Solved

GP Win2K

Posted on 2004-09-17
3
320 Views
Last Modified: 2010-03-18
I am trying to get a grasp on Windows Group Policy.

I would like to further understand the proper way to implement GP throughout a domain.

The domain consists of 4 servers: Exchange, ISA, WEB, and DC. all Win2K servers
The workstations are: 20 all XP Pro
Currently all Users are in One OU to keep it simple.

I want to start looking at setting some account and auditing policies for the servers and the network users but need further understanding of where to start.
Such as do I setup the Default Domain Policy for the account policy or Domain Controller Policy for the auditing policy or do I have to use the Local Security Policy on each of the servers.



0
Comment
Question by:vivo123
3 Comments
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 125 total points
ID: 12089251
Hi
Some further information on the topic for starters, and it is important that you read and get to grips with gp as much as you can,
Introduction to Windows 2000 Group Policy
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp
Windows 2000 Group Policy
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Implementing Group Policy
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=9695
Windows 2000 Group Policy
http://labmice.techtarget.com/activedirectory/grpolicy.htm

If possible try to setup deployment scenarios in a test environment, so that you can start to understand the practicalities of implementation without it affecting your live environment,

If you don't have a test lab or network then the following is extremely useful, VMWare
http://www.vmware.com/products/

Be very careful of what policies you set from the default domain policy, as these affect everyone. I tend to restrict these to policies that you can only apply at that level like account policy etc.  Best start with an OU and test what you need. The configuration I use groups people and pc's into units dependent on and mirroring their work department and resultant acces requirements re: internet, intranet, files and applications. It does take time to consider what best suits your environment but that's time worth spent. Oh and don't forget that initially a policy set to not configured won't apply. Once enabled it will apply and you need to set it to disabled to turn it off. Setting it back to not configured won't disable it,

Deb :))
0
 

Author Comment

by:vivo123
ID: 12090348
Thanks for the info..  I will research.. In the meantime.

I understand in regards to the default domain policy  that it should apply to the account policy, because this affects the entire domain.
when would I use the domain controller policy? and for what purpose?

Also, I read somewhere that local policy should apply on all servers before they are connected to the network..  when would you use local policy on a server, and what would you be setting since the default domain or DC policy would affect...  These are all questions that I am struggling with.  Can you help put them into perspective..

Thanks for your help...


0
 

Expert Comment

by:mikep554
ID: 12133555
You would use the domain controller policy to specify different settings for domain controller than for the rest of your computers. The settings in the domain controller policy will overide the default domain policy. An examply might be that you set the default domain policy to set all computers to use automatic updates. But you probably don't want your domain controllers to use AU, so you set the AU options in the domain controller policy to be disabled. That way, your clients are patched and but you can test the patches before applying them to the server.

The local policy is similar to group policy, but it is stored and applied locally. This is where you would set options for machines not on a domain, since policies are applied in LSDOU order (Local, then Site, then Domain, then Org. Unit), any options you set in any group policy that applies to the machine will overide the local policy settings.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now