Solved

Group policy processing - one versus multiple gpos decision

Posted on 2011-09-05
4
320 Views
Last Modified: 2012-05-12
Hi guys hope you are all well and can assist.
Guys I really need some clarification as to how group policies are applied and processed by machines.

What I'm failing to understand is this.

Scenario: Microsoft Office 2003 and 2007 USER group policy settings in the one gpo.
If a user logs on to a machine that has MS office 2007 installed, and this gpo gets applied, what happens to the office 2003 settings in this gpo?
Do they get ignored? Do they still get applied eg.get entered into the systems registry, but have no effect?
Conversely, if that same user went to a machine that had office 2003 installed, what happens to the office 2007 settings?
Does it slow down Logon time due to all settings getting processed?
What I'm trying to understand is whether it is better to break up this gpo into multiple gpos - one for each version of office, or whether it is best practice to leave them all in the same gpo?
Is there extra overhead in terms of time spent processing the gpo if all office settings for all versions are placed in the one gpo, as opposed to breaking it up into one gpo per office version?
Also, is is true that if a machine has for example, office 2007 installed, that it will only apply office 2007 settings from the gpo and not other settings from the gpo for other versions of office? Is this because the client reads the gpo and first checks what settings is applicable to itself? Or, if the user is meant to get the gpo, does it apply EVERY setting withinthe gpo regardless of office version? This is what I need to understand.

Sorry if this is a long question..I really want to understand this.
Any help greatly appreciated.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
myhc earned 250 total points
ID: 36485777
All settings get appied. It will show down but not much (you won't notice it)

I would break them up and create a group security for 2003 & 2007 so only the settings I want get applied.

As far as i'm aware all settings are applied. they all end up as REG changes.
(you can make your own adm files to control any REG key, so it doesn't require anything special as you could have made that ADM file yourself... and then it would have applied the settings.
0
 
LVL 11

Assisted Solution

by:Ackles
Ackles earned 250 total points
ID: 36487434
Simon,
If you look at the Operational Logs of Group Policy, you will see it actually takes Milliseconds to apply, which you won't even notice.
Remember, its not the Messanger but the message what is culprit in GPO.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 36488003
Thanks guys.
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36488047
Thanks Simon.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question