Avatar of puryear-it
Flag for United States of America asked on

What is your AD/GPO checklist?

We're working to come up with a set of standards that we will use across any client site for how AD is organized and for standard GPOs that we want to use (e.g., password complexity, desktop updates vs. server updates, screen saver passwords, etc).

What is on your list?
Active Directory

Avatar of undefined
Last Comment

8/22/2022 - Mon

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Speaking of standard for GPO:

Name of the GPO should spell out what the GPOs purpose is for and the targets it's intended for.  For example, US FINANCE HOME PAGE would be a good name.  It's nice to be able to see the name and have a pretty good idea not only what's inside the policy, but who it was designed to target.

Download GPMC (group policy management console) from microsoft and install it your dc. With this program you will take easy to manage your Group Policies,you will see all applied policy (or create new policies) according to Domain,Computers,OU one by one. (right click domain,computer,OU > select create and link GPO here > and right click policy and select edit,  that is all)

good luck


@arifkayaca, I have to ask: What the heck are you talking about? That has nothing to do with the question.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

@piattnd, sorry, I didn't do a good job of asking the question. I am versed in organizing AD via OU's. My question is what are the standard GPO's you find yourself creating for networks, e.g., a password policy, screensaver policy, etc? We have a list, and I'm curious what others have on their lists.

Ahh ok, yeah my bad on misunderstanding the question.

One policy that you haven't mentioned is a profile/folder redirection policy.  You may not use roaming profiles on your network, but the folder redirection policies make it a lot less likely for users to save their data to their local hard drives, which I presume are not backed up.  We use a combination of profile policy and folder redirection to minimize profile size while maximizing availability of their documents and desktop folders.

It's also not a bad idea to have a password policy to control power settings of the computers.  I don't know if your company has interest in being "green", but someday that topic may come up and you've already got a power policy in place, so you just have to modify it.

It's kinda hard to answer your question, because I'm not familiar at all with your environment or the requirements you may have.  I hope those have at least been somewhat helpful!  If you can clarify or narrow down exactly what you're looking for, I might have more ideas, but it's a pretty broad question. :)