Solved

Group policy 101

Posted on 2009-04-01
3
505 Views
Last Modified: 2012-06-22
I am trying to get the hang of group policy on sbs 2003 R2.

some questions:

a) any recommendation on an easy / complete tutorial / documentaiton on GP?
b) how do you find the entry you want to enable / disable?  There's sooo many!  I saw a spreadsheet for office 2003 GP entries.  is there one for windows itself?  Do you just get the hang of the key ones you need?  Is there a thinking on how to find what you want?
c) some things seem like they'd be for users but could also be computer.  Turning off autorun, for example.  that's under computer, but if you want it to affect all users, it could be under user?  Is there a rule of thumb where it will be / some are in 2 places, so where do you change it?

d) I tried making a new GPO (rather than edit the default ones that come with SBS - that's not the way to do it, right?).  Under GPOs, I right clicked and chose new.  then gave it a name . enabled some things.  then I dragged it up to the domain and a link was made, like all the default policies.  but then I ran the modeling wizard and that GPO wasn't in either the applied or denied GPOs.
but if I deleted the link, right click on the domain and choose link a gpo, then it worked.  can't drag and drop?

e) when do you use the modeling vs. results wizard

THANKS!
0
Comment
Question by:babaganoosh
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
Philip Elder earned 500 total points
ID: 24042272
1: Start with Jeremy Moskowitz's Green and Blue books! Awesome GP tools. www.gpanswers.com
2: GP Settings: http://www.microsoft.com/downloads/details.aspx?familyid=7821C32F-DA15-438D-8E48-45915CD2BC14&displaylang=en
3:
  A: If it applies to computers, then the settings are placed in a GPO that is linked to the SBSComputers OU or at the domain level.
  B: If it applies to users, then the settings are placed in a GPO that is linked to the SBSUsers OU or at the domain level.
4: We generally leave the default GPOs with SBS alone:
  Our SBS 2008 GPO layout which is somewhat similar to 2003:
  http://blog.mpecsinc.ca/2009/03/sbs-2008-mpecs-default-group-policy.html
5: Modelling versus GPResults: http://www.left-brain.com/tabId/65/itemId/1713/Active-Directory-Field-Guide.aspx

More on SBS related Group Policy: http://blog.mpecsinc.ca/search/label/Group%20Policy

Philip
 
0
 

Author Comment

by:babaganoosh
ID: 24044487
wow!  As usual, that's a load of great info.

I envision to experiment / test / play, I'll have the SBS machine in the lab open on 1 screen and a desktop machine open on another.

when I make a change to gp on the server, do I run gpupdate / force on the desktop or server?  And is that enough to see the changes made in GP or I need to log off?  Shut down?

thanks!
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 24044698
You would do the GPUpdate /Force on both server and workstation. Any workstation specific policy settings like startup scripts in the case of Office 2007 via GP would require a reboot.

Philip
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now