vivo123
asked on
GP Win2K
I am trying to get a grasp on Windows Group Policy.
I would like to further understand the proper way to implement GP throughout a domain.
The domain consists of 4 servers: Exchange, ISA, WEB, and DC. all Win2K servers
The workstations are: 20 all XP Pro
Currently all Users are in One OU to keep it simple.
I want to start looking at setting some account and auditing policies for the servers and the network users but need further understanding of where to start.
Such as do I setup the Default Domain Policy for the account policy or Domain Controller Policy for the auditing policy or do I have to use the Local Security Policy on each of the servers.
I would like to further understand the proper way to implement GP throughout a domain.
The domain consists of 4 servers: Exchange, ISA, WEB, and DC. all Win2K servers
The workstations are: 20 all XP Pro
Currently all Users are in One OU to keep it simple.
I want to start looking at setting some account and auditing policies for the servers and the network users but need further understanding of where to start.
Such as do I setup the Default Domain Policy for the account policy or Domain Controller Policy for the auditing policy or do I have to use the Local Security Policy on each of the servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You would use the domain controller policy to specify different settings for domain controller than for the rest of your computers. The settings in the domain controller policy will overide the default domain policy. An examply might be that you set the default domain policy to set all computers to use automatic updates. But you probably don't want your domain controllers to use AU, so you set the AU options in the domain controller policy to be disabled. That way, your clients are patched and but you can test the patches before applying them to the server.
The local policy is similar to group policy, but it is stored and applied locally. This is where you would set options for machines not on a domain, since policies are applied in LSDOU order (Local, then Site, then Domain, then Org. Unit), any options you set in any group policy that applies to the machine will overide the local policy settings.
The local policy is similar to group policy, but it is stored and applied locally. This is where you would set options for machines not on a domain, since policies are applied in LSDOU order (Local, then Site, then Domain, then Org. Unit), any options you set in any group policy that applies to the machine will overide the local policy settings.
ASKER
I understand in regards to the default domain policy that it should apply to the account policy, because this affects the entire domain.
when would I use the domain controller policy? and for what purpose?
Also, I read somewhere that local policy should apply on all servers before they are connected to the network.. when would you use local policy on a server, and what would you be setting since the default domain or DC policy would affect... These are all questions that I am struggling with. Can you help put them into perspective..
Thanks for your help...