Solved

Active DIrectory 2003 Group Policy Slicing

Posted on 2011-02-21
8
204 Views
Last Modified: 2012-05-11
I thinkk I have seen a technique where a new Group Policy is created and the set of objects in the policy is very focused on a few items, not the usual FULL set of objects usually present.
IE: Just setting the IE Policy to set the cache size.
What is the procedure for getting JUST the SubSet of settings from "somewhere" and using them for a new Group Policy object?

I have seen this type of GPO frpom another technician but I don't know how he did it.
0
Comment
Question by:NaplesFLDave
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 3

Expert Comment

by:thomasd04
ID: 34943538
Hi NaplesFLDave. I'm not sure I understand the objective. Are you asking how to use multiple GPOs; with each one only addressing specific policies or settings? If I understand you correctly, you can have as many GPOs as you like. And each one can be tailored for any one or more specific settings you want. Do you have an idea on what you want each GPO to do?
0
 

Author Comment

by:NaplesFLDave
ID: 34943799
What I'm referring to is that usually when you add a new GPolicy you get a full list of Computer and User objects to drill into to make changes to. I have seen some GPolicy objects that only have a few settings in them. Like they have been copied out of another FULL template. How would I do this kind of Specific item selection for a new Policy?
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 34943832
I think you are refering to Custom ADM / ADMX templates so google those terms for a bunch of info.
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 3

Expert Comment

by:thomasd04
ID: 34943888
Do you have any GPOs configured now?

Perhaps you're looking to create custom ADM or ADMX templates?
For Windows 2008: http://technet.microsoft.com/en-us/library/cc753471(WS.10).aspx
For prior versions: http://support.microsoft.com/kb/323639 or http://thelazyadmin.com/blogs/thelazyadmin/archive/2005/07/05/Creating-Custom-ADM-Templates.aspx.

I hope this helps.
0
 

Author Comment

by:NaplesFLDave
ID: 34944160
I asked another tech and instructed me as follows to get what I was trying to explain. I created a new Policy and selected NONE for the starup template. Then I edited the policy, selecting the items I wanted to adjust and they get added top the policy. Doing it this way eliminates all the usual large group of settings that would be included in the policy even if they were not configured. Thins it down nicely.
Thank you for the pointers for the Custom ADMs. I'll look into that also.
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 500 total points
ID: 34944997
Hi,

What you are talking about is the Started GPO in Server 2008. If you have Server 2008, then you can create a Started GPO and then use it as the subset to create another GPO with desired settings. Since you Server 2003 you may not be able to use them.

I am including the two links for your understanding
http://technet.microsoft.com/en-us/library/dd367854%28WS.10%29.aspx

Sample of starter GPO
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=AE3DDBA7-AF7A-4274-9D34-1AD96576E823

I hope this the one that you are looking for.
0
 

Author Comment

by:NaplesFLDave
ID: 34945165
That seems to be pretty close. I actually have (3) AD Controllers. AD1 and AD2 are 2003 R2 and AD3 is 2008R2. I can use the Windows 7 (RSAT)Administration Tools GPM to create the new policy. Except unlike using the STARTER GPO's I selected NONE, so as not to bring over a bunch un-needed settings. Using NONE allows me to just select the one or two items that I actually need to adjust to my policy from the "left pane" to the right pane. I suppose that using the STARTER GPO templates that I could achieve the same thing. I have not tried that method yet.

Thanks.
0
 

Author Closing Comment

by:NaplesFLDave
ID: 36924255
There is a mass of info to filter through.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question