Link to home
Create AccountLog in
Avatar of zen_68
zen_68

asked on

Group Policy Procedure

1. What is the best procedure for creating and implementing a new policy.

A. Create policy and link to the domain, specify who it applies to with the security filtering
B. Create OU, move users???  create and link GPO to OU?

2. Must all users in the domain have 1 single dns server, the AD DNS server ip?
3. I created a test GPO and linked it to the domain, added group at the bottom. Didn't work
    I then added an individual user from that group, then it worked. I'm puzzled.

I'm just getting my feet wet as you can see and  appreciate the help.
ASKER CERTIFIED SOLUTION
Avatar of Karl12347
Karl12347
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of r_panos
r_panos

Karl12347 is right, there's no right or wrong way.

The approach I use in my AD assessments is the following:

- I create an empty OU that will become the placeholder of all GPOs (except the default 2 of course);
- I create policies "on" that OU;
- I link the policies wherever I want to;

This way I have a placeholder and GPOs without impact to AD; I can test them, linkining them to test OUs, assigning permissions etc, etc; I can unlink them from "production" without deleting them, modify them, test them again and start all over.

But this is only an approach.

For what regards the second part of your question , Karl12347 was more then exhaustive. Clients may have as many DNS servers as you have your AD (preferably of the site they belong).
Avatar of zen_68

ASKER

On some clients I have a secondary dns which is not an AD dns server in case the DC (our only DC) would be unavailable, they would still have internet access. Stupid? Will this prevent GPO's from working? I read that on a post here about only having the AD DNS server entry.

No DHCP......all static
Avatar of zen_68

ASKER

"- I create policies "on" that OU;" ------------on or in?
"- I link the policies wherever I want to;"
Created in; the empty OU becomes the container.

By linking the GPO wherever I mean I link it to multiple oU (if necessary).
Avatar of zen_68

ASKER

Why wouldn't you just use the Group Policy Objects container?

How about the DNS question? If I have an external DNS server ip as the secondary, does this have adverse effects on GP?
No there's no problem on the GPO.