Solved

GPOs applied to site

Posted on 2004-09-11
3
271 Views
Last Modified: 2010-04-19
Hello friends,

We would like to know which are the comon GPOs that usually are applied to organizational units containing computers and users in the same geographical location (proxy configuration, etc.)
This question is based in the idea to justify in the OU structure design the creation of this kind of OUs

We thanks all advices based on you experience.
0
Comment
Question by:intentalo69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 15

Assisted Solution

by:harleyjd
harleyjd earned 250 total points
ID: 12036637
Sorry, are you asking for design advice, or what comes out of the box?

There's a "default domain policy" that applies to all users and computers, and is generated at the domain level. It contains some simple security principles, but not a whole lot else.

Best practice is to create new GPO's specifically for the items you want, and for only computers or only users, as turning off processing for one other t'other speeds things up some. Even bester practice is to create OU's for specifc reasons and use them to determine who gets what.

So without seeing what you want to achieve it's a bit hard to say....

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12036679
yes.. we need a little more detail in the question so we can give you a good answer...  harley explained the basics very well, but it sounds like you need more than this here...

FE
0
 
LVL 12

Accepted Solution

by:
BNettles73 earned 250 total points
ID: 12037329


I recommend you read through the following whitepapers. Designing the organizational structure and GPO's is typically tailored for a particular environment. I would not rush and throw up anything either ... you need to understand and plan based on your needs.


Some of the things you should try to research and think about before implementation:

Structure of Active Directory.
Secure the internal namespace from registration anywhere on the Internet other than in your own network.
Consider using a single domain design.
Consider using multiple domains if decentralized administration is required.
Consider using the federated forest design model when uniting two disparate Active Directory structures.
Control and optimize replication traffic by using sites.
Upgrade any down-level clients to reduce administration and maintenance.

Best Practices of OU Design -

Move your user and computer objects into an OU structure.
Keep the OU structure as simple as possible.
Do not nest OUs more than 10 layers deep.
Keep the number of OUs to a minimum.
Apply Group Policy to groups through Group Policy Filtering.
Use domain local groups to control access to resources, and use global groups to organize similar groups of users.
Use distribution groups to create e-mail distribution lists in environments with Exchange 2000.
Mail-enable security groups if separation of security and e-mail functionality is not required.
Don't simply delete and re-create groups on the fly because each group SID is unique.
Don't include users from other Mixed mode domains in a forest in universal groups.
Don't utilize local groups for permissions in a domain environment.

Other articles -

Introduction to Group Policy in Windows Server 2003
http://www.microsoft.com/windowsserver2003/techinfo/overview/gpintro.mspx

Best Practices for Delegating Active Directory Administration
http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-9730-dae7c0a1d6d3&DisplayLang=en

Best Practice Guide for Securing Active Directory Installations
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/bpgadsec.mspx

0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question