Re: Effects of not using any GPO in AD?
From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 07/29/04
- Next message: evmoreno: "Restrict User Scripts from running on Domain Controllers"
- Previous message: Bret Tragni: "Re: already looked at add/remove"
- In reply to: Parhez Sattar: "Effects of not using any GPO in AD?"
- Next in thread: Roger Abell: "Re: Effects of not using any GPO in AD?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 30 Jul 2004 08:51:18 +1000
Hi
Do not remove the Default Domain Policy or the Default Domain Controllers
Policy. These provide a base line set of policies that if left alone,
shouldn't cause you problems.
Kind regards
-- Mark Renoden [MSFT] Windows Platform Support Team Email: markreno@online.microsoft.com Please note you'll need to strip ".online" from my email address to email me; I'll post a response back to the group. This posting is provided "AS IS" with no warranties, and confers no rights. "Parhez Sattar" <pxs01@grh.org> wrote in message news:6ac301c47583$dae5b7f0$a501280a@phx.gbl... > We have a mixed network with 200+ W2K/XP clients, with > Novell eDirectory (it was there first) and a newly > upgraded Windows Server 2003-based single domain (upgraded > from NT 4). All clients use resources that are in > both "networks". Since we have been traditionally > managing our resources using eDirectory (originally Bind-- >>NDS), there is a push to disable the Default Domain Group > Policy Object and configure all workstations's local GPO > using Zenworks for Desktop from Novell from a central > location. This disregards group policy management on the > Windows servers. The thought at this point is to leave > the Default Domain Controllers GPO alone, however. > Essentially, we want to use AD just to authenticate users > to Windows-based resources. We do use DNS/DHCP based on > W2K3 servers, both integrated with AD. My questions are: > > -Without using group policies handed down by the domain > (via the "Default Domain GPO") and by setting group > policies only at the local workstation, are we weakening > any inherent security (or any other benefits) built-into > AD-based group policy implementations. > > -Parallely, since the same AD GPO would have set the > policies on the Windows servers also (and we are not using > that, nor are we manually setting the local GPO on each > Windows server), what ramifications might we have at the > server level security and performance? >
- Next message: evmoreno: "Restrict User Scripts from running on Domain Controllers"
- Previous message: Bret Tragni: "Re: already looked at add/remove"
- In reply to: Parhez Sattar: "Effects of not using any GPO in AD?"
- Next in thread: Roger Abell: "Re: Effects of not using any GPO in AD?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
