Link to home
Create AccountLog in
Avatar of puryear-it
puryear-itFlag for United States of America

asked on

What is your AD/GPO checklist?

We're working to come up with a set of standards that we will use across any client site for how AD is organized and for standard GPOs that we want to use (e.g., password complexity, desktop updates vs. server updates, screen saver passwords, etc).

What is on your list?
ASKER CERTIFIED SOLUTION
Avatar of piattnd
piattnd

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of piattnd
piattnd

Speaking of standard for GPO:

Name of the GPO should spell out what the GPOs purpose is for and the targets it's intended for.  For example, US FINANCE HOME PAGE would be a good name.  It's nice to be able to see the name and have a pretty good idea not only what's inside the policy, but who it was designed to target.
Download GPMC (group policy management console) from microsoft and install it your dc. With this program you will take easy to manage your Group Policies,you will see all applied policy (or create new policies) according to Domain,Computers,OU one by one. (right click domain,computer,OU > select create and link GPO here > and right click policy and select edit,  that is all)


good luck

Avatar of puryear-it

ASKER

@arifkayaca, I have to ask: What the heck are you talking about? That has nothing to do with the question.
@piattnd, sorry, I didn't do a good job of asking the question. I am versed in organizing AD via OU's. My question is what are the standard GPO's you find yourself creating for networks, e.g., a password policy, screensaver policy, etc? We have a list, and I'm curious what others have on their lists.
Ahh ok, yeah my bad on misunderstanding the question.

One policy that you haven't mentioned is a profile/folder redirection policy.  You may not use roaming profiles on your network, but the folder redirection policies make it a lot less likely for users to save their data to their local hard drives, which I presume are not backed up.  We use a combination of profile policy and folder redirection to minimize profile size while maximizing availability of their documents and desktop folders.

It's also not a bad idea to have a password policy to control power settings of the computers.  I don't know if your company has interest in being "green", but someday that topic may come up and you've already got a power policy in place, so you just have to modify it.

It's kinda hard to answer your question, because I'm not familiar at all with your environment or the requirements you may have.  I hope those have at least been somewhat helpful!  If you can clarify or narrow down exactly what you're looking for, I might have more ideas, but it's a pretty broad question. :)