BEst practice when deploying policies to an end point
I have a server 2016 domain environment and we are going to be deploying windows 10 . What would be best practice to implement Group policy to the end points ? My school of thought tells me that creating a windows 10 image and modifying the local GPO and then packaging that image is not the best way . Should policies have better control being applied thru the Domain control GPMC ? S that very time a computer gets added to the domain the policies apply.
IS it better to have a lean vanilla image and then join to the domain and apply all policy settings for the computer and user ? Any good advice would be appreciated.