Common Server 2008 Group Policies to Implement

Posted on 2012-09-04
Last Modified: 2012-09-18
I was wanting to implement some common group policies on the servers we maintain.
I wanted to create a list of GPO for when we setup new servers or servers already implemented we would follow the list and hopefully this would help us to standardize among all the servers we manage.

What would be a good list of GPOs to have implemented on servers?

I was thinking of stuff like these:

Mapping users folders.
My Document redirection.
Home page to company website
Locking down workstations
Not being able to browse network
Take away control panel.

And so forth.  Didn't want to recreate the wheel if someone already has a list of GPO they implement.  Looking more towards the IT consultant list of GPOs not corporate IT.

I appreciate the help in advance.
Question by:maximus7569
    1 Comment
    LVL 18

    Accepted Solution

    It's totaly depend on the your company behavior or policy to apply group policy.

    On the server keep the minnimum gpo setting applied.

    Above mention policies stuff are implemented on the user desktop level.

    On the server you can implement like domain user can't login.

    Best Practices for Implementing GPOs
    A few best practices to consider when implementing GPOs are listed below:


    To keep GPO administration simple, use unique names for each GPO.


    You should not link a GPO to the same OU multiple times, link it only once.


    While it is possible to link an OU to a GPO that is located in a different domain, you should steer clear of this situation. The processing of GPOs is delayed if Group Policy has to be acquired from a different domain.


    Disable the Computer Configuration node or the User Configuration node when it only contains Group Policy settings set to the Not Configured option. This tends to speed up computer startup and user logon processing times.


    Steer clear of conflicting policies. While a lower OU GPO can override an OU GPO higher in the tree, to keep things simple, try to steer clear of configuring conflicting policies.


    Avoid setting the No Override option, and the Block Policy Inheritance option as far as possible. Having these settings enabled can complicate matters when you need to troubleshoot Group Policy.


    Only use the loopback processing option if he desktop configuration has to remain constant, irrespective of the user logging on. Enabling the loopback processing option can also cause confusion when you need to troubleshoot Group Policy settings problems.


    Utilize WMI filters only when necessary. Having numerous WMI filters, increases user logon processing time.


    Filter the scope of a GPO according to security group membership. This prevents other users, who do not need the GPO applied, from experiencing a logon delay.

    Refer below link.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now