Solved

GPMC Newbie Question

Posted on 2011-03-22
7
313 Views
Last Modified: 2012-06-27
I'm pretty new to group policies.  I've dabbled with disabling Windows features and such, but never used GPO's for their true potential.  I want to implement a group policy server on my network, mostly for the purpose of publishing software to AD users and assigning printers.  My network still has a Windows 2003 domain controller at the heart of it, but there are several Windows 2008 R2 servers as well.  My question is, where would I install the GPMC features?  Do they need installed on the DC, or can I install it on any server?  
0
Comment
Question by:ND02G
7 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35191082
Group policy is already installed when you set up a domain. On a windows 7 machine, install RSAT. This will give you the group policy management console.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 35191115
GPMC is included as standard in 2008, with 2003 it can be installed if its not there already.

It must be installed/used on a machine that has the Admin Tools/Remote Server Admin Tools installed, this need not be the DC.
0
 

Author Comment

by:ND02G
ID: 35191165
Thanks KCTS, that question being answered.. Would it be better practice to have an entire server dedicated to group policies?  Or is that overkill?  I have maybe 200 AD users total...
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 35191169
Good screenshots of the GPMC install in 2008 R2  http://www.gpanswers.com/home/135-gpmc/668-group-policy-the-gpmcits-part-of-the-operating-system.html

If you are new to group policy the most important thing is always try and test first before deploying a policy.  (even if it is just to test OU if you don't have a lab)

You may also want to look into some of these resources  http://adisfun.blogspot.com/2009/07/group-policy-recomendations.html

Thanks

Mike
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 35191181
You should install on Windows 7 and/or Windows 2008 R2. You won't have access to all of the policy settings if you are doing configuration from XP/2003.

To do printer assignments your XP clients need to be running SP3 (which they should be anyway) and Group Policy Preferences.  It can be installed manually or through WSUS. I don't know if a machine just using Automatic Updates will get it.  
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35191189
The Group policies will be stored on the DC(s) - The GPMC simply allows them to be edited - they will still be stored on the DC(s) even if you enit them from another machine.
0
 

Author Comment

by:ND02G
ID: 35191196
I'll be handing out 500 points questions all week until I get this up and running.  If anyone wants to follow me on EE and lend a hand, it will be rewarded nicely :)
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question