Re: Local Group Policy versus OU (Time Service)

From: Jerry (jerry.giacinto_at_ketteng.com.nospam.com)
Date: 08/27/04

• Next message: KTFCU ITDept: "Re: can't run scripts! grrr"
• Previous message: KTFCU ITDept: "Re: can't run scripts! grrr"
• In reply to: Darren Mar-Elia: "Re: Local Group Policy versus OU (Time Service)"
• Next in thread: Darren Mar-Elia: "Re: Local Group Policy versus OU (Time Service)"
• Reply: Darren Mar-Elia: "Re: Local Group Policy versus OU (Time Service)"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 27 Aug 2004 11:25:10 -0700

Darren,

  Thanks for the response. I was thinking the same thing with regards to
over complicating the setup. However, that leads me to another dilemna. It
would be nice to configure the Windows Time Service in Group Policy for the
rest of the servers, because they'll all have identical settings. To do
that requires one of two approaches:
1) Set up an OU that does not include the PDC
2) For the settings that are different between the other servers and the
PDC, configure those in the registry, and leave the GPO setting as "Not
Configured"
Maybe the first approach is a good idea anyway. Do you find that you set a
lot of Group Policy settings differently on your DC's and member servers
than you do on your PDC?
The second approach presents a potential problem because with the Time
Service, the settings I would want to be different for the PDC are the
NtpServer and Type under the NTP Client properties. But there are 5 other
settings under the NTP Client. So, to specify any of those other settings,
means I have to configure the NtpServer and Type as well. Then I can't use
the same GPO for all servers.

What do you think?

Thanks again,
  Jerry

"Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
news:eIMFnfFjEHA.3016@tk2msftngp13.phx.gbl...
> Jerry-
> In your case, where you have a set of registry settings that only apply to
> one machine, I don't really think Group Policy is required. It just adds
> complexity where none is needed. I would just make the settings changes
you
> need to make via a reg file and have that file on hand if you ever need to
> promote a different DC to be the PDC role holder.
>
> --
> Darren Mar-Elia
> MS-MVP-Windows Management
> http://www.gpoguy.com
>
>
>
> "Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
> news:eAO3p5EjEHA.2696@TK2MSFTNGP11.phx.gbl...
> > Hi,
> >
> > I am in the process of designing a time synchronization plan for a
> > Windows
> > 2003 domain. I need to configure the PDC operations master to
synchronize
> > with a reliable external source. Then, the rest of the servers and
> > workstations will follow the default domain hierarchy. I can configure
> > Windows Time Service settings in Group Policy, and therefore, can make
> > specific settings changes for the PDC. My lack of experience has caught
> > up
> > with me real quick when it comes to proper methods for applying group
> > policy
> > or local settings in the domain. What I'd like to know is for specific
> > settings on the PDC (or any single computer), is it better (or more
> > acceptable) to create an OU that contains just the PDC and apply Group
> > Policy to that OU, or define the settings in Local Group Policy, or
simply
> > change the settings in the registry. It seems that it would be easier
to
> > manage by creating a specific OU for the PDC because I could use the
Group
> > Policy Management Console to administer settings for the whole domain,
> > including special cases like this. Does anyone know a good resource for
> > designing Active Directory and Group Policy in a small to mid-size
> > environment?
> >
> > Thanks for your help,
> > Jerry
> >
> >
>
>

---

• Next message: KTFCU ITDept: "Re: can't run scripts! grrr"
• Previous message: KTFCU ITDept: "Re: can't run scripts! grrr"
• In reply to: Darren Mar-Elia: "Re: Local Group Policy versus OU (Time Service)"
• Next in thread: Darren Mar-Elia: "Re: Local Group Policy versus OU (Time Service)"
• Reply: Darren Mar-Elia: "Re: Local Group Policy versus OU (Time Service)"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Terminal Server GPO Issue ... servers that is not in the OU where the GPO is supposed to be applied and I ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Sharepoint Auth GPO ... Event Log Settings ... (microsoft.public.windows.server.active_directory) Re: Local Group Policy versus OU (Time Service) ... One way I'd skin this is, if those servers are all over your domain (i.e. ... I very rarely come across a lot of differences in policy btw the PDC role ... because they'll all have identical settings. ... > lot of Group Policy settings differently on your DC's and member servers ... (microsoft.public.windows.group_policy) Re: Local Group Policy versus OU (Time Service) ... I set the PDC at the registry, ... the other servers to work in the default Time Synch on AD mode. ... some Group Policy settings for all servers that deal with the time offsets ... Settings, and those settings do not include the server type and the NTP ... (microsoft.public.windows.group_policy) Re: Local Group Policy versus OU (Time Service) ... The one advantage use of group policy for this does have, ... you are guaranteed that the PDC emulator will remain using ... > specific settings changes for the PDC. ... (microsoft.public.windows.group_policy) Re: GPO force Redirect of folders on 2003 Term Server ... the Loopback is not processing. ... servers that I am trying to move them off of. ... Apply Group Policy) ... Redirection Settings: Basic - redirect everyone's folder to the same location ... (microsoft.public.win2000.group_policy)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)