Solved

Group policy processing - one versus multiple gpos decision

Posted on 2011-09-05
4
330 Views
Last Modified: 2012-05-12
Hi guys hope you are all well and can assist.
Guys I really need some clarification as to how group policies are applied and processed by machines.

What I'm failing to understand is this.

Scenario: Microsoft Office 2003 and 2007 USER group policy settings in the one gpo.
If a user logs on to a machine that has MS office 2007 installed, and this gpo gets applied, what happens to the office 2003 settings in this gpo?
Do they get ignored? Do they still get applied eg.get entered into the systems registry, but have no effect?
Conversely, if that same user went to a machine that had office 2003 installed, what happens to the office 2007 settings?
Does it slow down Logon time due to all settings getting processed?
What I'm trying to understand is whether it is better to break up this gpo into multiple gpos - one for each version of office, or whether it is best practice to leave them all in the same gpo?
Is there extra overhead in terms of time spent processing the gpo if all office settings for all versions are placed in the one gpo, as opposed to breaking it up into one gpo per office version?
Also, is is true that if a machine has for example, office 2007 installed, that it will only apply office 2007 settings from the gpo and not other settings from the gpo for other versions of office? Is this because the client reads the gpo and first checks what settings is applicable to itself? Or, if the user is meant to get the gpo, does it apply EVERY setting withinthe gpo regardless of office version? This is what I need to understand.

Sorry if this is a long question..I really want to understand this.
Any help greatly appreciated.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
myhc earned 250 total points
ID: 36485777
All settings get appied. It will show down but not much (you won't notice it)

I would break them up and create a group security for 2003 & 2007 so only the settings I want get applied.

As far as i'm aware all settings are applied. they all end up as REG changes.
(you can make your own adm files to control any REG key, so it doesn't require anything special as you could have made that ADM file yourself... and then it would have applied the settings.
0
 
LVL 11

Assisted Solution

by:Ackles
Ackles earned 250 total points
ID: 36487434
Simon,
If you look at the Operational Logs of Group Policy, you will see it actually takes Milliseconds to apply, which you won't even notice.
Remember, its not the Messanger but the message what is culprit in GPO.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 36488003
Thanks guys.
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36488047
Thanks Simon.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question