Re: Planning A Group Policy Deployment
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Tue, 3 Jul 2007 21:12:10 -0700
Edward,
I get the impression that you are so-to-speak being blinded by the
trees and failing to view the forest from overlooks in the terrain.
GP usage aims to facilitate management of computers and of
users when using those computers.
So, first one needs to decide what aspects one wants to manage,
and rank these as to their importance. Think functionally. Do not
at this point think about what is available in the thousand and a half
odd some policies that can be set. The 900 you mention is a pre-
Vista number and also is only the policy settings available in the
administrative templates.
For examples: make machines accessible to only valid users,
make machines silent on the network, have login scripts for
users based on their user category, make sure all machines are
using correct DNS servers, etc. List out what are you major and
minor management objectives. Then see what GPOs have that
let you accomplish those objectives.
Now, granted, there is a chicken/egg aspect, and while I am saying
to emphasize a functional use case specification first, as one does
get more familiar with GP capabilities and shortfalls those will also
come into the picture early on, influencing what you spec as the major
and minor management objectives. However, starting at the other end,
the individual policy settings, is not the way to approach the issue.
Roger
"Edward" <Edward@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4F53B770-C8A2-4C24-B50E-2CF26C48A13D@xxxxxxxxxxxxxxxx
I'd like to start a thread concerning the high level planning for Group
Policy deployment. In my particular situation I have been given the
responsibility for deploying Group Policy (and AD) at a high school.
While
there is a blizzard of information about GP, it is all referential - what
does this do, what does it effect, etc. I'm looking for a level 200 or
300
discussion about the process.
For example - there are over 900 group policies in the W2k3 excel
spread*** reference. Trying to deploy all or most all at once is
obviously
silly. There must be some kind of rational, phased process for deploying
these. Such a process, I would think, always, or nearly always, should be
begin with some particular subset of policies, ie, Internet Explorer or
Desktop or Restricted Software. Another subset would almost always be
second, and third, and so on.
I've never seen the process covered by any of the documentation provided
by
Microsoft, except in the most general way (Design AD, Design OU's, Create
the
test environment, etc.). This is not what I'm refering to.
Anyone have a step 1 though n for the policies themselves?
.
- Prev by Date: Re: Folder Protection
- Next by Date: Re: GPRESULT "Access Denied"
- Previous by thread: Re: Planning A Group Policy Deployment
- Next by thread: Re: Planning A Group Policy Deployment
- Index(es):
