Is there a planning tool for implementing Group Policies?

We're in the process of implementing group policies (for the first time) on a small network.  The network consists of the following:

- About 25 workstations (Windows XP Pro)
- 5 laptops (Windows XP Pro)
- 3 servers (Windows Server 2003 Std)
- Single Active Directory domain
- At least 3 groups of people that need different group policies defined for them

Is there a tool that helps in the planning process to define the policies for the groups of people.  We know about the GP templates, the Resultant Set of Policies tool, and pretty much all the other Microsoft GP related tools.

By the way, we're going to be using ScriptLogic's Desktop Authority to implement and maintain the group policies.

I'm assigning the max points to this because this is a difficult topic and we need to get it done quickly.

Thanks in advance for your help.

ARite
arnoriteAsked:
Who is Participating?
 
Jay_Jay70Connect With a Mentor Commented:
this reference provides very gpo, a description and the reg keys they hit

http://www.microsoft.com/downloads/details.aspx?FamilyID=7821C32F-DA15-438D-8E48-45915CD2BC14&displaylang=en

sorry if i didnt get what you were trying to say
0
 
Jay_Jay70Commented:
Hi arnorite,

1) a best practices guide
http://www.windowsnetworking.com/articles_tutorials/Best-Practices-Designing-Group-Policy.html

2) you need to look at what YOU want out of group policy :)

are you looking for standardisation
are you looking for restriction
are you looking for folder redirection to a central point
are you looking for roaming profiles
are you looking for security

based on those questions, you can begin to formulate a guideline for your own standards

each company has different requirements and demands for GPO - looking at what you wish to acheive will start you on your path :)

i will help any way i can of course!
0
 
krakkenCommented:
There's also the group policy management console.

It's great for planning, since you can do simulations based on users and computers.
Plus it summarizes the results.
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
Jay_Jay70Commented:
the simulations are basically the same as RSOP
0
 
arnoriteAuthor Commented:
Thanks,

From a business perspective we know what we want.  This includes:

- Standardization
- Restriction/Security
- Logon scripts
- Software deployment

We also are using DFS, so folder redirection is not an issue at this point.

Everything we have looked at addresses technical issues.  It's been very difficult to find something that can address the business rules and convert them to the technical configuration.  This applies to any documentation we've found so far, too.

Does this help?

Thanks,

ARite
0
 
arnoriteAuthor Commented:
By the way, I have looked at this

1) a best practices guide
http://www.windowsnetworking.com/articles_tutorials/Best-Practices-Designing-Group-Policy.html

and again, it has nothing to do with business rules.

Thanks
0
 
Jay_Jay70Commented:
Standardisation - i reccomend setting one policy across the board outlining desktop and the actual "viewing" that a user gets, majority of these settings are set under your start menu and taskbar policies

Security - most of the time i add these to the same policy as above, affectively standardising security as wwll, ie, all internet explorer settings and conrtol panel access

Logon scripts - much better applied to a user account

software deployment - create these as a seperate OU for sure and decide on publishing or Assigning
0
 
Jay_Jay70Commented:
that link is purely a best practice on overall GPO's nothing more
0
 
Jay_Jay70Commented:
one more point, avoid changing the default domain policies and also apply your polcies to OU's rather than at the root level
0
 
arnoriteAuthor Commented:
Thanks, but this is not what I'm looking for.  Buisiness Rules to technical config is what we want.  Example:

- Business Rule: 'Group 1' users can't logoff from the workstation

- GP Config: 'Start Menu and Taskbar' | 'Remove Logoff on the Start Menu' = Enabled

Hopefully this clears up what I want.

Thanks
0
 
Jay_Jay70Commented:
there is no business rules as such, this is what i am getting at, each business has to define themselves what they want out of it

for example, business A that i work with say that they restict the desktop completely, no shutdown, no log off, no desktop properties

business B on the other hand says, no control panel, no properties context of my computer, and forced classic menus

two different businesses, two different set of rules, each based on what they want
0
 
arnoriteAuthor Commented:
I know they're different for each business.  I don't want templates.  I want to be able to identify how to restrict/allow features at a business level, not at a geek level.

Another Example:

Business Rule: Turn Off Internet Access for a specific group of users that I will identify
GP Config: the GP settings I need to impelement

Some businesses may say 'I want everyone' to have full Internet access' or 'I want Internet access to a select set of sites'.  These all deal with the same issue, Internet access.  Obviously different businesses will want different configurations for Internet access.  So for planning, I want to restrict Internet access, then what are the specific GP settings that need to be set for this?  That's what I'm looking for.  And not just Internet access, but all the things that GP affects.

Is there a tool, documentation, web site, company, whatever that can do this?

0
 
arnoriteAuthor Commented:
Thanks for that last response, Jay_Jay70!  It looks like it's the closest thing I'm going to get to what I want.  With a little work, I think I can get the questions answered that I'm looking for.

Thanks again,

ARite
0
 
Jay_Jay70Commented:
no problem at all

James
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.