Solved

More or fewer group policy objects?

Posted on 2009-05-06
3
326 Views
Last Modified: 2012-05-06
Understanding there is not a black and white answer, in general terms is it preferable to structure group policy objects so that each one contains more rules, and so you end up with a group having fewer GPOs applied, or is it better to have more GPOs, each containing a more specific type of rules?

Conceptually I prefer the having more GPOs that have more specific purposes but I am wondering if there is any impact on performance, login time, odds of getting policies properly applied, etc. by one approach or the other.

From your experiences, which approach do you prefer?
0
Comment
Question by:rwilsonz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 150 total points
ID: 24317347

The more Group Policy Objects you create, the longer the time it will take to process them. That is a fact; there's no getting away from it. The time added by using a few extra GPOs though will be milliseconds, compared with the other policies you are applying.

I always configure policies not based on what settings they apply but based on what they apply to. For example, I would create a 'Domain Admins Policy' or a 'Standard Users Policy', rather than a 'Lock Down Desktop' policy.

You may find, however, that using separate policies for different types of settings works better for you. If this increases your ease to administer the network, this is the route to take, since it will help you understand your configuration better. You will also be able to troubleshoot policy problems as they arise more easily with a system you are comfortable with.

-Matt
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 350 total points
ID: 24317414
I also prefer "functional" GPOs but there is no one absolute answer
My goto article for this question is by Group Policy MVP Darren Mar-Elia
http://technet.microsoft.com/en-us/magazine/cc137720.aspx
Optimizing Group Policy Performance
Great article and figure 1 has some good info.
Thanks
MIke
 
 
0
 

Author Closing Comment

by:rwilsonz
ID: 31578579
Thanks for your responses.  They were very helpful, particularly the link from mkline71.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question