Re: Adding GPOs to Default Domain Controllers Policy

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: "Florian Frommherz [MVP]" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 02 May 2008 18:37:27 +0200

Howdie!

Robert Lindholm schrieb:

1) Is adding this type of addition to the Default Domain Controller Policy Object appropriate or should I create a separate GPO for this policy?

I'd leave the Default Domain Policy and the Default Domain Controllers Policy alone. Create a new Group Policy Object at the "Domain Controllers" OU instead and make your firewall settings in there.

2) Do I need to create a new OU or can I add this under the existing Domain Controllers OU?

No - leave the Domain Controllers in the Domain Controllers OU where they are.

3) How do I verify that the policy is properly linked to the intended objects?

On the clients, using the tools rsop.msc and gpresult.exe. The policies should show up, if they are linked correctly and the client is target of the policies.

4) To ensure that the policy is pushed out to the intended objects, does it need to be enforced or will it just replicate?

It will just replicate. This is what I was going to suggest: have a look at your replication. If the policy doesn't reflect on the second DC, pretty likely there's an issue with replication.

Another reason could be you were using the local Group Policy (gpedit.msc) instead of the domain's policy with gpmc.msc

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html
.

Follow-Ups:
- Re: Adding GPOs to Default Domain Controllers Policy
  - From: Robert Lindholm

References:
- Adding GPOs to Default Domain Controllers Policy
  - From: Robert Lindholm

Prev by Date: Going Green
Next by Date: Re: Going Green
Previous by thread: Adding GPOs to Default Domain Controllers Policy
Next by thread: Re: Adding GPOs to Default Domain Controllers Policy
Index(es):
- Date
- Thread

Relevant Pages

Re: New GPO Not Recognized by Clients
... Running replmon--searching DC's for replication failures yielded no failures. ... SYSVOL portion of the GPO is not replicating to those DCs. ... Script Group Policy Settings with the GPExpert Scripting Toolkit for ... Friendly name: TIS Staff Policy ...
(microsoft.public.windows.server.active_directory)
Re: Group Policy Sysvol Disk Space
... Typically speaking, unless the GPs are changing a lot, there won't be a lot of replication traffic after the GPOs are created. ... make sure you use DFS shares for your package paths in Software Installation policy. ... Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool at http://www.sdmsoftware.com/products.php ... that get stored with each GPO. ...
(microsoft.public.windows.server.active_directory)
Re: Custom GPO Version Mismatch
... AD replication errors? ... Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub: ... the Windows Group Policy Guide is out from Microsoft Press!!! ... getting any replication errors on those two servers. ...
(microsoft.public.windows.group_policy)
Re: GPOs and Security
... Policy info that you may find helpful. ... 250842 Troubleshooting Group Policy Application Problems ... 247811 How Domain Controllers Are Located in Windows ...
(microsoft.public.win2000.security)
Re: Cant access default group policy
... Remove the duplicate link for the ddcp. ... that the policy files are all present under the sysvol folder. ... > Going through Properties on the Domain Controllers OU, ... > The Group Policy Editor MMC opens fine, ...
(microsoft.public.win2000.group_policy)