Solved

GP Win2K

Posted on 2004-09-17
3
332 Views
Last Modified: 2010-03-18
I am trying to get a grasp on Windows Group Policy.

I would like to further understand the proper way to implement GP throughout a domain.

The domain consists of 4 servers: Exchange, ISA, WEB, and DC. all Win2K servers
The workstations are: 20 all XP Pro
Currently all Users are in One OU to keep it simple.

I want to start looking at setting some account and auditing policies for the servers and the network users but need further understanding of where to start.
Such as do I setup the Default Domain Policy for the account policy or Domain Controller Policy for the auditing policy or do I have to use the Local Security Policy on each of the servers.



0
Comment
Question by:vivo123
3 Comments
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 125 total points
ID: 12089251
Hi
Some further information on the topic for starters, and it is important that you read and get to grips with gp as much as you can,
Introduction to Windows 2000 Group Policy
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp
Windows 2000 Group Policy
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Implementing Group Policy
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=9695
Windows 2000 Group Policy
http://labmice.techtarget.com/activedirectory/grpolicy.htm

If possible try to setup deployment scenarios in a test environment, so that you can start to understand the practicalities of implementation without it affecting your live environment,

If you don't have a test lab or network then the following is extremely useful, VMWare
http://www.vmware.com/products/

Be very careful of what policies you set from the default domain policy, as these affect everyone. I tend to restrict these to policies that you can only apply at that level like account policy etc.  Best start with an OU and test what you need. The configuration I use groups people and pc's into units dependent on and mirroring their work department and resultant acces requirements re: internet, intranet, files and applications. It does take time to consider what best suits your environment but that's time worth spent. Oh and don't forget that initially a policy set to not configured won't apply. Once enabled it will apply and you need to set it to disabled to turn it off. Setting it back to not configured won't disable it,

Deb :))
0
 

Author Comment

by:vivo123
ID: 12090348
Thanks for the info..  I will research.. In the meantime.

I understand in regards to the default domain policy  that it should apply to the account policy, because this affects the entire domain.
when would I use the domain controller policy? and for what purpose?

Also, I read somewhere that local policy should apply on all servers before they are connected to the network..  when would you use local policy on a server, and what would you be setting since the default domain or DC policy would affect...  These are all questions that I am struggling with.  Can you help put them into perspective..

Thanks for your help...


0
 

Expert Comment

by:mikep554
ID: 12133555
You would use the domain controller policy to specify different settings for domain controller than for the rest of your computers. The settings in the domain controller policy will overide the default domain policy. An examply might be that you set the default domain policy to set all computers to use automatic updates. But you probably don't want your domain controllers to use AU, so you set the AU options in the domain controller policy to be disabled. That way, your clients are patched and but you can test the patches before applying them to the server.

The local policy is similar to group policy, but it is stored and applied locally. This is where you would set options for machines not on a domain, since policies are applied in LSDOU order (Local, then Site, then Domain, then Org. Unit), any options you set in any group policy that applies to the machine will overide the local policy settings.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question