Solved

GPOs applied to site

Posted on 2004-09-11
3
266 Views
Last Modified: 2010-04-19
Hello friends,

We would like to know which are the comon GPOs that usually are applied to organizational units containing computers and users in the same geographical location (proxy configuration, etc.)
This question is based in the idea to justify in the OU structure design the creation of this kind of OUs

We thanks all advices based on you experience.
0
Comment
Question by:intentalo69
3 Comments
 
LVL 15

Assisted Solution

by:harleyjd
harleyjd earned 250 total points
ID: 12036637
Sorry, are you asking for design advice, or what comes out of the box?

There's a "default domain policy" that applies to all users and computers, and is generated at the domain level. It contains some simple security principles, but not a whole lot else.

Best practice is to create new GPO's specifically for the items you want, and for only computers or only users, as turning off processing for one other t'other speeds things up some. Even bester practice is to create OU's for specifc reasons and use them to determine who gets what.

So without seeing what you want to achieve it's a bit hard to say....

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12036679
yes.. we need a little more detail in the question so we can give you a good answer...  harley explained the basics very well, but it sounds like you need more than this here...

FE
0
 
LVL 12

Accepted Solution

by:
BNettles73 earned 250 total points
ID: 12037329


I recommend you read through the following whitepapers. Designing the organizational structure and GPO's is typically tailored for a particular environment. I would not rush and throw up anything either ... you need to understand and plan based on your needs.


Some of the things you should try to research and think about before implementation:

Structure of Active Directory.
Secure the internal namespace from registration anywhere on the Internet other than in your own network.
Consider using a single domain design.
Consider using multiple domains if decentralized administration is required.
Consider using the federated forest design model when uniting two disparate Active Directory structures.
Control and optimize replication traffic by using sites.
Upgrade any down-level clients to reduce administration and maintenance.

Best Practices of OU Design -

Move your user and computer objects into an OU structure.
Keep the OU structure as simple as possible.
Do not nest OUs more than 10 layers deep.
Keep the number of OUs to a minimum.
Apply Group Policy to groups through Group Policy Filtering.
Use domain local groups to control access to resources, and use global groups to organize similar groups of users.
Use distribution groups to create e-mail distribution lists in environments with Exchange 2000.
Mail-enable security groups if separation of security and e-mail functionality is not required.
Don't simply delete and re-create groups on the fly because each group SID is unique.
Don't include users from other Mixed mode domains in a forest in universal groups.
Don't utilize local groups for permissions in a domain environment.

Other articles -

Introduction to Group Policy in Windows Server 2003
http://www.microsoft.com/windowsserver2003/techinfo/overview/gpintro.mspx

Best Practices for Delegating Active Directory Administration
http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-9730-dae7c0a1d6d3&DisplayLang=en

Best Practice Guide for Securing Active Directory Installations
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/bpgadsec.mspx

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now