?
Solved

Group policy 101

Posted on 2009-04-01
3
Medium Priority
?
558 Views
Last Modified: 2012-06-22
I am trying to get the hang of group policy on sbs 2003 R2.

some questions:

a) any recommendation on an easy / complete tutorial / documentaiton on GP?
b) how do you find the entry you want to enable / disable?  There's sooo many!  I saw a spreadsheet for office 2003 GP entries.  is there one for windows itself?  Do you just get the hang of the key ones you need?  Is there a thinking on how to find what you want?
c) some things seem like they'd be for users but could also be computer.  Turning off autorun, for example.  that's under computer, but if you want it to affect all users, it could be under user?  Is there a rule of thumb where it will be / some are in 2 places, so where do you change it?

d) I tried making a new GPO (rather than edit the default ones that come with SBS - that's not the way to do it, right?).  Under GPOs, I right clicked and chose new.  then gave it a name . enabled some things.  then I dragged it up to the domain and a link was made, like all the default policies.  but then I ran the modeling wizard and that GPO wasn't in either the applied or denied GPOs.
but if I deleted the link, right click on the domain and choose link a gpo, then it worked.  can't drag and drop?

e) when do you use the modeling vs. results wizard

THANKS!
0
Comment
Question by:babaganoosh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 39

Accepted Solution

by:
Philip Elder earned 2000 total points
ID: 24042272
1: Start with Jeremy Moskowitz's Green and Blue books! Awesome GP tools. www.gpanswers.com
2: GP Settings: http://www.microsoft.com/downloads/details.aspx?familyid=7821C32F-DA15-438D-8E48-45915CD2BC14&displaylang=en
3:
  A: If it applies to computers, then the settings are placed in a GPO that is linked to the SBSComputers OU or at the domain level.
  B: If it applies to users, then the settings are placed in a GPO that is linked to the SBSUsers OU or at the domain level.
4: We generally leave the default GPOs with SBS alone:
  Our SBS 2008 GPO layout which is somewhat similar to 2003:
  http://blog.mpecsinc.ca/2009/03/sbs-2008-mpecs-default-group-policy.html
5: Modelling versus GPResults: http://www.left-brain.com/tabId/65/itemId/1713/Active-Directory-Field-Guide.aspx

More on SBS related Group Policy: http://blog.mpecsinc.ca/search/label/Group%20Policy

Philip
 
0
 

Author Comment

by:babaganoosh
ID: 24044487
wow!  As usual, that's a load of great info.

I envision to experiment / test / play, I'll have the SBS machine in the lab open on 1 screen and a desktop machine open on another.

when I make a change to gp on the server, do I run gpupdate / force on the desktop or server?  And is that enough to see the changes made in GP or I need to log off?  Shut down?

thanks!
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 24044698
You would do the GPUpdate /Force on both server and workstation. Any workstation specific policy settings like startup scripts in the case of Office 2007 via GP would require a reboot.

Philip
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question