zen_68
asked on
Group Policy Procedure
1. What is the best procedure for creating and implementing a new policy.
A. Create policy and link to the domain, specify who it applies to with the security filtering
B. Create OU, move users??? create and link GPO to OU?
2. Must all users in the domain have 1 single dns server, the AD DNS server ip?
3. I created a test GPO and linked it to the domain, added group at the bottom. Didn't work
I then added an individual user from that group, then it worked. I'm puzzled.
I'm just getting my feet wet as you can see and appreciate the help.
A. Create policy and link to the domain, specify who it applies to with the security filtering
B. Create OU, move users??? create and link GPO to OU?
2. Must all users in the domain have 1 single dns server, the AD DNS server ip?
3. I created a test GPO and linked it to the domain, added group at the bottom. Didn't work
I then added an individual user from that group, then it worked. I'm puzzled.
I'm just getting my feet wet as you can see and appreciate the help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
On some clients I have a secondary dns which is not an AD dns server in case the DC (our only DC) would be unavailable, they would still have internet access. Stupid? Will this prevent GPO's from working? I read that on a post here about only having the AD DNS server entry.
No DHCP......all static
No DHCP......all static
ASKER
"- I create policies "on" that OU;" ------------on or in?
"- I link the policies wherever I want to;"
"- I link the policies wherever I want to;"
Created in; the empty OU becomes the container.
By linking the GPO wherever I mean I link it to multiple oU (if necessary).
By linking the GPO wherever I mean I link it to multiple oU (if necessary).
ASKER
Why wouldn't you just use the Group Policy Objects container?
How about the DNS question? If I have an external DNS server ip as the secondary, does this have adverse effects on GP?
How about the DNS question? If I have an external DNS server ip as the secondary, does this have adverse effects on GP?
No there's no problem on the GPO.
The approach I use in my AD assessments is the following:
- I create an empty OU that will become the placeholder of all GPOs (except the default 2 of course);
- I create policies "on" that OU;
- I link the policies wherever I want to;
This way I have a placeholder and GPOs without impact to AD; I can test them, linkining them to test OUs, assigning permissions etc, etc; I can unlink them from "production" without deleting them, modify them, test them again and start all over.
But this is only an approach.
For what regards the second part of your question , Karl12347 was more then exhaustive. Clients may have as many DNS servers as you have your AD (preferably of the site they belong).