RE: Planning A Group Policy Deployment

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Having read through Darren and Roger's posts, they have some really great
feedback.

I do believe that there is a belief that there is some golden boiler plate
for the process or rolling out Group Policy that can be generalized across
organiztions. This is simply not in-line with my experience. We spend quite a
bit of time with large, mid, small, enourmous, teeny, organizations and we
get quite a lot of opinions on how to approach Management. We talk to health
care, finance, education, military, government, manufacturing etc. etc.
etc... and again, the business tends to drive the approach to managability.

One point of your situation that I belive *can* be generalized is 'a Virgin
domain'. It is great to have a blank slate especially when 'learning to
navigate' the miriad of settings in Group Policy.

I really like Roger's functional areas and would treat them individually but
I have a slightly differnt approach that may prove useful.

1) When we define customer needs we tend to take the situation that
customers share with us and apply them to how an ITPro would address the need
with GP. What I mean is, JoeAdmin is chatting with his manager BigJoe. BigJoe
just got back from a three hour meeting talking about finances and saving
money and cutting operational costs etc. BigJoe got some information on how
much money is spent every year on power consumption. BigJoe asks JoeAdmin how
can we do better? How can we better manage power consumption. JoeAdmin goes
back to his cube and starts pondering.

This is (albeit a bit overused) a real scenario. JoeAdmin now is looking at
how managability is done and goes to GP to find if there a possible solution?
If it is not readily apparent, are there work arounds (Scripts, Software
Install Policy etc.)

2) BigJoe the IT manager is getting beat over the coals by buisiness leaders
becasue of low productivity. Regional Sales people come into an office and
sit down on a computer and the software they need is not there. the desktop
is setup completely differenty. IE is configured different than they are used
to, no favorites. It takes them way too much time to get the 'borrowed'
computer to a place where they can begin being productive. We need to fix
this, how can the user experience be predictable? Does this require a
'standard desktop' effort?

Again, way general, I appologize, but it is a real world situation that
companies and ITPros deal with quite often. JoeAdmin now needs to sit and
think through what possible solutions there are to this problem and Group
Policy is the center of his management envrionment. It is time to do some
research through the spread*** (for ADM) test out some of the other
extensions (SRP, SIP, Folder Redirection etc.), and begin to come up with a
plan. I belive as Darren mentions that the Common Scenarios document is a
great document here.

My point here with far too few scenarios is that when learning GP, starting
with the business probelem is helpful. If the learning is happening in the
absense of an actual probelm (which is great) make a few up.

I have worked with some very large educational institutes and one shared
this process with me that I thought was interesting. Not easy to implement
but this is what they wanted to achieve. Limit what students can run on
systems. Limit what they can do with IE or web in general. Provide access to
a common areas, with restrictions... If I am in sixth grade then when I open
up a short cut to a share that is located on my desktop I only see what is
avaialable for Sixth graders... if an eighth grader sits at the same computer
and logs on they have the same shortcut but when they go to that share they
see resources available for eighth graders...

I think learning through the scenarios is helpful becasue the learning is
tangible. You can really wrap your head around the problem and you are not
diving into the 'swimming pool' and overwhelmed with thousands of settings
and options.

I think these are probably a bit lower level but the 14-part web series on
Group Policy is very helpful and topic based so you can dive into part 7 for
your specific area of interest and get some tips. (www.microsoft.com/gp).

Anyway, this is turning into a stream of consiousness and my kids keep
reminding me that I am taking the day off!

Good luck Eduard and good conversation.

Kevin

"Edward" wrote:

I'd like to start a thread concerning the high level planning for Group
Policy deployment. In my particular situation I have been given the
responsibility for deploying Group Policy (and AD) at a high school. While
there is a blizzard of information about GP, it is all referential - what
does this do, what does it effect, etc. I'm looking for a level 200 or 300
discussion about the process.

For example - there are over 900 group policies in the W2k3 excel
spread*** reference. Trying to deploy all or most all at once is obviously
silly. There must be some kind of rational, phased process for deploying
these. Such a process, I would think, always, or nearly always, should be
begin with some particular subset of policies, ie, Internet Explorer or
Desktop or Restricted Software. Another subset would almost always be
second, and third, and so on.

I've never seen the process covered by any of the documentation provided by
Microsoft, except in the most general way (Design AD, Design OU's, Create the
test environment, etc.). This is not what I'm refering to.

Anyone have a step 1 though n for the policies themselves?
.

Quantcast