Re: Multiple settings configured in one ou group policy
- From: "Dave Britt" <davebritt@xxxxxxxxxxx>
- Date: Wed, 24 May 2006 09:08:04 +0100
Sean,
There are different thoughts on this one, depending on the environment
that you are working in. The more policies that you have the more
replication that occurs between SYSVOL's on your Domain Controllers and the
more policies clients need to process. If you are in a low bandwidth
environment it is common to configure as few group policies as possible,
however if you have link speeds in excess of 1mb all over you environment
then this is not such and issue.
I would consider first the rule of separating machine policies from user
one's and using a naming convention to reflect this. I would also consider
separating security polices from administrative type ones. Group policy
settings together that achieve and overall goal i.e Internet Explore
Restrictions, Office Configuration, Standard desktop security. Clearly don't
create a policy for every setting, as the more policies processed can have
an adverse effect on logon speed.
If you have policy settings that are going to change on a regular basis
consider separating them as a mistake in changing the policy then only
effects that component and not a whole bunch of settings.
The naming of policies is very important as troubleshooting later will be
much simpler if the names of policies are immediately recognisable. Use GPMC
and backup policies before and change occurs.
I have in the past also used version numbers on policy e.g Standard Desktop
Security v1.0 to assist in troubleshooting. For example before you edit a
policy you copy it and increment the version. You then ensure the policy has
replicated to all of the Domain Controllers SYSVOLS using GPOTool before
linking the new policy and unlinking the old one. This then makes it simple
to see which clients are running which versions of you security policy when
you run RSOP. Once all is well and confirmed you can tidy up by removing the
old policy, should anything go wrong you can re-link the old policy and
unlink the new version to revert.
Dave Britt
Blog: http://davebritt.blogspot.com/
"Sean" <seanddunn@xxxxxxxxxxx> wrote in message
news:1148434108.019528.24040@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
I'm very new to group policies, I'm still plowing through
the group policy guide.
In my test OU I created a group policy to enable the windows xp sp2
firewall, The remote assistance feature, and WSUS as well. And the
group policy appears to be working on all three enabled settings. Is it
okay to have this many settings enabled on one group policy? Or should
I have created three different group policies one for the Windows XP
SP2 Firewall, One for Remote Assistance, and one for WSUS? What is the
best Practice? --Thanks
.
- Follow-Ups:
- References:
- Prev by Date: Re: ADM Template to enable QuickLaunch?
- Next by Date: gpresult for Windows 2000
- Previous by thread: Multiple settings configured in one ou group policy
- Next by thread: Re: Multiple settings configured in one ou group policy
- Index(es):
Relevant Pages
|
Loading
