1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

GPO best practice advice.

Discussion in 'General Microsoft Certifications' started by supernova, Jan 31, 2010.

  1. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    I wonder if you can help?

    I know people tend to separate user and computer configurations, however, do people separate GPO settings into groups of separate GPOS ie create new

    e.g. firewall settings, software rollout, remote access settings, desktop settings etc

    or does this create overhead issues for logins and start-ups?

    What's the best practice?
     
    Last edited: Jan 31, 2010
    Certifications: Loads
    WIP: Lots
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Try and keep things simple where you can.

    Multiple GPOs can increase the time for a user logon however if you need to use a GPO for a particular group of users just make sure that only that group can read\use the GPO. By default the GPO will be applied to the authenticated users group but you can change that to a security group in AD if needed.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    I prefer to keep things simple so that you have the Default Domain GPO, I then make changes to only things that the Default Domain Policy specified e.g. Password Complexitity Requirements etc.

    I then create another GPO that I specify everything else in.

    Just a personal thing, some people like to group GPO's together.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  4. DC Pr0Mo

    DC Pr0Mo Kilobyte Poster

    265
    6
    41
    If you create a policy that only has user settings, then disable the computer part of the gpo, and vice versa. Will speed up the processing of the policy.
     
    Certifications: MCDST | BSc Network Computing
    WIP: 70-291 | 70-293 | 70-294 | 70-297
  5. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    Yes i already do that one
     
    Certifications: Loads
    WIP: Lots
  6. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    Thanks all

    i thought that by breaking things down it would be simple , however, i think it in fact makes thing more complex and slower. I suppose you could to that for planning then merge then together.

    Gpo settings within are fairly well categorised anyway.

    default domain settings, workstations settings, department specific settings and leave it like that
    and then have the different user gpos.
     
    Certifications: Loads
    WIP: Lots
  7. EZE Training Instr

    EZE Training Instr Bit Poster

    38
    5
    0
    i remember asking the Microsoft Server team the same question a long time ago when I was in Reading. They basically said (and I agree) that GPO's have the degree of flexibility to allow administrators to design and control them as they wish, however they did state that if you seperate every setting into different GPO's then it would slow down logging. Using server 2008 I tend to just have main GPO's like Internet Settings, Mapped Drives etc and just add comments in now its available.

    Basically do whatever you prefer.

    Gareth Jones
    Chief Instructor
     
    Certifications: MCT, MCITP, MCTS, VCI, VCP, CCNA, CCNP
  8. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    [had to remove]
     
    Last edited: Jan 31, 2010
    Certifications: Loads
    WIP: Lots
  9. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    yeah that is what i was thinking, but originally in more basic blocks. I suppose only make these blocks when settings are different between ous but keep them to a minimum
     
    Last edited: Jan 31, 2010
    Certifications: Loads
    WIP: Lots
  10. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    Yes that another way of dealing with user settings, thanks
     
    Certifications: Loads
    WIP: Lots

Share This Page

Loading...