?
Solved

More or fewer group policy objects?

Posted on 2009-05-06
3
Medium Priority
?
330 Views
Last Modified: 2012-05-06
Understanding there is not a black and white answer, in general terms is it preferable to structure group policy objects so that each one contains more rules, and so you end up with a group having fewer GPOs applied, or is it better to have more GPOs, each containing a more specific type of rules?

Conceptually I prefer the having more GPOs that have more specific purposes but I am wondering if there is any impact on performance, login time, odds of getting policies properly applied, etc. by one approach or the other.

From your experiences, which approach do you prefer?
0
Comment
Question by:rwilsonz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 600 total points
ID: 24317347

The more Group Policy Objects you create, the longer the time it will take to process them. That is a fact; there's no getting away from it. The time added by using a few extra GPOs though will be milliseconds, compared with the other policies you are applying.

I always configure policies not based on what settings they apply but based on what they apply to. For example, I would create a 'Domain Admins Policy' or a 'Standard Users Policy', rather than a 'Lock Down Desktop' policy.

You may find, however, that using separate policies for different types of settings works better for you. If this increases your ease to administer the network, this is the route to take, since it will help you understand your configuration better. You will also be able to troubleshoot policy problems as they arise more easily with a system you are comfortable with.

-Matt
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1400 total points
ID: 24317414
I also prefer "functional" GPOs but there is no one absolute answer
My goto article for this question is by Group Policy MVP Darren Mar-Elia
http://technet.microsoft.com/en-us/magazine/cc137720.aspx
Optimizing Group Policy Performance
Great article and figure 1 has some good info.
Thanks
MIke
 
 
0
 

Author Closing Comment

by:rwilsonz
ID: 31578579
Thanks for your responses.  They were very helpful, particularly the link from mkline71.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
A hard and fast method for reducing Active Directory Administrators members.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question