Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 260
  • Last Modified:

Group Policy Procedure

1. What is the best procedure for creating and implementing a new policy.

A. Create policy and link to the domain, specify who it applies to with the security filtering
B. Create OU, move users???  create and link GPO to OU?

2. Must all users in the domain have 1 single dns server, the AD DNS server ip?
3. I created a test GPO and linked it to the domain, added group at the bottom. Didn't work
    I then added an individual user from that group, then it worked. I'm puzzled.

I'm just getting my feet wet as you can see and  appreciate the help.
0
zen_68
Asked:
zen_68
  • 3
  • 3
1 Solution
 
Karl12347Commented:
A. Create policy and link to the domain, specify who it applies to with the security filtering
B. Create OU, move users???  create and link GPO to OU?

There is no right or wrong way to implement group policies, it all depends on the structure of your AD. if you have it structured by dept then you will not be able to move people into different OU's for every GPO.
It is best to apply a group policy to the top folder structure of a OU and then Use security to filter it out.

As for the clients, they should have that DNS server in config recieved from the DHCP server.
Not sure why your group did not work in Group policy. Is the group a security Global group? Do not create groups as domain local groups. Universal groups are only used for multiple domain forests with trusts.

Hoep this helps.
Karl
0
 
r_panosCommented:
Karl12347 is right, there's no right or wrong way.

The approach I use in my AD assessments is the following:

- I create an empty OU that will become the placeholder of all GPOs (except the default 2 of course);
- I create policies "on" that OU;
- I link the policies wherever I want to;

This way I have a placeholder and GPOs without impact to AD; I can test them, linkining them to test OUs, assigning permissions etc, etc; I can unlink them from "production" without deleting them, modify them, test them again and start all over.

But this is only an approach.

For what regards the second part of your question , Karl12347 was more then exhaustive. Clients may have as many DNS servers as you have your AD (preferably of the site they belong).
0
 
zen_68Author Commented:
On some clients I have a secondary dns which is not an AD dns server in case the DC (our only DC) would be unavailable, they would still have internet access. Stupid? Will this prevent GPO's from working? I read that on a post here about only having the AD DNS server entry.

No DHCP......all static
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
zen_68Author Commented:
"- I create policies "on" that OU;" ------------on or in?
"- I link the policies wherever I want to;"
0
 
r_panosCommented:
Created in; the empty OU becomes the container.

By linking the GPO wherever I mean I link it to multiple oU (if necessary).
0
 
zen_68Author Commented:
Why wouldn't you just use the Group Policy Objects container?

How about the DNS question? If I have an external DNS server ip as the secondary, does this have adverse effects on GP?
0
 
r_panosCommented:
No there's no problem on the GPO.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now