Solved

GPOs applied to site

Posted on 2004-09-11
3
268 Views
Last Modified: 2010-04-19
Hello friends,

We would like to know which are the comon GPOs that usually are applied to organizational units containing computers and users in the same geographical location (proxy configuration, etc.)
This question is based in the idea to justify in the OU structure design the creation of this kind of OUs

We thanks all advices based on you experience.
0
Comment
Question by:intentalo69
3 Comments
 
LVL 15

Assisted Solution

by:harleyjd
harleyjd earned 250 total points
ID: 12036637
Sorry, are you asking for design advice, or what comes out of the box?

There's a "default domain policy" that applies to all users and computers, and is generated at the domain level. It contains some simple security principles, but not a whole lot else.

Best practice is to create new GPO's specifically for the items you want, and for only computers or only users, as turning off processing for one other t'other speeds things up some. Even bester practice is to create OU's for specifc reasons and use them to determine who gets what.

So without seeing what you want to achieve it's a bit hard to say....

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12036679
yes.. we need a little more detail in the question so we can give you a good answer...  harley explained the basics very well, but it sounds like you need more than this here...

FE
0
 
LVL 12

Accepted Solution

by:
BNettles73 earned 250 total points
ID: 12037329


I recommend you read through the following whitepapers. Designing the organizational structure and GPO's is typically tailored for a particular environment. I would not rush and throw up anything either ... you need to understand and plan based on your needs.


Some of the things you should try to research and think about before implementation:

Structure of Active Directory.
Secure the internal namespace from registration anywhere on the Internet other than in your own network.
Consider using a single domain design.
Consider using multiple domains if decentralized administration is required.
Consider using the federated forest design model when uniting two disparate Active Directory structures.
Control and optimize replication traffic by using sites.
Upgrade any down-level clients to reduce administration and maintenance.

Best Practices of OU Design -

Move your user and computer objects into an OU structure.
Keep the OU structure as simple as possible.
Do not nest OUs more than 10 layers deep.
Keep the number of OUs to a minimum.
Apply Group Policy to groups through Group Policy Filtering.
Use domain local groups to control access to resources, and use global groups to organize similar groups of users.
Use distribution groups to create e-mail distribution lists in environments with Exchange 2000.
Mail-enable security groups if separation of security and e-mail functionality is not required.
Don't simply delete and re-create groups on the fly because each group SID is unique.
Don't include users from other Mixed mode domains in a forest in universal groups.
Don't utilize local groups for permissions in a domain environment.

Other articles -

Introduction to Group Policy in Windows Server 2003
http://www.microsoft.com/windowsserver2003/techinfo/overview/gpintro.mspx

Best Practices for Delegating Active Directory Administration
http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-9730-dae7c0a1d6d3&DisplayLang=en

Best Practice Guide for Securing Active Directory Installations
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/bpgadsec.mspx

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question