00:18:34
the divisions we created, we will start with the
00:18:39
com policy with the policy users
00:18:43
for the division becoming so for this,
00:18:47
accordingly, you need to select
00:18:49
the divisions, right-click
00:18:53
and click here create a
00:18:57
GPO in this domain and link it
00:19:02
accordingly, give it a name let it be
00:19:10
ready 1 uk here the process of creating a
00:19:23
GPO is successfully completed if
00:19:28
we go to the tab parameters then we
00:19:30
can see that not a single rule for
00:19:33
this GPO is
00:19:35
set responsibly to edit it
00:19:39
we do the same steps until as I
00:19:42
said now we will create rules
00:19:50
for the user account
00:19:55
so let's go to the
00:20:02
policies tab here administrative templates
00:20:07
components windows, I'm
00:20:16
sorry, not the windows components,
00:20:23
but the control panel, so let's assume
00:20:29
the programs and here let's open the
00:20:33
program page and components so
00:20:48
captivate now let's restart
00:20:59
please now a
00:21:03
certain rule has already been set in the current GPO
00:21:05
and let's now check the
00:21:08
result of the perfect work tank
00:21:14
return to our client machine
00:21:20
this the client is already part of the house
00:21:22
find skills at let's log in with a
00:21:26
user account or how to
00:21:38
write a login it is also necessary to indicate the
00:21:44
name of your house on so or
00:21:52
password
00:22:02
accordingly we have a
00:22:05
loading process going on at some time wait is there a
00:22:10
question us yet
00:22:20
accordingly so that the policy successfully
00:22:23
earned, you need to write a
00:22:28
similar command in the command line
00:22:30
gps data rate
00:23:02
so the policies were successfully received,
00:23:07
there is also a command
00:23:10
with which you can see which
00:23:13
policies were received for this
00:23:17
account, for this you need to use the
00:23:20
drop resort command,
00:23:33
let's see an hour, I
00:23:35
'll do more at the end so that it can be seen like this here you are,
00:23:43
applied group
00:23:45
policy objects and
00:23:48
here is the user configuration, it says how you are
00:23:50
users in which department
00:23:52
no domain and here is the
00:23:56
group policy
00:23:59
gb1 applied accordingly, please note that
00:24:06
only those policies that were
00:24:08
applied for the user are listed here,
00:24:11
what do you think, how can you view the
00:24:14
policies that were applied to
00:24:18
the computer, the question is so I’m
00:24:23
giving a hint to everyone, you can do
00:24:32
exactly the same command, but something needs to be
00:24:34
done with the console, no, I haven’t heard the exact
00:24:47
same command, yes, you
00:24:48
noticed correctly from the administrator, you need to
00:24:50
open the console accordingly,
00:24:52
let’s try to
00:24:57
run the blinking line as administrator
00:25:17
so
00:25:55
let
00:25:56
these administrators have no data, let's then
00:26:00
try to do this with
00:26:02
the administrator account for something here and there is
00:26:05
no such information, okay, let's
00:26:10
see if the policies have been applied so the
00:26:21
program software component of the system the
00:26:24
administrator disabled the
00:26:25
program component and components accordingly the
00:26:27
new policy was successfully applied and it
00:26:32
works so on Next, let's
00:26:40
try to create a
00:26:45
GPO for a personal computer, and
00:26:50
let's try to do this in the created
00:26:56
department for now in which we
00:26:59
have a computer, so
00:27:03
we will work accordingly with the
00:27:07
firewalls parameter, which includes
00:27:11
incoming requests via the rtmp protocol, if
00:27:14
you remember from previous lectures that by
00:27:18
default In Windows operating systems, the
00:27:22
ability to accept
00:27:26
echo requests using the pink command is disabled; for
00:27:30
this purpose, various actions were used:
00:27:33
disabling the firewall;
00:27:35
creating a right rule in this
00:27:37
firewall; and today we will try to
00:27:40
implement this using gp.
00:27:44
let's check that the ping to the
00:27:50
apple-1 computer is not working for us, is
00:28:01
one IT skills of dot ru
00:28:03
address 10005 to make sure that this
00:28:08
computer has such an address, let's
00:28:11
look at it please 10 number 5 pink is
00:28:19
not working so let's create rules
00:28:24
that would allow us perform these
00:28:27
same actions,
00:28:29
so on the pipi unit, click
00:28:34
create a group policy object,
00:28:36
let's call it lair, now we need to
00:28:43
edit it, here we will
00:28:54
use the computer configuration,
00:29:00
remove the policies, administrative
00:29:08
templates,
00:29:10
network parameters, now like this for a second,
00:29:49
and
00:29:58
rotation is not pepe brush parameters, but
00:30:00
network connections,
00:30:02
and here already accordingly, select the
00:30:06
windows firewall,
00:30:09
so then select the domain profile and
00:30:15
here there is a certain number of
00:30:17
rules for small ones,
00:30:20
so we need to allow access via the a
00:30:23
and sentry protocol, which will give us the
00:30:27
opportunity to send a ping to the
00:30:30
client machine, so right-click on it
00:30:34
to change, so let's
00:30:37
see what is presented in In this
00:30:39
rule,
00:30:40
we will turn it on first, that here
00:30:45
to allow outgoing traffic, this is allowed, then
00:30:48
why do penguins, then allow an echo
00:30:52
request in incoming traffic,
00:30:53
click the apply checkbox, so now
00:31:06
let's
00:31:07
catch
00:31:24
you, please, the rule
00:31:27
has appeared that now we need this
00:31:32
rule, it will lead to the client machine,
00:31:39
brought it,
00:31:59
so we are waiting for application policies here
00:32:01
you go policy was applied pack
00:32:22
if we can’t view this let’s
00:32:24
just try the astral peak and where
00:32:40
please echo requests go through successfully
00:32:46
let’s still figure it out with Amanda
00:32:54
cut out
00:33:14
here in the
00:33:15
domain controller Monica we can
00:33:18
see with you accordingly if you
00:33:19
log in on the client machine with an
00:33:21
administrator account open the console
00:33:24
from under the administrator and then writing the
00:33:28
command gp result slash
00:33:31
will open full information on the topic of
00:33:36
what policies are strictly speaking and
00:33:40
applied so questions regarding
00:33:49
group policies there seem to be
00:34:01
no questions yet if anything I will always
00:34:07
be happy to answer them so we move
00:34:11
on according to the next section
00:34:16
our lectures, this will be directly
00:34:19
installing and configuring the service with
00:34:23
windows server of dried service, the
00:34:27
first thing you need to do is
00:34:30
prepare your current machine a little for installing the
00:34:38
drone of this service, the first thing you need to
00:34:41
do is disable the
00:34:44
enhanced security of the Internet Explorer browser
00:34:48
if you have ever worked on the
00:34:51
Internet Explorer browser in the
00:34:54
operating room Windows server system, then
00:34:56
you may have encountered such a
00:34:57
problem when, after going to some
00:34:59
site,
00:35:00
a window is displayed that requires you to
00:35:03
constantly confirm that you can trust
00:35:07
this site;
00:35:08
in fact, this can be easily
00:35:11
resolved by going to the server manager
00:35:15
and selecting the local server tab on the left
00:35:18
in the properties section. discover
00:35:20
such an item in the enhanced
00:35:22
security configuration of Internet Explorer and by
00:35:25
default this tab is
00:35:26
enabled for you, so you need to disable it
00:35:37
fans
00:35:38
what so now let's not
00:35:46
forget to log in under the
00:35:51
administrator account on the client machine in the
00:35:55
future this will be required as people
00:36:20
are preparing the desktop like this
00:36:25
Now I will
00:36:27
start installing the service sauce in
00:36:32
order to install any service on the
00:36:34
windows server
00:36:35
you need to click on controls add
00:36:38
roles components
00:36:41
so on and on hit the server By the way,
00:36:46
speaking about the server selection tab,
00:36:51
if you can notice here you can
00:36:57
select this or that server, this is done
00:37:00
for so that if our system has a
00:37:06
certain number of servers based on the
00:37:08
windows server operating system,
00:37:11
let’s assume that some servers I work
00:37:14
without a graphical interface have a
00:37:18
version of windows server installed on them,
00:37:20
something like core, respectively,
00:37:25
with such servers you can manage
00:37:26
using the command line or command
00:37:30
line, which is called the power shell,
00:37:32
or their management of these servers can be
00:37:38
carried out remotely from another
00:37:40
server using a graphical interface, that’s
00:37:45
because this approach is
00:37:48
faster and more convenient because the
00:37:53
command of years, cmdlets and functions are higher,
00:37:56
they are quite large and cumbersome, and that’s why
00:37:59
in the current An operating
00:38:05
system with a graphical interface has
00:38:07
such a possibility of remote
00:38:09
remote control of other servers,
00:38:15
so with regards to installing various things, it’s
00:38:20
difficult, so accordingly, we
00:38:23
will install the windows server public
00:38:26
service service, so
00:38:32
matching the components, it is mandatory to
00:38:36
install the component
00:38:41
. net framework
00:38:43
35 and it is imperative that this component
00:38:47
shouts itself version no framework 20 and
00:38:52
30
00:38:53
that's what it's needed for I'll tell you a
00:38:56
little later
00:38:57
when we get to this accordingly
00:38:59
when it's required so
00:39:03
select the next point these are
00:39:07
role services
00:39:09
respectively for the operation of the windows
00:39:13
server service update service I remind you that this
00:39:16
service is necessary in order to be able to
00:39:18
centrally
00:39:21
install updates on client
00:39:23
or server operating systems for
00:39:25
monitoring vitamins; for this service, a
00:39:28
certain database is required that would
00:39:31
bury about itself, which would store
00:39:34
information about those updates
00:39:37
that will be downloaded and installed
00:39:42
accordingly, the database can be
00:39:46
provided directly by the
00:39:48
wsus service itself,
00:39:50
or it’s windows internal do the
00:39:55
bass is called with data bass, or
00:39:58
some kind of external database, an external database
00:40:01
can be, for example, a mssql database, it
00:40:05
can be stored both on this
00:40:10
computer and let’s say on some
00:40:14
other separately dedicated database server, in
00:40:17
accordance with we leave everything by
00:40:19
default, we will work with a database
00:40:23
that will be
00:40:26
presented accordingly by default, it will be
00:40:30
configured accordingly and
00:40:33
will be completely ready for
00:40:35
use, but such a database is not
00:40:39
recommended when using a large
00:40:42
domain
00:40:45
next point here you need to
00:40:47
select the path in which the downloaded update will be stored,
00:40:54
in turn, the court server will
00:40:57
connect to any
00:41:00
Microsoft server, do not download
00:41:03
updates for
00:41:05
certain operating systems directly from there, and
00:41:08
here you need to specify the path where
00:41:12
these will still be stored the most
00:41:14
updates for this you need to have a
00:41:19
sufficiently large amount of disk
00:41:22
space and create a directory where there is a
00:41:31
place I will create
00:41:33
on disk c
00:41:34
for now I will write everything is more convenient to install from
00:41:48
you, also of course it is not recommended to
00:41:53
do this in the system partition, it is better to
00:41:56
install the system on a fast
00:42:00
ssd- disk and some additional
00:42:02
files, some updates should be stored on
00:42:07
another hard drive, and an even better
00:42:09
option would be to use
00:42:11
some kind of data storage server from
00:42:15
the move; also, for the service to work in Souss,
00:42:22
servers from and down are required; this is a
00:42:29
service in the operating system windows
00:42:32
server which works with
00:42:35
protocols such as http and https
00:42:38
in fact the service of which is a
00:42:40
web server,
00:42:43
respectively, in addition to ftp
00:42:45
in addition to the web server, there are still quite
00:42:49
a lot of different components on the
00:42:52
server you can deploy an
00:42:56
ftp server
00:42:58
so the service and services will work successfully
00:43:03
from will be discussed at the
00:43:05
next webinar it
00:43:11
will be discussed in sufficient detail further there is
00:43:31
accordingly we do not change anything on the wife
00:43:33
stole
00:43:34
so automatic restart of the final
00:43:37
server if the program requires it
00:43:42
so click install the
00:43:46
installation process is quite slow but
00:43:50
within three to five minutes
00:43:54
this service will be installed
00:43:57
so while the installation procedure is taking place accordingly,
00:44:00
I am ready to answer any
00:44:02
questions you are interested in, please do not
00:44:05
hesitate to write in the chat or ask
00:44:08
them by voice I am ready to answer everything that
00:44:11
you have, everything that interests you
00:44:14
regarding your course, these topics are
00:44:28
already a.k.
00:44:35
carried out ready to decipher
00:44:37
group policy,
00:44:50
but this is if you don’t literally translate
00:44:54
group policy words synonyms
00:45:01
synonyms
00:45:13
[music]
00:45:30
so while
00:45:33
the installation is taking place, let’s check that everything is fine in the browser so
00:45:38
that further smartness is required if
00:45:41
I go to the site the index will open without
00:45:47
any additional batteries
00:45:49
yes please everything opens everything works well
00:46:09
which rules to set first,
00:46:17
accordingly the rule of the first ones what
00:46:21
rules need to be set these all rules
00:46:25
are discussed in the
00:46:26
login department depending on what
00:46:31
your users will do on their
00:46:33
workstations well, as a rule, they
00:46:34
try to block some
00:46:36
administrative services like me let’s say
00:46:39
in an example the service for not blocking
00:46:44
access to uninstalling programs would
00:46:49
prevent users from
00:46:50
deleting some components and,
00:46:54
accordingly, the ability of
00:46:57
users to install
00:46:59
anything to save something is blocked, or a
00:47:04
certain type of file is prohibited for
00:47:08
users to save,
00:47:16
try these
00:47:18
rules like this Regarding
00:47:20
policies,
00:47:24
I understand the ship on the throne won’t help here
00:47:28
no the password policy can be edited
00:47:30
by creating a new rule,
00:47:34
that is, if let’s say I go to the
00:47:39
Group Policy Management snap-in by
00:47:44
clicking on replace and go domain skills are
00:47:48
I can create a GPO here,
00:47:50
let’s assume I’m ready and
00:47:55
this is the newly created rule,
00:47:58
just like the previous ones, it will be
00:48:00
applied to the entire domain structure,
00:48:05
but I didn’t do this, I just
00:48:08
showed the
00:48:12
default domain policy object as an example, here you go,
00:48:15
you can edit it, well,
00:48:20
you can create a new one, no one
00:48:23
prohibits anything but microsoft does not
00:48:26
recommend editing
00:48:28
directly already created rules, it’s
00:48:34
so fun, don’t tell us how to check a
00:48:37
downloaded update, remove similar
00:48:39
update filters for users,
00:48:41
we won’t create specific filters,
00:48:43
we’ll look at how to
00:48:47
connect to the server accordingly,
00:48:50
how to set up group policy for the
00:48:55
current server and how to
00:48:58
differentiate between updates for different
00:49:01
operating systems, that is, so that
00:49:06
Windows 8 receives an update only for
00:49:08
Windows 8,
00:49:13
so we will do it in sufficient
00:49:21
detail, so what are the gp rules, blue
00:49:28
prohibiting, allowing the last one, so there is
00:49:38
no such gradation according to which
00:49:42
stronger allowing or prohibiting
00:49:46
rules are there that apply to the entire
00:49:50
domain?
00:49:51
rules that apply to
00:49:54
divisions,
00:49:55
and there are rules that apply to
00:49:58
divisions within divisions,
00:50:01
here there is such a gradation of these
00:50:04
rules, that is, let’s say, for example, I
00:50:08
created a gp3 policy and did not apply
00:50:15
any actions and all these
00:50:17
rules will not apply to the
00:50:19
entire control for the water cannon, based on
00:50:26
this, I can let’s
00:50:31
create another group
00:50:33
policy object in the pipi department and
00:50:36
perform other actions with the same rules, just like that,
00:50:51
please windows server blade
00:51:00
service has been successfully installed, let’s
00:51:03
close the group policy for now, they do
00:51:05
n’t interest us now,
00:51:07
so launching the initial tasks, let's
00:51:12
run
00:51:39
where I am, despite the fact that
00:51:43
I had password policies applied to the entire domain controller,
00:51:45
I can, in general,
00:51:48
in department 100, or, most likely,
00:51:53
in the department for now, create a rule with
00:51:57
other password policies, and this
00:51:59
will be applied directly
00:52:03
the policy that is stored in so
00:52:14
far and everything has loaded, let's
00:52:24
wait for half a minute, the
00:52:42
installation procedure has completed successfully,
00:52:46
now we directly need to go to the
00:52:52
procedure for setting up the service itself, for
00:52:55
this we go to the server manager in the manager,
00:52:57
there we specify the windows
00:53:04
server update service and here we are
00:53:13
greeted by the setup wizard
00:53:14
windows server services declare a service so on,
00:53:21
yes, I want to participate in the program
00:53:24
to improve the quality of the update center no,
00:53:25
I don’t want to,
00:53:28
you can set a higher-level service
00:53:31
that will waltz
00:53:32
to synchronize the update,
00:53:34
respectively, that here
00:53:40
you can assemble a whole topology from cos servers, that is,
00:53:45
if our organizations have a wide enough
00:53:49
domain structure, quite voluminous
00:53:51
where there are several trees,
00:53:55
several domain controllers, and in the
00:53:59
root domain of our forest, let’s say
00:54:04
there is an update center, a court server,
00:54:10
more precisely, which connects to the
00:54:13
Microsoft update server, and let’s say those
00:54:17
update servers that are located in
00:54:19
subordinate trees can
00:54:21
interact directly with this
00:54:26
court server, but in our case,
00:54:30
the organization consists of one forest
00:54:32
tree domains and we
00:54:36
will synchronize directly with the
00:54:39
microsoft update center, so then
00:54:43
we are offered the use of
00:54:46
one or another proxy server,
00:54:48
we also do not have proxy servers on the network, so
00:54:52
we click next, so further here the
00:55:01
synchronization procedure with
00:55:04
windows server will take place update service which
00:55:08
is on the Microsoft side,
00:55:12
that is, we will connect to the
00:55:14
update server of the public network,
00:55:18
and this may take quite a
00:55:22
long time, namely somewhere
00:55:25
around twenty, maybe 25 minutes,
00:55:30
so let’s start the connection
00:55:43
DNS server can be made a proxy ru
00:55:46
only this will work a little
00:55:49
in a different way, yes, let's say while we're
00:55:54
loading, I'll explain and answer
00:55:56
this question: how it works, how
00:56:00
exactly does a proxy work? It needs to be on the server, let's
00:56:02
assume there is some kind of website,
00:56:10
this website is located on two
00:56:14
servers, so here it is on the ground it is
00:56:32
located both here and here,
00:56:41
each server has its own pi
00:56:45
address, so let it be IP address 1 and
00:56:51
this one will again have Fig. 2,
00:56:52
but this site is the same, both in the
00:56:57
first series
00:56:58
and in the second, but this site is available in
00:57:01
two different addresses and for this
00:57:04
there is a so-called
00:57:06
dns proxy, essentially what does this
00:57:09
dns proxy do on this data server, the
00:57:20
following settings are created, it
00:57:23
responds accordingly, and the entry for the
00:57:28
domain name site.ru, so
00:57:45
it sends to the user either
00:57:49
IP address 1 or 5, like this Of course,
00:57:57
load balancing is deployed on this server;
00:57:58
some part of the data request, the dns server
00:58:02
should be defined here;
00:58:23
.
00:58:25
please configure, is
00:58:39
it possible to create a
00:58:44
GPO for one post, if so, why
00:58:48
not?
00:58:53
GPOs are applied to the container, and in the
00:58:56
container you can have
00:58:58
anything you can have accounts
00:59:01
users, you can have
00:59:03
computers there, you can have
00:59:05
groups users, let's say in the
00:59:09
Active Directory Domain Services snap-in you can
00:59:15
create user groups now I'll
00:59:21
move on
00:59:23
let's say there is a so-called becoming
00:59:25
here you can create a group object give
00:59:28
it some name to this group
00:59:30
add users
00:59:31
please the policies will be applied
00:59:33
to the current group
00:59:36
so well, I suggest in more detail
00:59:39
describe the infrastructure for what and why they
00:59:45
are used in the local network in
00:59:48
court servers
00:59:49
let's assume that we have a certain
00:59:55
company in this company there are, roughly
01:00:04
speaking, four employees and four
01:00:07
computers I will not draw, I will write 4 we have
01:00:13
4 of them, these computers
01:00:19
work under the control The operating
01:00:21
system of the Windows system does not matter which one, and of
01:00:26
course the Windows operating system
01:00:29
requires
01:00:30
almost weekly installation of
01:00:33
various updates for the correct
01:00:35
operation of the system, so these
01:00:38
four users, of course, have
01:00:40
access to the Internet
01:00:42
and on the Internet, let’s now
01:00:52
draw a cloud schematically and from the first
01:01:03
Frau from as an Internet service the provider
01:01:06
has access to the Internet and somewhere on the
01:01:13
Internet there is a server that stores an
01:01:17
update for operating systems,
01:01:20
so let me write and from the update server,
01:01:33
accordingly, an update package
01:01:35
for the Windows 10 operating system has been released,
01:01:39
suppose this update package
01:01:42
weighs 2 gigabytes and each user
01:01:46
starts downloading it update through
01:01:51
it turns out this here this
01:01:54
channel this channel with
01:02:02
Internet access but suppose it works at a
01:02:04
speed I
01:02:06
don’t know 100 megabits 100 megabits per
01:02:13
second the total total volume
01:02:18
will be what I said 2 gigabytes
01:02:21
update package but the total volume of such an
01:02:24
update package will be be 8
01:02:27
gigabytes, but 8 gigabytes will,
01:02:29
in principle, pass successfully through such a channel, but if
01:02:34
let’s say the company has grown and the total
01:02:37
volume of workstations has increased, the
01:02:44
company already has 400 jobs and when
01:02:49
each computer starts downloading
01:02:52
updates that weigh about two
01:02:54
gigabytes through a channel that has a volume of
01:02:57
100 megabytes per second, then naturally such a channel
01:03:00
will not work for a long time; a
01:03:02
router that stands on the border
01:03:04
between a
01:03:05
local wide area network may
01:03:09
fail for some time;
01:03:11
well, usually modern routers
01:03:15
still have a simple cure; they are cured by rebooting,
01:03:18
but of course
01:03:21
there is no point in rebooting it every time, and that’s what it was for a
01:03:25
certain way has been invented to solve
01:03:31
this problem, what does it consist of, the
01:03:37
same number of computers,
01:03:56
but already on the local network a so-
01:04:01
called court server wsus server appears, like
01:04:19
this, let’s schematically press everything like this
01:04:42
and the global one and damn the server, what
01:04:47
happens in this case,
01:04:50
let’s assume the same the number of
01:04:54
workstations that work, roughly speaking, on the
01:04:56
same operating system, an
01:04:58
update package has been released that weighs
01:05:02
2 gigabytes, if the previous topology
01:05:05
each computer started its own instance
01:05:08
that weighs 2 gigabytes through one
01:05:11
channel, then in this case you have sos
01:05:15
servers sos connects once
01:05:20
downloads these updates to a global server
01:05:24
and only then distributes
01:05:31
these updates to 400 computers. What we
01:05:39
have here,
01:05:40
firstly, we have centralized
01:05:43
centralized management of these
01:05:44
updates, you can accordingly
01:05:47
filter these updates even
01:05:49
manually, you can view and, in fact,
01:05:53
somehow discard them, among other
01:05:57
things users who are on the
01:06:00
user's computer on which these
01:06:02
updates will be installed, they generate and
01:06:05
send a report about
01:06:12
whether this update was installed,
01:06:14
whether it was installed successfully or whether it did not
01:06:15
stop, and the administrator can
01:06:18
look at it and
01:06:20
where some
01:06:23
problems occurred, fix them, that's
01:06:27
all necessary for centralized
01:06:29
management of these updates; there are
01:06:35
no questions yet; in the
01:06:42
meantime, the synchronization process to the
01:06:47
global update server has come to
01:06:50
an end;
01:06:52
yes, I warn you once again;
01:06:54
this procedure is quite long,
01:06:57
so if you encounter this,
01:07:00
please don’t be afraid; there’s no need to cancel anything; it
01:07:02
just takes some time
01:07:03
wait,
01:07:05
of course, if you have a licensed
01:07:09
Windows server operating system,
01:07:10
downloaded the social site and if you have
01:07:13
access to the Internet,
01:07:15
the connection to the global Microsoft server update
01:07:19
will happen successfully, so
01:07:25
we move on, select languages
01:07:28
here, accordingly, you need to select
01:07:30
in which languages
01:07:33
the update will be installed by default, the site is English
01:07:36
Russian, I think the fact that this will be
01:07:37
quite enough further products here
01:07:42
you can choose which products will be
01:07:44
used for updating which
01:07:49
products here we will update so
01:07:53
accordingly here is a fairly large
01:07:56
list so the office is
01:08:02
not needed so just updating
01:08:12
windows windows 7
01:08:13
is used as a client operating system
01:08:16
let's accordingly installed an
01:08:18
update for this system
01:08:22
further classes here you can select a class
01:08:26
and certain updates accordingly
01:08:28
below there is a description you can read this
01:08:30
description
01:08:31
I will install I will additionally
01:08:34
add of grace Do you like the operating
01:08:36
system update Well of course by default I
01:08:41
put critical updates update
01:08:44
definition or security system update the
01:08:48
minin driver where there is also not necessary
01:08:52
further here, accordingly,
01:09:00
synchronization occurs with the microsoft update center,
01:09:04
respectively,
01:09:06
we have already carried out one synchronization with you, you
01:09:10
can also synchronize manually
01:09:13
or synchronize automatically,
01:09:17
we’ll work on this a little later, so we have
01:09:23
already completed the initial synchronization,
01:09:25
so we won’t run it
01:09:28
in general, the entire installation
01:09:33
was successful, so
01:09:38
the console opened accordingly, the snap-in update
01:09:44
service was opened for computer users, I’ll cover it, I’ll
01:09:51
close it here, respectively, select
01:09:54
our machine, so update,
01:10:06
let’s look at the update yet,
01:10:15
since we haven’t started synchronization,
01:10:18
critical
01:10:26
updates, security updates and
01:10:28
updates will be presented here directly for
01:10:30
SUS servers and here, accordingly,
01:10:31
all updates are aggregated and so
01:10:36
here is the computer equipment here
01:10:40
all the computers that
01:10:42
will be connected to our system update
01:10:47
service will be presented here accordingly here you can
01:10:50
create certain groups
01:10:51
of computers to these groups computers of
01:10:54
computers apply certain
01:10:56
updates and then further how to
01:11:00
work with this
01:11:08
so slave servers, as I
01:11:12
said earlier, on the server using the
01:11:18
asus server, you can create a shallow map where
01:11:20
we will have a main court server that
01:11:24
will connect to the Microsoft update server
01:11:27
and download updates from there,
01:11:30
and the slave servers
01:11:32
will directly connect to the main server and they take the
01:11:35
update directly from him and
01:11:39
so, accordingly, synchronization
01:11:45
one synchronization we have already completed with you
01:11:59
has not yet been displayed, well, reports
01:12:13
in this snap-in will be stored reports on the
01:12:21
updates performed on the client machine,
01:12:24
in fact, each computer, after
01:12:27
installing or not installing
01:12:29
the update, will generate a report and sends
01:12:31
them to the cos server and already on this server
01:12:35
you can view all these reports centrally,
01:12:37
but for now we cannot do this,
01:12:39
for this you need to install the
01:12:43
microsoft report view 2008 package,
01:12:47
I suggest going to the microsoft website and
01:12:50
directly downloading it from here,
01:12:56
so the fruit is dry after all
01:13:05
So, accordingly, the
01:13:09
procedure for installing this update is going on,
01:13:16
and by the way, during the installation process,
01:13:20
problems may arise in the second step, and the problem is
01:13:23
due to the fact that the computer
01:13:26
does not have a
01:13:27
certain
01:13:30
add-on microsoft.net framework
01:13:31
version 2.0 on the server, namely version 20 2.3.5
01:13:38
here Accordingly, when I installed the
01:13:43
SUS service on this computer, I focused on
01:13:46
this, please keep this in
01:13:48
mind,
01:13:52
so let’s wait a little until the
01:13:55
entire installation procedure is installed successfully,
01:13:59
so, of course, until
01:14:04
no report opens, let’s not
01:14:08
forget what operating
01:14:09
system we are working on and that this
01:14:12
operating system
01:14:13
needs constant restarts so
01:14:24
the parameters are directly in the parameters
01:14:27
aggregated aggregated all the
01:14:29
actions that we performed in the SUS
01:14:31
settings wizard, well, let’s
01:14:35
briefly go over them the source of
01:14:39
updates with these points we have already
01:14:43
met here, select either a
01:14:49
Microsoft line server or another the court server
01:14:52
can also be specified as a proxy, so here,
01:15:01
in fact, you can select the products
01:15:05
for which updates will be downloaded and
01:15:10
subsequently installed, and
01:15:12
also classes, here they are,
01:15:16
upgrades, drivers, critical updates,
01:15:18
and so on, so files and language, let's
01:15:24
see what the update files are here,
01:15:29
look here there is such a very important one
01:15:31
item download update files to the
01:15:33
server only after the
01:15:35
updates are approved after they have
01:15:39
occurred, the synchronization process has occurred
01:15:40
on the wsus server, a
01:15:44
certain number of updates are received
01:15:46
from a dense or other operating
01:15:50
system, these updates must be
01:15:53
approved without fail,
01:15:55
approval of these updates occurs
01:15:58
either manually or automatically
01:16:00
but this must be done without fail if I
01:16:04
go to
01:16:05
all updated all updates are not
01:16:11
yet displayed here there is
01:16:14
a tab not approved and approved
01:16:17
based on this I
01:16:20
can accordingly draw some further conclusions
01:16:24
so the
01:16:32
organization schedule accordingly is selected here
01:16:41
when you can select
01:16:50
synchronization parameters how many times per day and,
01:16:54
accordingly, the time interval analysis of
01:16:56
the organization
01:16:57
so well, accordingly, we wo
01:17:00
n’t change anything here for now so automatic
01:17:05
approval
01:17:06
here, accordingly, there is a certain rule
01:17:09
with the help of which you can automatically
01:17:15
approve all sent updates, so
01:17:22
either we approve them automatically or
01:17:25
manually filter them and then some
01:17:27
we approve, some we don’t, let’s leave
01:17:31
all updates to be applied automatically,
01:17:36
and so on, here’s another interesting
01:17:40
point: at the moment, we haven’t
01:17:47
added our computers to the system in any way;
01:17:51
pour the service; this can be done manually
01:17:55
on each computer individually;
01:17:59
this can also be done using a
01:18:01
group policies so that the computer
01:18:04
automatically connects to the wsus server
01:18:06
and requires certain updates from it
01:18:09
in advance, let's
01:18:11
accordingly check this
01:18:15
box to use
01:18:16
group policy or registry settings on the computer,
01:18:20
let's check it so that in the future you
01:18:22
can automatically connect to the
01:18:25
local server
01:18:28
so the report information is accordingly
01:18:31
collection of reports from slave servers, so
01:18:41
notification by email
01:18:43
if certain reports are generated
01:18:47
from user
01:18:48
computers, these reports can be
01:18:49
automatically redirected to the
01:18:53
system administrator's email,
01:18:55
so a quality improvement program, but these are
01:18:58
standard reviews from Microsoft,
01:19:01
we have already encountered this like this
01:19:05
personalization,
01:19:07
well, accordingly, these are additional
01:19:10
parameters for the servers subordinate to the court,
01:19:14
and the last point is directly the
01:19:18
server setup wizard sauce, that is, we
01:19:22
still have the opportunity to go through this
01:19:28
setup wizard like this, now I suggest not
01:19:32
going directly to creating
01:19:37
group policies that will allow us to
01:19:42
automatically connect clients to the
01:19:45
court server,
01:19:46
accordingly, for this we go to the
01:19:49
computer tab all
01:19:54
morning and here you need to add a group of
01:19:59
computers, the group we will
01:20:05
call for now
01:20:06
and then using group policy we
01:20:11
will redirect all our computers
01:20:15
to this group and one more
01:20:24
thing the court server works according to the protocol
01:20:29
https using the port I made a mistake, I'm sorry the
01:20:34
sus server works on the http protocol and
01:20:38
uses port 8530 also in court the server
01:20:47
can work on the https protocol
01:20:49
use port 80 531, respectively,
01:20:54
so we deployed the sus server and what elements
01:20:58
as elements and trouble shooting
01:21:00
it wouldn’t hurt to check if ours is available a
01:21:04
computer on such a domain name with
01:21:07
such then, as a matter of fact, this
01:21:12
can be done, who will tell me in the chat, here’s
01:21:23
how to check that certain sports are
01:21:25
available at such an address, well, at
01:21:27
some address and at the back port,
01:21:31
no one knows
01:21:47
now I
01:21:49
went to check this, you can install
01:21:59
tons of session accordingly,
01:22:03
there is now such a protocol
01:22:05
called the telnet protocol, this
01:22:09
protocol is analogous to the ssh protocol
01:22:12
and is used for remote connection to the
01:22:15
console of either a personal computer
01:22:19
or a server,
01:22:21
but ssh works, more precisely, it will
01:22:25
work, it
01:22:26
can work without authentication without
01:22:28
entering an additional login and password, and
01:22:33
it can work, or rather, it doesn’t work without
01:22:38
data encryption, that is, everything that we
01:22:41
do within the telnet session will not be
01:22:46
encrypted and an attacker can
01:22:48
view it if this data
01:22:51
passes through some public network, which is
01:22:54
why it will touch,
01:22:57
well, firstly, it works using a
01:23:03
transport layer protocol which is called
01:23:05
a circuit and to connect to the cartridges, in
01:23:10
principle, nothing special is needed,
01:23:14
the main thing is that the client has the so-
01:23:16
called kilowatt clients,
01:23:18
so to install the
01:23:20
Thone client on the Windows operating system, you
01:23:22
need to go to the
01:23:25
control panel, select the system tab,
01:23:28
select the programs tab, programs and
01:23:32
components, I
01:23:34
draw your attention that I’m already on the
01:23:37
client under the
01:23:39
domain administrator account,
01:23:42
so installing a new program is in the wrong place,
01:23:47
so turning on and off components and the
01:23:49
nose, and here there is such a tab
01:23:58
called client no, so let’s
01:24:03
click on it and install it. By the
01:24:14
way, with the help of this,
01:24:17
you can check the moment of connection accessibility
01:24:19
not only of
01:24:21
port 83 51-a of any other,
01:24:25
but the most important thing is that the
01:24:28
TCP protocol is used at the transport
01:24:32
level, give it
01:24:42
a try, accordingly here you can
01:24:53
specify the full domain name the
01:24:55
full domain name includes the
01:24:58
name of the computer here and one and
01:25:02
the name of the domain that are used
01:25:04
in the domain network,
01:25:05
respectively we also write 1 here.
01:25:10
ils about to go
01:25:16
skill up. and specify port 8530 so until
01:25:46
if I do more than one second
01:25:51
be able to here and one here and one here and
01:25:57
one.
01:26:00
go with you too.
01:26:11
ru
01:26:26
the connection was successful
01:26:27
as I determined it essentially
01:26:32
after I wrote the command 10 dollars
01:26:35
no disi 1.
01:26:37
these skills of dot ru and indicated the port I
01:26:40
failed in the process please and
01:26:44
here this information was here you are
01:26:48
welcome if let’s say I try to
01:26:50
write 8539 the
01:27:00
connection process will happen before and then the
01:27:02
error will appear accordingly like the
01:27:05
previous times when I incorrectly
01:27:07
specified the domain name it’s
01:27:10
not natural that you take it Let’s not
01:27:14
just use the console for half an hour; there needs to be
01:27:16
close connections, so now
01:27:20
I suggest setting up
01:27:22
group policies for the service with OS; for
01:27:28
this, accordingly, go to the
01:27:29
group policy management; here,
01:27:33
select the writing unit and pay
01:27:36
attention to what you and I
01:27:38
had prepared in advance was prepared
01:27:40
the division in which only computers were stored is
01:27:42
just for him,
01:27:45
for this division in which
01:27:47
only computers are stored, we will
01:27:50
create our rules because the server
01:27:53
with the node works only with computers; it is
01:27:55
not interested in the account and may
01:27:57
only need a computer with the
01:27:59
Windows operating system like this let's give a
01:28:13
group policy object called
01:28:15
sus so let's try to do it here
01:28:21
firstly let's go to change
01:28:26
this object
01:28:31
so computer configuration then
01:28:38
administrative templates system
01:28:54
so not system windows components and
01:29:01
here windows update center
01:29:03
so let's do it again
01:29:14
computer settings policies administrative
01:29:21
templates windows components
01:29:24
center windows updates and here the
01:29:28
necessary
01:29:31
policies are presented, so accordingly, here
01:29:38
we need to edit the first
01:29:40
thing we need to edit is to
01:29:41
directly indicate the location of the
01:29:45
microsoft update service on the intranet,
01:29:50
respectively, using this rule,
01:29:52
clients will receive at what exact address and
01:29:56
at what exact port
01:29:58
the server will be located update so
01:30:08
turn off slash slash
01:30:11
1 .
01:30:13
go about .
01:30:18
ru and you definitely need to specify the port on
01:30:20
which connections will take place
01:30:23
8530,
01:30:30
respectively, the first is our
01:30:34
server itself from which
01:30:36
the update will be downloaded and the second is the server that
01:30:38
will collect statistics,
01:30:40
we have this same machine, by the way, we already have
01:30:44
information about statistics configured
01:30:48
this way we use
01:30:53
and we will filter so that the first rule
01:30:55
is always enabled so that we can also
01:31:00
configure the second point, which is to allow the
01:31:07
client to join the target group.
01:31:10
I remind you that in the computers section we
01:31:16
created a certain group of computers to
01:31:19
which we will add
01:31:21
personal computers, so this is
01:31:26
exactly the rule it is necessary so
01:31:27
that our computer and those computers
01:31:33
that will be located in the
01:31:36
Perry letter department are sent to this
01:31:41
group, for this, in fact, it is not
01:31:43
necessary and we indicate the name of this target
01:31:47
group is called for songs, so you
01:32:06
can also specify the automatic update setting within the current rule
01:32:11
when exactly and at what time the
01:32:14
client machines will be updated
01:32:17
accordingly in the
01:32:19
automatic update settings let's
01:32:20
indicate
01:32:21
point 4 automatic download and
01:32:23
installation on a schedule here
01:32:26
accordingly set the schedule
01:32:27
suppose every Monday and time
01:32:32
12:00
01:32:37
colleagues
01:32:38
I remind you that in case of such a
01:32:43
schedule for employees of the organization it
01:32:45
is necessary
01:32:46
warn about it, not just in words,
01:32:49
do it so that this schedule is
01:32:53
documented somewhere and so that all
01:32:55
employees sign
01:32:57
this document like
01:33:02
this and the next moment is the
01:33:09
reboot delay during planned
01:33:11
installations so accordingly, here,
01:33:22
using this rule, you can set the
01:33:26
time within which the user
01:33:31
will see a notification that the
01:33:33
updates have been installed and will
01:33:34
reboot, and here you can
01:33:39
specify the time in minutes after which the
01:33:42
computer will reboot after
01:33:44
this notification is displayed, then let’s say
01:33:47
let’s substitute 15 minutes so that
01:33:50
the employee has time to
01:33:51
save everything necessary and the computer has
01:33:55
successfully rebooted, so we’ll
01:34:00
press OK so, in general,
01:34:07
rule 4 we have set up such basic ones here,
01:34:11
so the placement has indicated the target group, the
01:34:14
update schedule has been indicated, the reboot delay has been indicated, the
01:34:17
same as the
01:34:20
next point, rather this rule is
01:34:25
configured for reinsurance, so
01:34:29
we go to the windows configuration in the
01:34:35
same section of the computer policies, here
01:34:38
we select security parameters
01:34:43
system services Here, accordingly,
01:34:47
all the services that will be
01:34:50
launched on client machines are presented and we are
01:34:52
interested in the windows update center.
01:34:54
Of course, this service is enabled by default on
01:34:56
all personal computers on all
01:34:58
servers,
01:35:00
but just in case, you
01:35:05
should still move it to automatic
01:35:08
mode so that after starting the computer, the
01:35:12
update center was always turned on, we
01:35:15
press OK, so everything is about
01:35:28
or as we have created, nothing else is
01:35:31
actually required in group policy, the
01:35:34
next moment on the
01:35:39
client machine, go to the command
01:35:42
line of the code with an even administrator account,
01:35:48
so what we do here in a logical
01:35:52
way write the command g.p. the
01:35:54
policy update was successfully applied to the
01:35:59
current computer,
01:36:23
let's see the name Leslie policy
01:36:33
I remember the command
01:36:35
gp gold your sher shows us what
01:36:40
policies were applied to the computer and
01:36:44
to the current user so
01:36:52
please politicians sos it was successfully
01:36:56
applied and if I did everything correctly
01:37:08
the computer should appear here please the computer
01:37:14
appeared successfully what
01:37:19
next you need to do the
01:37:26
notification step yet no oh update
01:37:28
not yet accordingly you should start
01:37:34
synchronization the synchronization process it
01:37:37
[music]
01:37:39
takes quite a long time
01:37:44
after the synchronization is completed successfully
01:37:47
in the all updates tab you see
01:37:53
here you can filter accordingly
01:37:55
our updates are approved there are
01:37:59
unapproved ones, as a rule, after the
01:38:01
update center downloads the
01:38:04
database of these updates and
01:38:07
saves them, then these updates will not be
01:38:10
unapproved and they will be stored
01:38:14
directly here, but you can
01:38:18
put everything except the rejected ones
01:38:21
here,
01:38:22
everything will be displayed, all this the list
01:38:24
also needs to be able to select
01:38:28
any one and again there will be the entire list, what’s
01:38:40
next, well, synchronization is still in progress,
01:38:47
wait, well, of course we won’t after
01:38:51
all the updates are found, please note
01:38:56
that we have specified
01:39:00
automatic approval, that is, the
01:39:03
rules will be
01:39:05
automatically updated, they will be automatically
01:39:08
approved
01:39:09
after they get to our server and,
01:39:12
accordingly, so you
01:39:33
look at the files in the language further, here
01:39:40
there is a checkmark
01:39:41
downloaded update files to the server
01:39:45
only after the updates are approved, that
01:39:48
is, they will be installed on
01:39:51
client machines only after the
01:39:53
update data has been approved,
01:39:58
the update will be downloaded automatically
01:40:02
and approved and after they are automatically
01:40:04
approved, they will be provided by
01:40:06
the user,
01:40:07
but please keep in mind that
01:40:09
the update will be downloaded according to the
01:40:11
schedule that we set up in
01:40:14
group policies like this, well, did
01:40:19
anything appear there, no, yes, there are
01:40:23
some synchronization updates,
01:40:32
it will go until synchronization while the progress is in
01:40:37
progress, you see 27 percent
01:40:40
update at the moment we have 152
01:40:46
well, okay, let's
01:40:50
stop synchronization with an update from some
01:40:53
received, let's stop synchronization,
01:40:54
yes, of course, an error appeared about
01:40:56
what was canceled, but we seem to
01:41:00
still have the update, here you go, update from
01:41:17
our server received the update and immediately
01:41:20
automatically approved them,
01:41:23
let’s also say we can select this
01:41:27
update and run reject it,
01:41:33
you see it is rejected
01:41:35
and is on the list of rejected well, that
01:41:40
is, this update
01:41:42
will not be installed on computers, there is also another
01:41:46
very interesting point I I
01:41:49
told you earlier that you can do
01:41:52
some
01:41:53
kind of filtering by updates for
01:41:57
different operating systems, how this is
01:41:59
done in you socks updates, you can
01:42:05
create a new mode for viewing updates,
01:42:10
so updates belong to some
01:42:13
class,
01:42:15
select a class, well, let it be an upgrade,
01:42:23
the update belongs to a specific
01:42:26
product, let's select a product, let's
01:42:30
assume this will be a
01:42:40
Windows 10 product and let's indicate the name of the killer,
01:42:53
oh, just write up in
01:42:57
and then
01:43:16
yes, I forgot to indicate one point, so
01:43:27
you see here there is a fad such as an
01:43:29
update for a specific group and you can
01:43:33
select a specific group, for example,
01:43:35
let's add another group of
01:43:38
computers and name it
01:43:40
for now add and in this group we
01:43:48
will have only computers
01:43:50
running the windows operating system
01:43:52
and we can apply the created group of updates
01:43:56
to the group of computers 10 that’s
01:44:10
all after that we again start the
01:44:15
synchronization process now
01:44:19
all updates will be downloaded for you and me
01:44:22
here, but only for win 10 will be
01:44:25
provided here accordingly,
01:44:28
but here it is worth considering the point
01:44:31
that in group policy you and I
01:44:36
have created a rule that
01:44:38
places our computers
01:44:47
in the target group for now, that is, you
01:44:51
need to create
01:44:59
another group with computers in the active directory computer users snap-in add
01:45:02
computers with the
01:45:04
Windows 10 operating system to the domain controller, after
01:45:07
that
01:45:12
create new rules for these
01:45:14
computers and only then they will be
01:45:17
automatically updated here
01:45:19
like this, and filtering accordingly takes place according to the
01:45:21
update for various
01:45:28
operating systems, so colleagues
01:45:39
will have questions, in principle, regarding the Windows
01:45:53
server In general, the service update is all for me

Description:

Настройка WSUS - сервера и групповых политик - GPO Третья лекция по курсу: "Основы системного администрирования" В данном видео рассматривается: - Настройка групповых политик (GPO); - Настройка службы Windows Server Update Service - WSUS; - Настройка GPO для сервера WSUS; Ссылка на плейлист ⇒ https://www.youtube.com/playlist?list=PLy5XrqLTpeStTlP_Xf1guWVHSsZvWAQBG Подписывайся на наш канал ITSkillsUP ⇒ https://www.youtube.com/channel/UCCtgwZUth-1ahDHlycETm7g Не забудьте зайти на сайт ⇒ https://itskillsup.ru Друзья, активность и продвижение канала зависит от ваших лайков и подписок! Если хотите нам помочь - вы знаете, что нужно сделать:)

Preparing download options

popular icon
Popular
hd icon
HD video
audio icon
Only sound
total icon
All
* — If the video is playing in a new tab, go to it, then right-click on the video and select "Save video as..."
** — Link intended for online playback in specialized players

Questions about downloading video

mobile menu iconHow can I download "Настройка WSUS-сервера и групповых политик - GPO [Основы системного администрирования]" video?mobile menu icon

  • http://unidownloader.com/ website is the best way to download a video or a separate audio track if you want to do without installing programs and extensions.

  • The UDL Helper extension is a convenient button that is seamlessly integrated into YouTube, Instagram and OK.ru sites for fast content download.

  • UDL Client program (for Windows) is the most powerful solution that supports more than 900 websites, social networks and video hosting sites, as well as any video quality that is available in the source.

  • UDL Lite is a really convenient way to access a website from your mobile device. With its help, you can easily download videos directly to your smartphone.

mobile menu iconWhich format of "Настройка WSUS-сервера и групповых политик - GPO [Основы системного администрирования]" video should I choose?mobile menu icon

  • The best quality formats are FullHD (1080p), 2K (1440p), 4K (2160p) and 8K (4320p). The higher the resolution of your screen, the higher the video quality should be. However, there are other factors to consider: download speed, amount of free space, and device performance during playback.

mobile menu iconWhy does my computer freeze when loading a "Настройка WSUS-сервера и групповых политик - GPO [Основы системного администрирования]" video?mobile menu icon

  • The browser/computer should not freeze completely! If this happens, please report it with a link to the video. Sometimes videos cannot be downloaded directly in a suitable format, so we have added the ability to convert the file to the desired format. In some cases, this process may actively use computer resources.

mobile menu iconHow can I download "Настройка WSUS-сервера и групповых политик - GPO [Основы системного администрирования]" video to my phone?mobile menu icon

  • You can download a video to your smartphone using the website or the PWA application UDL Lite. It is also possible to send a download link via QR code using the UDL Helper extension.

mobile menu iconHow can I download an audio track (music) to MP3 "Настройка WSUS-сервера и групповых политик - GPO [Основы системного администрирования]"?mobile menu icon

  • The most convenient way is to use the UDL Client program, which supports converting video to MP3 format. In some cases, MP3 can also be downloaded through the UDL Helper extension.

mobile menu iconHow can I save a frame from a video "Настройка WSUS-сервера и групповых политик - GPO [Основы системного администрирования]"?mobile menu icon

  • This feature is available in the UDL Helper extension. Make sure that "Show the video snapshot button" is checked in the settings. A camera icon should appear in the lower right corner of the player to the left of the "Settings" icon. When you click on it, the current frame from the video will be saved to your computer in JPEG format.

mobile menu iconWhat's the price of all this stuff?mobile menu icon

  • It costs nothing. Our services are absolutely free for all users. There are no PRO subscriptions, no restrictions on the number or maximum length of downloaded videos.