Solved

Active DIrectory 2003 Group Policy Slicing

Posted on 2011-02-21
8
190 Views
Last Modified: 2012-05-11
I thinkk I have seen a technique where a new Group Policy is created and the set of objects in the policy is very focused on a few items, not the usual FULL set of objects usually present.
IE: Just setting the IE Policy to set the cache size.
What is the procedure for getting JUST the SubSet of settings from "somewhere" and using them for a new Group Policy object?

I have seen this type of GPO frpom another technician but I don't know how he did it.
0
Comment
Question by:NaplesFLDave
8 Comments
 
LVL 3

Expert Comment

by:thomasd04
Comment Utility
Hi NaplesFLDave. I'm not sure I understand the objective. Are you asking how to use multiple GPOs; with each one only addressing specific policies or settings? If I understand you correctly, you can have as many GPOs as you like. And each one can be tailored for any one or more specific settings you want. Do you have an idea on what you want each GPO to do?
0
 

Author Comment

by:NaplesFLDave
Comment Utility
What I'm referring to is that usually when you add a new GPolicy you get a full list of Computer and User objects to drill into to make changes to. I have seen some GPolicy objects that only have a few settings in them. Like they have been copied out of another FULL template. How would I do this kind of Specific item selection for a new Policy?
0
 
LVL 24

Expert Comment

by:MojoTech
Comment Utility
I think you are refering to Custom ADM / ADMX templates so google those terms for a bunch of info.
0
 
LVL 3

Expert Comment

by:thomasd04
Comment Utility
Do you have any GPOs configured now?

Perhaps you're looking to create custom ADM or ADMX templates?
For Windows 2008: http://technet.microsoft.com/en-us/library/cc753471(WS.10).aspx
For prior versions: http://support.microsoft.com/kb/323639 or http://thelazyadmin.com/blogs/thelazyadmin/archive/2005/07/05/Creating-Custom-ADM-Templates.aspx.

I hope this helps.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:NaplesFLDave
Comment Utility
I asked another tech and instructed me as follows to get what I was trying to explain. I created a new Policy and selected NONE for the starup template. Then I edited the policy, selecting the items I wanted to adjust and they get added top the policy. Doing it this way eliminates all the usual large group of settings that would be included in the policy even if they were not configured. Thins it down nicely.
Thank you for the pointers for the Custom ADMs. I'll look into that also.
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 500 total points
Comment Utility
Hi,

What you are talking about is the Started GPO in Server 2008. If you have Server 2008, then you can create a Started GPO and then use it as the subset to create another GPO with desired settings. Since you Server 2003 you may not be able to use them.

I am including the two links for your understanding
http://technet.microsoft.com/en-us/library/dd367854%28WS.10%29.aspx

Sample of starter GPO
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=AE3DDBA7-AF7A-4274-9D34-1AD96576E823

I hope this the one that you are looking for.
0
 

Author Comment

by:NaplesFLDave
Comment Utility
That seems to be pretty close. I actually have (3) AD Controllers. AD1 and AD2 are 2003 R2 and AD3 is 2008R2. I can use the Windows 7 (RSAT)Administration Tools GPM to create the new policy. Except unlike using the STARTER GPO's I selected NONE, so as not to bring over a bunch un-needed settings. Using NONE allows me to just select the one or two items that I actually need to adjust to my policy from the "left pane" to the right pane. I suppose that using the STARTER GPO templates that I could achieve the same thing. I have not tried that method yet.

Thanks.
0
 

Author Closing Comment

by:NaplesFLDave
Comment Utility
There is a mass of info to filter through.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now