Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Group policy processing - one versus multiple gpos decision

Posted on 2011-09-05
4
Medium Priority
?
337 Views
Last Modified: 2012-05-12
Hi guys hope you are all well and can assist.
Guys I really need some clarification as to how group policies are applied and processed by machines.

What I'm failing to understand is this.

Scenario: Microsoft Office 2003 and 2007 USER group policy settings in the one gpo.
If a user logs on to a machine that has MS office 2007 installed, and this gpo gets applied, what happens to the office 2003 settings in this gpo?
Do they get ignored? Do they still get applied eg.get entered into the systems registry, but have no effect?
Conversely, if that same user went to a machine that had office 2003 installed, what happens to the office 2007 settings?
Does it slow down Logon time due to all settings getting processed?
What I'm trying to understand is whether it is better to break up this gpo into multiple gpos - one for each version of office, or whether it is best practice to leave them all in the same gpo?
Is there extra overhead in terms of time spent processing the gpo if all office settings for all versions are placed in the one gpo, as opposed to breaking it up into one gpo per office version?
Also, is is true that if a machine has for example, office 2007 installed, that it will only apply office 2007 settings from the gpo and not other settings from the gpo for other versions of office? Is this because the client reads the gpo and first checks what settings is applicable to itself? Or, if the user is meant to get the gpo, does it apply EVERY setting withinthe gpo regardless of office version? This is what I need to understand.

Sorry if this is a long question..I really want to understand this.
Any help greatly appreciated.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
myhc earned 1000 total points
ID: 36485777
All settings get appied. It will show down but not much (you won't notice it)

I would break them up and create a group security for 2003 & 2007 so only the settings I want get applied.

As far as i'm aware all settings are applied. they all end up as REG changes.
(you can make your own adm files to control any REG key, so it doesn't require anything special as you could have made that ADM file yourself... and then it would have applied the settings.
0
 
LVL 11

Assisted Solution

by:Ackles
Ackles earned 1000 total points
ID: 36487434
Simon,
If you look at the Operational Logs of Group Policy, you will see it actually takes Milliseconds to apply, which you won't even notice.
Remember, its not the Messanger but the message what is culprit in GPO.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 36488003
Thanks guys.
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36488047
Thanks Simon.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question