Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

GPOs applied to site

Posted on 2004-09-11
3
Medium Priority
?
272 Views
Last Modified: 2010-04-19
Hello friends,

We would like to know which are the comon GPOs that usually are applied to organizational units containing computers and users in the same geographical location (proxy configuration, etc.)
This question is based in the idea to justify in the OU structure design the creation of this kind of OUs

We thanks all advices based on you experience.
0
Comment
Question by:intentalo69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 15

Assisted Solution

by:harleyjd
harleyjd earned 750 total points
ID: 12036637
Sorry, are you asking for design advice, or what comes out of the box?

There's a "default domain policy" that applies to all users and computers, and is generated at the domain level. It contains some simple security principles, but not a whole lot else.

Best practice is to create new GPO's specifically for the items you want, and for only computers or only users, as turning off processing for one other t'other speeds things up some. Even bester practice is to create OU's for specifc reasons and use them to determine who gets what.

So without seeing what you want to achieve it's a bit hard to say....

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12036679
yes.. we need a little more detail in the question so we can give you a good answer...  harley explained the basics very well, but it sounds like you need more than this here...

FE
0
 
LVL 12

Accepted Solution

by:
BNettles73 earned 750 total points
ID: 12037329


I recommend you read through the following whitepapers. Designing the organizational structure and GPO's is typically tailored for a particular environment. I would not rush and throw up anything either ... you need to understand and plan based on your needs.


Some of the things you should try to research and think about before implementation:

Structure of Active Directory.
Secure the internal namespace from registration anywhere on the Internet other than in your own network.
Consider using a single domain design.
Consider using multiple domains if decentralized administration is required.
Consider using the federated forest design model when uniting two disparate Active Directory structures.
Control and optimize replication traffic by using sites.
Upgrade any down-level clients to reduce administration and maintenance.

Best Practices of OU Design -

Move your user and computer objects into an OU structure.
Keep the OU structure as simple as possible.
Do not nest OUs more than 10 layers deep.
Keep the number of OUs to a minimum.
Apply Group Policy to groups through Group Policy Filtering.
Use domain local groups to control access to resources, and use global groups to organize similar groups of users.
Use distribution groups to create e-mail distribution lists in environments with Exchange 2000.
Mail-enable security groups if separation of security and e-mail functionality is not required.
Don't simply delete and re-create groups on the fly because each group SID is unique.
Don't include users from other Mixed mode domains in a forest in universal groups.
Don't utilize local groups for permissions in a domain environment.

Other articles -

Introduction to Group Policy in Windows Server 2003
http://www.microsoft.com/windowsserver2003/techinfo/overview/gpintro.mspx

Best Practices for Delegating Active Directory Administration
http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-9730-dae7c0a1d6d3&DisplayLang=en

Best Practice Guide for Securing Active Directory Installations
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/bpgadsec.mspx

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question