• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1087
  • Last Modified:

GPO best practices

Hi, i'm wondering when designing GPOs, is it best to have bigger GPOs with multiple settings in it, or create multiple, smaller GPOs with fewer settings in them?

I'm presuming fewer, but bigger GPOs would process faster but would be more difficult to manage?

Thanks.
0
paulo999
Asked:
paulo999
6 Solutions
 
pzozulkaCommented:
I prefer any method that will allow IT Administration the most management. This would be many, smaller GPOs to allow for optimal management capablility.
0
 
sk_raja_rajaCommented:
I would suggest you to download and install "Group Policy Management console" and then design the group policies...If you have a very good organized OU, GPO design will be more effective. You can have any no of group policies in your domain but, to manage it more effectively less policies with more setting will make sense.

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
ngailfusCommented:
We use larger policies for global settings (applies to all users/computers).  We then use smaller policies for printer deployments, software installation, scripts, and custom settings for sepecific users.  Other tricks include disabling User config or Computer config based on what the policy does.  This shaves a little off the processing time.  For example, a policy with a start up script or other computer based policies only can have the User configuration settings disabled.  
0
 
AnthonyP9618Commented:
It's easier to split things into easily manageable parts.  For example, I would recommend 4 different areas for managing GPOs.

1. User Experience (desktop, icons, backgrounds, etc..)
2. Control Panel (access to cmd shell, install/remove programs)
3. Security (Any type of security.. e.g NTFS security)
4. Internet Explorer (IE branding, removing Advanced tab)

So when changes occur, it's fairly trivial to find out where the new setting would go.  It keeps things neat and tidy and helps Administrators find where certain settings may actually be set at.

0
 
AmericomCommented:
Most importantly, give the GPO a meaningful name. GPO naming can help identify, organize, and catagorize the usage of all your GPOs.
Also, Unless the GPO required both User Configuration and Computer Configuration, otherwise disable the one not being used.
0
 
paulo999Author Commented:
Thanks for all the comments
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now