Solved

Group policy processing - one versus multiple gpos decision

Posted on 2011-09-05
4
316 Views
Last Modified: 2012-05-12
Hi guys hope you are all well and can assist.
Guys I really need some clarification as to how group policies are applied and processed by machines.

What I'm failing to understand is this.

Scenario: Microsoft Office 2003 and 2007 USER group policy settings in the one gpo.
If a user logs on to a machine that has MS office 2007 installed, and this gpo gets applied, what happens to the office 2003 settings in this gpo?
Do they get ignored? Do they still get applied eg.get entered into the systems registry, but have no effect?
Conversely, if that same user went to a machine that had office 2003 installed, what happens to the office 2007 settings?
Does it slow down Logon time due to all settings getting processed?
What I'm trying to understand is whether it is better to break up this gpo into multiple gpos - one for each version of office, or whether it is best practice to leave them all in the same gpo?
Is there extra overhead in terms of time spent processing the gpo if all office settings for all versions are placed in the one gpo, as opposed to breaking it up into one gpo per office version?
Also, is is true that if a machine has for example, office 2007 installed, that it will only apply office 2007 settings from the gpo and not other settings from the gpo for other versions of office? Is this because the client reads the gpo and first checks what settings is applicable to itself? Or, if the user is meant to get the gpo, does it apply EVERY setting withinthe gpo regardless of office version? This is what I need to understand.

Sorry if this is a long question..I really want to understand this.
Any help greatly appreciated.
0
Comment
Question by:Simon336697
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
myhc earned 250 total points
ID: 36485777
All settings get appied. It will show down but not much (you won't notice it)

I would break them up and create a group security for 2003 & 2007 so only the settings I want get applied.

As far as i'm aware all settings are applied. they all end up as REG changes.
(you can make your own adm files to control any REG key, so it doesn't require anything special as you could have made that ADM file yourself... and then it would have applied the settings.
0
 
LVL 11

Assisted Solution

by:Ackles
Ackles earned 250 total points
ID: 36487434
Simon,
If you look at the Operational Logs of Group Policy, you will see it actually takes Milliseconds to apply, which you won't even notice.
Remember, its not the Messanger but the message what is culprit in GPO.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 36488003
Thanks guys.
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36488047
Thanks Simon.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question