Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

GP Win2K

Posted on 2004-09-17
3
Medium Priority
?
337 Views
Last Modified: 2010-03-18
I am trying to get a grasp on Windows Group Policy.

I would like to further understand the proper way to implement GP throughout a domain.

The domain consists of 4 servers: Exchange, ISA, WEB, and DC. all Win2K servers
The workstations are: 20 all XP Pro
Currently all Users are in One OU to keep it simple.

I want to start looking at setting some account and auditing policies for the servers and the network users but need further understanding of where to start.
Such as do I setup the Default Domain Policy for the account policy or Domain Controller Policy for the auditing policy or do I have to use the Local Security Policy on each of the servers.



0
Comment
Question by:vivo123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 12089251
Hi
Some further information on the topic for starters, and it is important that you read and get to grips with gp as much as you can,
Introduction to Windows 2000 Group Policy
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp
Windows 2000 Group Policy
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Implementing Group Policy
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=9695
Windows 2000 Group Policy
http://labmice.techtarget.com/activedirectory/grpolicy.htm

If possible try to setup deployment scenarios in a test environment, so that you can start to understand the practicalities of implementation without it affecting your live environment,

If you don't have a test lab or network then the following is extremely useful, VMWare
http://www.vmware.com/products/

Be very careful of what policies you set from the default domain policy, as these affect everyone. I tend to restrict these to policies that you can only apply at that level like account policy etc.  Best start with an OU and test what you need. The configuration I use groups people and pc's into units dependent on and mirroring their work department and resultant acces requirements re: internet, intranet, files and applications. It does take time to consider what best suits your environment but that's time worth spent. Oh and don't forget that initially a policy set to not configured won't apply. Once enabled it will apply and you need to set it to disabled to turn it off. Setting it back to not configured won't disable it,

Deb :))
0
 

Author Comment

by:vivo123
ID: 12090348
Thanks for the info..  I will research.. In the meantime.

I understand in regards to the default domain policy  that it should apply to the account policy, because this affects the entire domain.
when would I use the domain controller policy? and for what purpose?

Also, I read somewhere that local policy should apply on all servers before they are connected to the network..  when would you use local policy on a server, and what would you be setting since the default domain or DC policy would affect...  These are all questions that I am struggling with.  Can you help put them into perspective..

Thanks for your help...


0
 

Expert Comment

by:mikep554
ID: 12133555
You would use the domain controller policy to specify different settings for domain controller than for the rest of your computers. The settings in the domain controller policy will overide the default domain policy. An examply might be that you set the default domain policy to set all computers to use automatic updates. But you probably don't want your domain controllers to use AU, so you set the AU options in the domain controller policy to be disabled. That way, your clients are patched and but you can test the patches before applying them to the server.

The local policy is similar to group policy, but it is stored and applied locally. This is where you would set options for machines not on a domain, since policies are applied in LSDOU order (Local, then Site, then Domain, then Org. Unit), any options you set in any group policy that applies to the machine will overide the local policy settings.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question