Solved

Active DIrectory 2003 Group Policy Slicing

Posted on 2011-02-21
8
193 Views
Last Modified: 2012-05-11
I thinkk I have seen a technique where a new Group Policy is created and the set of objects in the policy is very focused on a few items, not the usual FULL set of objects usually present.
IE: Just setting the IE Policy to set the cache size.
What is the procedure for getting JUST the SubSet of settings from "somewhere" and using them for a new Group Policy object?

I have seen this type of GPO frpom another technician but I don't know how he did it.
0
Comment
Question by:NaplesFLDave
8 Comments
 
LVL 3

Expert Comment

by:thomasd04
ID: 34943538
Hi NaplesFLDave. I'm not sure I understand the objective. Are you asking how to use multiple GPOs; with each one only addressing specific policies or settings? If I understand you correctly, you can have as many GPOs as you like. And each one can be tailored for any one or more specific settings you want. Do you have an idea on what you want each GPO to do?
0
 

Author Comment

by:NaplesFLDave
ID: 34943799
What I'm referring to is that usually when you add a new GPolicy you get a full list of Computer and User objects to drill into to make changes to. I have seen some GPolicy objects that only have a few settings in them. Like they have been copied out of another FULL template. How would I do this kind of Specific item selection for a new Policy?
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 34943832
I think you are refering to Custom ADM / ADMX templates so google those terms for a bunch of info.
0
 
LVL 3

Expert Comment

by:thomasd04
ID: 34943888
Do you have any GPOs configured now?

Perhaps you're looking to create custom ADM or ADMX templates?
For Windows 2008: http://technet.microsoft.com/en-us/library/cc753471(WS.10).aspx
For prior versions: http://support.microsoft.com/kb/323639 or http://thelazyadmin.com/blogs/thelazyadmin/archive/2005/07/05/Creating-Custom-ADM-Templates.aspx.

I hope this helps.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:NaplesFLDave
ID: 34944160
I asked another tech and instructed me as follows to get what I was trying to explain. I created a new Policy and selected NONE for the starup template. Then I edited the policy, selecting the items I wanted to adjust and they get added top the policy. Doing it this way eliminates all the usual large group of settings that would be included in the policy even if they were not configured. Thins it down nicely.
Thank you for the pointers for the Custom ADMs. I'll look into that also.
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 500 total points
ID: 34944997
Hi,

What you are talking about is the Started GPO in Server 2008. If you have Server 2008, then you can create a Started GPO and then use it as the subset to create another GPO with desired settings. Since you Server 2003 you may not be able to use them.

I am including the two links for your understanding
http://technet.microsoft.com/en-us/library/dd367854%28WS.10%29.aspx

Sample of starter GPO
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=AE3DDBA7-AF7A-4274-9D34-1AD96576E823

I hope this the one that you are looking for.
0
 

Author Comment

by:NaplesFLDave
ID: 34945165
That seems to be pretty close. I actually have (3) AD Controllers. AD1 and AD2 are 2003 R2 and AD3 is 2008R2. I can use the Windows 7 (RSAT)Administration Tools GPM to create the new policy. Except unlike using the STARTER GPO's I selected NONE, so as not to bring over a bunch un-needed settings. Using NONE allows me to just select the one or two items that I actually need to adjust to my policy from the "left pane" to the right pane. I suppose that using the STARTER GPO templates that I could achieve the same thing. I have not tried that method yet.

Thanks.
0
 

Author Closing Comment

by:NaplesFLDave
ID: 36924255
There is a mass of info to filter through.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now