Solved

GPOs applied to site

Posted on 2004-09-11
3
270 Views
Last Modified: 2010-04-19
Hello friends,

We would like to know which are the comon GPOs that usually are applied to organizational units containing computers and users in the same geographical location (proxy configuration, etc.)
This question is based in the idea to justify in the OU structure design the creation of this kind of OUs

We thanks all advices based on you experience.
0
Comment
Question by:intentalo69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 15

Assisted Solution

by:harleyjd
harleyjd earned 250 total points
ID: 12036637
Sorry, are you asking for design advice, or what comes out of the box?

There's a "default domain policy" that applies to all users and computers, and is generated at the domain level. It contains some simple security principles, but not a whole lot else.

Best practice is to create new GPO's specifically for the items you want, and for only computers or only users, as turning off processing for one other t'other speeds things up some. Even bester practice is to create OU's for specifc reasons and use them to determine who gets what.

So without seeing what you want to achieve it's a bit hard to say....

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12036679
yes.. we need a little more detail in the question so we can give you a good answer...  harley explained the basics very well, but it sounds like you need more than this here...

FE
0
 
LVL 12

Accepted Solution

by:
BNettles73 earned 250 total points
ID: 12037329


I recommend you read through the following whitepapers. Designing the organizational structure and GPO's is typically tailored for a particular environment. I would not rush and throw up anything either ... you need to understand and plan based on your needs.


Some of the things you should try to research and think about before implementation:

Structure of Active Directory.
Secure the internal namespace from registration anywhere on the Internet other than in your own network.
Consider using a single domain design.
Consider using multiple domains if decentralized administration is required.
Consider using the federated forest design model when uniting two disparate Active Directory structures.
Control and optimize replication traffic by using sites.
Upgrade any down-level clients to reduce administration and maintenance.

Best Practices of OU Design -

Move your user and computer objects into an OU structure.
Keep the OU structure as simple as possible.
Do not nest OUs more than 10 layers deep.
Keep the number of OUs to a minimum.
Apply Group Policy to groups through Group Policy Filtering.
Use domain local groups to control access to resources, and use global groups to organize similar groups of users.
Use distribution groups to create e-mail distribution lists in environments with Exchange 2000.
Mail-enable security groups if separation of security and e-mail functionality is not required.
Don't simply delete and re-create groups on the fly because each group SID is unique.
Don't include users from other Mixed mode domains in a forest in universal groups.
Don't utilize local groups for permissions in a domain environment.

Other articles -

Introduction to Group Policy in Windows Server 2003
http://www.microsoft.com/windowsserver2003/techinfo/overview/gpintro.mspx

Best Practices for Delegating Active Directory Administration
http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-9730-dae7c0a1d6d3&DisplayLang=en

Best Practice Guide for Securing Active Directory Installations
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/bpgadsec.mspx

0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question