Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

GP Win2K

Posted on 2004-09-17
3
Medium Priority
?
340 Views
Last Modified: 2010-03-18
I am trying to get a grasp on Windows Group Policy.

I would like to further understand the proper way to implement GP throughout a domain.

The domain consists of 4 servers: Exchange, ISA, WEB, and DC. all Win2K servers
The workstations are: 20 all XP Pro
Currently all Users are in One OU to keep it simple.

I want to start looking at setting some account and auditing policies for the servers and the network users but need further understanding of where to start.
Such as do I setup the Default Domain Policy for the account policy or Domain Controller Policy for the auditing policy or do I have to use the Local Security Policy on each of the servers.



0
Comment
Question by:vivo123
3 Comments
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 12089251
Hi
Some further information on the topic for starters, and it is important that you read and get to grips with gp as much as you can,
Introduction to Windows 2000 Group Policy
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp
Windows 2000 Group Policy
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Implementing Group Policy
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=9695
Windows 2000 Group Policy
http://labmice.techtarget.com/activedirectory/grpolicy.htm

If possible try to setup deployment scenarios in a test environment, so that you can start to understand the practicalities of implementation without it affecting your live environment,

If you don't have a test lab or network then the following is extremely useful, VMWare
http://www.vmware.com/products/

Be very careful of what policies you set from the default domain policy, as these affect everyone. I tend to restrict these to policies that you can only apply at that level like account policy etc.  Best start with an OU and test what you need. The configuration I use groups people and pc's into units dependent on and mirroring their work department and resultant acces requirements re: internet, intranet, files and applications. It does take time to consider what best suits your environment but that's time worth spent. Oh and don't forget that initially a policy set to not configured won't apply. Once enabled it will apply and you need to set it to disabled to turn it off. Setting it back to not configured won't disable it,

Deb :))
0
 

Author Comment

by:vivo123
ID: 12090348
Thanks for the info..  I will research.. In the meantime.

I understand in regards to the default domain policy  that it should apply to the account policy, because this affects the entire domain.
when would I use the domain controller policy? and for what purpose?

Also, I read somewhere that local policy should apply on all servers before they are connected to the network..  when would you use local policy on a server, and what would you be setting since the default domain or DC policy would affect...  These are all questions that I am struggling with.  Can you help put them into perspective..

Thanks for your help...


0
 

Expert Comment

by:mikep554
ID: 12133555
You would use the domain controller policy to specify different settings for domain controller than for the rest of your computers. The settings in the domain controller policy will overide the default domain policy. An examply might be that you set the default domain policy to set all computers to use automatic updates. But you probably don't want your domain controllers to use AU, so you set the AU options in the domain controller policy to be disabled. That way, your clients are patched and but you can test the patches before applying them to the server.

The local policy is similar to group policy, but it is stored and applied locally. This is where you would set options for machines not on a domain, since policies are applied in LSDOU order (Local, then Site, then Domain, then Org. Unit), any options you set in any group policy that applies to the machine will overide the local policy settings.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question