Solved

GP Win2K

Posted on 2004-09-17
3
334 Views
Last Modified: 2010-03-18
I am trying to get a grasp on Windows Group Policy.

I would like to further understand the proper way to implement GP throughout a domain.

The domain consists of 4 servers: Exchange, ISA, WEB, and DC. all Win2K servers
The workstations are: 20 all XP Pro
Currently all Users are in One OU to keep it simple.

I want to start looking at setting some account and auditing policies for the servers and the network users but need further understanding of where to start.
Such as do I setup the Default Domain Policy for the account policy or Domain Controller Policy for the auditing policy or do I have to use the Local Security Policy on each of the servers.



0
Comment
Question by:vivo123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 125 total points
ID: 12089251
Hi
Some further information on the topic for starters, and it is important that you read and get to grips with gp as much as you can,
Introduction to Windows 2000 Group Policy
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp
Windows 2000 Group Policy
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Implementing Group Policy
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=9695
Windows 2000 Group Policy
http://labmice.techtarget.com/activedirectory/grpolicy.htm

If possible try to setup deployment scenarios in a test environment, so that you can start to understand the practicalities of implementation without it affecting your live environment,

If you don't have a test lab or network then the following is extremely useful, VMWare
http://www.vmware.com/products/

Be very careful of what policies you set from the default domain policy, as these affect everyone. I tend to restrict these to policies that you can only apply at that level like account policy etc.  Best start with an OU and test what you need. The configuration I use groups people and pc's into units dependent on and mirroring their work department and resultant acces requirements re: internet, intranet, files and applications. It does take time to consider what best suits your environment but that's time worth spent. Oh and don't forget that initially a policy set to not configured won't apply. Once enabled it will apply and you need to set it to disabled to turn it off. Setting it back to not configured won't disable it,

Deb :))
0
 

Author Comment

by:vivo123
ID: 12090348
Thanks for the info..  I will research.. In the meantime.

I understand in regards to the default domain policy  that it should apply to the account policy, because this affects the entire domain.
when would I use the domain controller policy? and for what purpose?

Also, I read somewhere that local policy should apply on all servers before they are connected to the network..  when would you use local policy on a server, and what would you be setting since the default domain or DC policy would affect...  These are all questions that I am struggling with.  Can you help put them into perspective..

Thanks for your help...


0
 

Expert Comment

by:mikep554
ID: 12133555
You would use the domain controller policy to specify different settings for domain controller than for the rest of your computers. The settings in the domain controller policy will overide the default domain policy. An examply might be that you set the default domain policy to set all computers to use automatic updates. But you probably don't want your domain controllers to use AU, so you set the AU options in the domain controller policy to be disabled. That way, your clients are patched and but you can test the patches before applying them to the server.

The local policy is similar to group policy, but it is stored and applied locally. This is where you would set options for machines not on a domain, since policies are applied in LSDOU order (Local, then Site, then Domain, then Org. Unit), any options you set in any group policy that applies to the machine will overide the local policy settings.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question