Solved

Group Policy Procedure

Posted on 2008-06-11
7
255 Views
Last Modified: 2008-10-20
1. What is the best procedure for creating and implementing a new policy.

A. Create policy and link to the domain, specify who it applies to with the security filtering
B. Create OU, move users???  create and link GPO to OU?

2. Must all users in the domain have 1 single dns server, the AD DNS server ip?
3. I created a test GPO and linked it to the domain, added group at the bottom. Didn't work
    I then added an individual user from that group, then it worked. I'm puzzled.

I'm just getting my feet wet as you can see and  appreciate the help.
0
Comment
Question by:zen_68
  • 3
  • 3
7 Comments
 
LVL 3

Accepted Solution

by:
Karl12347 earned 250 total points
ID: 21763105
A. Create policy and link to the domain, specify who it applies to with the security filtering
B. Create OU, move users???  create and link GPO to OU?

There is no right or wrong way to implement group policies, it all depends on the structure of your AD. if you have it structured by dept then you will not be able to move people into different OU's for every GPO.
It is best to apply a group policy to the top folder structure of a OU and then Use security to filter it out.

As for the clients, they should have that DNS server in config recieved from the DHCP server.
Not sure why your group did not work in Group policy. Is the group a security Global group? Do not create groups as domain local groups. Universal groups are only used for multiple domain forests with trusts.

Hoep this helps.
Karl
0
 
LVL 7

Expert Comment

by:r_panos
ID: 21763209
Karl12347 is right, there's no right or wrong way.

The approach I use in my AD assessments is the following:

- I create an empty OU that will become the placeholder of all GPOs (except the default 2 of course);
- I create policies "on" that OU;
- I link the policies wherever I want to;

This way I have a placeholder and GPOs without impact to AD; I can test them, linkining them to test OUs, assigning permissions etc, etc; I can unlink them from "production" without deleting them, modify them, test them again and start all over.

But this is only an approach.

For what regards the second part of your question , Karl12347 was more then exhaustive. Clients may have as many DNS servers as you have your AD (preferably of the site they belong).
0
 

Author Comment

by:zen_68
ID: 21763464
On some clients I have a secondary dns which is not an AD dns server in case the DC (our only DC) would be unavailable, they would still have internet access. Stupid? Will this prevent GPO's from working? I read that on a post here about only having the AD DNS server entry.

No DHCP......all static
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:zen_68
ID: 21763478
"- I create policies "on" that OU;" ------------on or in?
"- I link the policies wherever I want to;"
0
 
LVL 7

Expert Comment

by:r_panos
ID: 21766397
Created in; the empty OU becomes the container.

By linking the GPO wherever I mean I link it to multiple oU (if necessary).
0
 

Author Comment

by:zen_68
ID: 21770288
Why wouldn't you just use the Group Policy Objects container?

How about the DNS question? If I have an external DNS server ip as the secondary, does this have adverse effects on GP?
0
 
LVL 7

Expert Comment

by:r_panos
ID: 21832861
No there's no problem on the GPO.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question