Solved

More or fewer group policy objects?

Posted on 2009-05-06
3
327 Views
Last Modified: 2012-05-06
Understanding there is not a black and white answer, in general terms is it preferable to structure group policy objects so that each one contains more rules, and so you end up with a group having fewer GPOs applied, or is it better to have more GPOs, each containing a more specific type of rules?

Conceptually I prefer the having more GPOs that have more specific purposes but I am wondering if there is any impact on performance, login time, odds of getting policies properly applied, etc. by one approach or the other.

From your experiences, which approach do you prefer?
0
Comment
Question by:rwilsonz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 150 total points
ID: 24317347

The more Group Policy Objects you create, the longer the time it will take to process them. That is a fact; there's no getting away from it. The time added by using a few extra GPOs though will be milliseconds, compared with the other policies you are applying.

I always configure policies not based on what settings they apply but based on what they apply to. For example, I would create a 'Domain Admins Policy' or a 'Standard Users Policy', rather than a 'Lock Down Desktop' policy.

You may find, however, that using separate policies for different types of settings works better for you. If this increases your ease to administer the network, this is the route to take, since it will help you understand your configuration better. You will also be able to troubleshoot policy problems as they arise more easily with a system you are comfortable with.

-Matt
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 350 total points
ID: 24317414
I also prefer "functional" GPOs but there is no one absolute answer
My goto article for this question is by Group Policy MVP Darren Mar-Elia
http://technet.microsoft.com/en-us/magazine/cc137720.aspx
Optimizing Group Policy Performance
Great article and figure 1 has some good info.
Thanks
MIke
 
 
0
 

Author Closing Comment

by:rwilsonz
ID: 31578579
Thanks for your responses.  They were very helpful, particularly the link from mkline71.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question