Solved

Group policy 101

Posted on 2009-04-01
3
521 Views
Last Modified: 2012-06-22
I am trying to get the hang of group policy on sbs 2003 R2.

some questions:

a) any recommendation on an easy / complete tutorial / documentaiton on GP?
b) how do you find the entry you want to enable / disable?  There's sooo many!  I saw a spreadsheet for office 2003 GP entries.  is there one for windows itself?  Do you just get the hang of the key ones you need?  Is there a thinking on how to find what you want?
c) some things seem like they'd be for users but could also be computer.  Turning off autorun, for example.  that's under computer, but if you want it to affect all users, it could be under user?  Is there a rule of thumb where it will be / some are in 2 places, so where do you change it?

d) I tried making a new GPO (rather than edit the default ones that come with SBS - that's not the way to do it, right?).  Under GPOs, I right clicked and chose new.  then gave it a name . enabled some things.  then I dragged it up to the domain and a link was made, like all the default policies.  but then I ran the modeling wizard and that GPO wasn't in either the applied or denied GPOs.
but if I deleted the link, right click on the domain and choose link a gpo, then it worked.  can't drag and drop?

e) when do you use the modeling vs. results wizard

THANKS!
0
Comment
Question by:babaganoosh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 39

Accepted Solution

by:
Philip Elder earned 500 total points
ID: 24042272
1: Start with Jeremy Moskowitz's Green and Blue books! Awesome GP tools. www.gpanswers.com
2: GP Settings: http://www.microsoft.com/downloads/details.aspx?familyid=7821C32F-DA15-438D-8E48-45915CD2BC14&displaylang=en
3:
  A: If it applies to computers, then the settings are placed in a GPO that is linked to the SBSComputers OU or at the domain level.
  B: If it applies to users, then the settings are placed in a GPO that is linked to the SBSUsers OU or at the domain level.
4: We generally leave the default GPOs with SBS alone:
  Our SBS 2008 GPO layout which is somewhat similar to 2003:
  http://blog.mpecsinc.ca/2009/03/sbs-2008-mpecs-default-group-policy.html
5: Modelling versus GPResults: http://www.left-brain.com/tabId/65/itemId/1713/Active-Directory-Field-Guide.aspx

More on SBS related Group Policy: http://blog.mpecsinc.ca/search/label/Group%20Policy

Philip
 
0
 

Author Comment

by:babaganoosh
ID: 24044487
wow!  As usual, that's a load of great info.

I envision to experiment / test / play, I'll have the SBS machine in the lab open on 1 screen and a desktop machine open on another.

when I make a change to gp on the server, do I run gpupdate / force on the desktop or server?  And is that enough to see the changes made in GP or I need to log off?  Shut down?

thanks!
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 24044698
You would do the GPUpdate /Force on both server and workstation. Any workstation specific policy settings like startup scripts in the case of Office 2007 via GP would require a reboot.

Philip
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question