Solved

Group Policy Procedure

Posted on 2008-06-11
7
252 Views
Last Modified: 2008-10-20
1. What is the best procedure for creating and implementing a new policy.

A. Create policy and link to the domain, specify who it applies to with the security filtering
B. Create OU, move users???  create and link GPO to OU?

2. Must all users in the domain have 1 single dns server, the AD DNS server ip?
3. I created a test GPO and linked it to the domain, added group at the bottom. Didn't work
    I then added an individual user from that group, then it worked. I'm puzzled.

I'm just getting my feet wet as you can see and  appreciate the help.
0
Comment
Question by:zen_68
  • 3
  • 3
7 Comments
 
LVL 3

Accepted Solution

by:
Karl12347 earned 250 total points
ID: 21763105
A. Create policy and link to the domain, specify who it applies to with the security filtering
B. Create OU, move users???  create and link GPO to OU?

There is no right or wrong way to implement group policies, it all depends on the structure of your AD. if you have it structured by dept then you will not be able to move people into different OU's for every GPO.
It is best to apply a group policy to the top folder structure of a OU and then Use security to filter it out.

As for the clients, they should have that DNS server in config recieved from the DHCP server.
Not sure why your group did not work in Group policy. Is the group a security Global group? Do not create groups as domain local groups. Universal groups are only used for multiple domain forests with trusts.

Hoep this helps.
Karl
0
 
LVL 7

Expert Comment

by:r_panos
ID: 21763209
Karl12347 is right, there's no right or wrong way.

The approach I use in my AD assessments is the following:

- I create an empty OU that will become the placeholder of all GPOs (except the default 2 of course);
- I create policies "on" that OU;
- I link the policies wherever I want to;

This way I have a placeholder and GPOs without impact to AD; I can test them, linkining them to test OUs, assigning permissions etc, etc; I can unlink them from "production" without deleting them, modify them, test them again and start all over.

But this is only an approach.

For what regards the second part of your question , Karl12347 was more then exhaustive. Clients may have as many DNS servers as you have your AD (preferably of the site they belong).
0
 

Author Comment

by:zen_68
ID: 21763464
On some clients I have a secondary dns which is not an AD dns server in case the DC (our only DC) would be unavailable, they would still have internet access. Stupid? Will this prevent GPO's from working? I read that on a post here about only having the AD DNS server entry.

No DHCP......all static
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:zen_68
ID: 21763478
"- I create policies "on" that OU;" ------------on or in?
"- I link the policies wherever I want to;"
0
 
LVL 7

Expert Comment

by:r_panos
ID: 21766397
Created in; the empty OU becomes the container.

By linking the GPO wherever I mean I link it to multiple oU (if necessary).
0
 

Author Comment

by:zen_68
ID: 21770288
Why wouldn't you just use the Group Policy Objects container?

How about the DNS question? If I have an external DNS server ip as the secondary, does this have adverse effects on GP?
0
 
LVL 7

Expert Comment

by:r_panos
ID: 21832861
No there's no problem on the GPO.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now