Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

More or fewer group policy objects?

Posted on 2009-05-06
3
Medium Priority
?
331 Views
Last Modified: 2012-05-06
Understanding there is not a black and white answer, in general terms is it preferable to structure group policy objects so that each one contains more rules, and so you end up with a group having fewer GPOs applied, or is it better to have more GPOs, each containing a more specific type of rules?

Conceptually I prefer the having more GPOs that have more specific purposes but I am wondering if there is any impact on performance, login time, odds of getting policies properly applied, etc. by one approach or the other.

From your experiences, which approach do you prefer?
0
Comment
Question by:rwilsonz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 600 total points
ID: 24317347

The more Group Policy Objects you create, the longer the time it will take to process them. That is a fact; there's no getting away from it. The time added by using a few extra GPOs though will be milliseconds, compared with the other policies you are applying.

I always configure policies not based on what settings they apply but based on what they apply to. For example, I would create a 'Domain Admins Policy' or a 'Standard Users Policy', rather than a 'Lock Down Desktop' policy.

You may find, however, that using separate policies for different types of settings works better for you. If this increases your ease to administer the network, this is the route to take, since it will help you understand your configuration better. You will also be able to troubleshoot policy problems as they arise more easily with a system you are comfortable with.

-Matt
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1400 total points
ID: 24317414
I also prefer "functional" GPOs but there is no one absolute answer
My goto article for this question is by Group Policy MVP Darren Mar-Elia
http://technet.microsoft.com/en-us/magazine/cc137720.aspx
Optimizing Group Policy Performance
Great article and figure 1 has some good info.
Thanks
MIke
 
 
0
 

Author Closing Comment

by:rwilsonz
ID: 31578579
Thanks for your responses.  They were very helpful, particularly the link from mkline71.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question