Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Active DIrectory 2003 Group Policy Slicing

Posted on 2011-02-21
8
Medium Priority
?
213 Views
Last Modified: 2012-05-11
I thinkk I have seen a technique where a new Group Policy is created and the set of objects in the policy is very focused on a few items, not the usual FULL set of objects usually present.
IE: Just setting the IE Policy to set the cache size.
What is the procedure for getting JUST the SubSet of settings from "somewhere" and using them for a new Group Policy object?

I have seen this type of GPO frpom another technician but I don't know how he did it.
0
Comment
Question by:NaplesFLDave
8 Comments
 
LVL 3

Expert Comment

by:thomasd04
ID: 34943538
Hi NaplesFLDave. I'm not sure I understand the objective. Are you asking how to use multiple GPOs; with each one only addressing specific policies or settings? If I understand you correctly, you can have as many GPOs as you like. And each one can be tailored for any one or more specific settings you want. Do you have an idea on what you want each GPO to do?
0
 

Author Comment

by:NaplesFLDave
ID: 34943799
What I'm referring to is that usually when you add a new GPolicy you get a full list of Computer and User objects to drill into to make changes to. I have seen some GPolicy objects that only have a few settings in them. Like they have been copied out of another FULL template. How would I do this kind of Specific item selection for a new Policy?
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 34943832
I think you are refering to Custom ADM / ADMX templates so google those terms for a bunch of info.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 3

Expert Comment

by:thomasd04
ID: 34943888
Do you have any GPOs configured now?

Perhaps you're looking to create custom ADM or ADMX templates?
For Windows 2008: http://technet.microsoft.com/en-us/library/cc753471(WS.10).aspx
For prior versions: http://support.microsoft.com/kb/323639 or http://thelazyadmin.com/blogs/thelazyadmin/archive/2005/07/05/Creating-Custom-ADM-Templates.aspx.

I hope this helps.
0
 

Author Comment

by:NaplesFLDave
ID: 34944160
I asked another tech and instructed me as follows to get what I was trying to explain. I created a new Policy and selected NONE for the starup template. Then I edited the policy, selecting the items I wanted to adjust and they get added top the policy. Doing it this way eliminates all the usual large group of settings that would be included in the policy even if they were not configured. Thins it down nicely.
Thank you for the pointers for the Custom ADMs. I'll look into that also.
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 1500 total points
ID: 34944997
Hi,

What you are talking about is the Started GPO in Server 2008. If you have Server 2008, then you can create a Started GPO and then use it as the subset to create another GPO with desired settings. Since you Server 2003 you may not be able to use them.

I am including the two links for your understanding
http://technet.microsoft.com/en-us/library/dd367854%28WS.10%29.aspx

Sample of starter GPO
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=AE3DDBA7-AF7A-4274-9D34-1AD96576E823

I hope this the one that you are looking for.
0
 

Author Comment

by:NaplesFLDave
ID: 34945165
That seems to be pretty close. I actually have (3) AD Controllers. AD1 and AD2 are 2003 R2 and AD3 is 2008R2. I can use the Windows 7 (RSAT)Administration Tools GPM to create the new policy. Except unlike using the STARTER GPO's I selected NONE, so as not to bring over a bunch un-needed settings. Using NONE allows me to just select the one or two items that I actually need to adjust to my policy from the "left pane" to the right pane. I suppose that using the STARTER GPO templates that I could achieve the same thing. I have not tried that method yet.

Thanks.
0
 

Author Closing Comment

by:NaplesFLDave
ID: 36924255
There is a mass of info to filter through.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question