|
sponsored links |
|
|
sponsored links
|
|
1
13th July 13:28
External User
Posts: 1
|
Multiple settings configured in one ou group policy
Hello,
I'm very new to group policies, I'm still plowing through the group policy guide. In my test OU I created a group policy to enable the windows xp sp2 firewall, The remote assistance feature, and WSUS as well. And the group policy appears to be working on all three enabled settings. Is it okay to have this many settings enabled on one group policy? Or should I have created three different group policies one for the Windows XP SP2 Firewall, One for Remote Assistance, and one for WSUS? What is the best Practice? --Thanks |
|
|
|
2
13th July 13:28
External User
Posts: 1
|
Multiple settings configured in one ou group policy
Sean,
There are different thoughts on this one, depending on the environment that you are working in. The more policies that you have the more replication that occurs between SYSVOL's on your Domain Controllers and the more policies clients need to process. If you are in a low bandwidth environment it is common to configure as few group policies as possible, however if you have link speeds in excess of 1mb all over you environment then this is not such and issue. I would consider first the rule of separating machine policies from user one's and using a naming convention to reflect this. I would also consider separating security polices from administrative type ones. Group policy settings together that achieve and overall goal i.e Internet Explore Restrictions, Office Configuration, Standard desktop security. Clearly don't create a policy for every setting, as the more policies processed can have an adverse effect on logon speed. If you have policy settings that are going to change on a regular basis consider separating them as a mistake in changing the policy then only effects that component and not a whole bunch of settings. The naming of policies is very important as troubleshooting later will be much simpler if the names of policies are immediately recognisable. Use GPMC and backup policies before and change occurs. I have in the past also used version numbers on policy e.g Standard Desktop Security v1.0 to assist in troubleshooting. For example before you edit a policy you copy it and increment the version. You then ensure the policy has replicated to all of the Domain Controllers SYSVOLS using GPOTool before linking the new policy and unlinking the old one. This then makes it simple to see which clients are running which versions of you security policy when you run RSOP. Once all is well and confirmed you can tidy up by removing the old policy, should anything go wrong you can re-link the old policy and unlink the new version to revert. Dave Britt Blog: http://davebritt.blogspot.com/ |
|
|
|
3
13th July 13:29
External User
Posts: 1
|
Multiple settings configured in one ou group policy
Dave, Thanks for your guidance -Sean
|
|
|
|
Linear Mode
