[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Common Server 2008 Group Policies to Implement

Posted on 2012-09-04
1
Medium Priority
?
485 Views
Last Modified: 2012-09-18
I was wanting to implement some common group policies on the servers we maintain.
I wanted to create a list of GPO for when we setup new servers or servers already implemented we would follow the list and hopefully this would help us to standardize among all the servers we manage.

What would be a good list of GPOs to have implemented on servers?

I was thinking of stuff like these:

Mapping users folders.
My Document redirection.
Home page to company website
Locking down workstations
Not being able to browse network
Take away control panel.

And so forth.  Didn't want to recreate the wheel if someone already has a list of GPO they implement.  Looking more towards the IT consultant list of GPOs not corporate IT.

I appreciate the help in advance.
0
Comment
Question by:maximus7569
1 Comment
 
LVL 18

Accepted Solution

by:
Sushil Sonawane earned 2000 total points
ID: 38367244
It's totaly depend on the your company behavior or policy to apply group policy.

On the server keep the minnimum gpo setting applied.

Above mention policies stuff are implemented on the user desktop level.

On the server you can implement like domain user can't login.


Best Practices for Implementing GPOs
 
A few best practices to consider when implementing GPOs are listed below:

1.

To keep GPO administration simple, use unique names for each GPO.

2.

You should not link a GPO to the same OU multiple times, link it only once.

3.

While it is possible to link an OU to a GPO that is located in a different domain, you should steer clear of this situation. The processing of GPOs is delayed if Group Policy has to be acquired from a different domain.

4.

Disable the Computer Configuration node or the User Configuration node when it only contains Group Policy settings set to the Not Configured option. This tends to speed up computer startup and user logon processing times.

 5.

Steer clear of conflicting policies. While a lower OU GPO can override an OU GPO higher in the tree, to keep things simple, try to steer clear of configuring conflicting policies.

6.

Avoid setting the No Override option, and the Block Policy Inheritance option as far as possible. Having these settings enabled can complicate matters when you need to troubleshoot Group Policy.

7.

Only use the loopback processing option if he desktop configuration has to remain constant, irrespective of the user logging on. Enabling the loopback processing option can also cause confusion when you need to troubleshoot Group Policy settings problems.

 8.

Utilize WMI filters only when necessary. Having numerous WMI filters, increases user logon processing time.

 9.

Filter the scope of a GPO according to security group membership. This prevents other users, who do not need the GPO applied, from experiencing a logon delay.

Refer below link.

(http://www.tech-faq.com/implementing-and-managing-group-policy-objects-gpos.html)
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question