[gptalk] Re: hello

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 17 Aug 2006 13:37:13 -0700

And of course I would also humbly recommend the GP book I did with Derek
Melber and William Stanek: 
 
http://www.amazon.com/exec/obidos/redirect?link_code=ur2
<http://www.amazon.com/exec/obidos/redirect?link_code=ur2&camp=1789&tag=http
wwwgpogco-20&creative=9325&path=tg/detail/-/0735622175/qid=1122367169/sr=8-1
/ref=pd_bbs_1?v=glance&s=books&n=507846>
&camp=1789&tag=httpwwwgpogco-20&creative=9325&path=tg/detail/-/0735622175/qi
d=1122367169/sr=8-1/ref=pd_bbs_1?v=glance&s=books&n=507846

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mills, Mark
Sent: Thursday, August 17, 2006 12:30 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: hello



Gray 

 

So you're new to Group Policy.  I started working with it about 6 month ago.
Below are some tidbits that may help you. I'm not claiming to be an expert,
and admit I am new also to GP, but I am trying to take a granular approach
to GP so I can get the most out of it in a single domain (not a Forest) .  I
also highly recommend the book mentioned below by Jeremy Moskowitz.

 

My personal opinions

 

1)      keep all your user objects in their own "USER OU Branches" and keep
all your computer objects in their own Computer OU Branches.  (see
representation below) 

2)      Name your polices in a format so that you know what branch it
effects.  All GPOs that effect the Computer configuration should have names
that start with the words "Computer - "  and all for the User Configuration
should start with "Computer -"  It will help you understand and manage your
GPO's better and know the proper place to apply them in most cases (accept
where loopback is enabled) 

3)      Learn about Loop Back Processing as soon as possible - it is a great
feature

4)      Nothing anyone may tell you - including me-  may be right for your
organization, for best results analyze your needs and use Group Policy
accordingly.

 

5)      Representation mentioned in item 1 above:  keep all your user
objects in their own "USER OU Branches" and keep all your computer objects
in their own Computer OU Branches.  (see representation below) 

 

 

Group Policy Manangement

-------Forest: mydomain.com

------------Domains

------------------MyDomain.com

--------------------Default Domain Group Policy Object Link

----------------------Active Group Policies OU

-----------------------------Computer Policies OU

---------------------------------Enforced Group Policy Object Link

------------------------------------AccountingDept Computer OU (put your
Accounting PC's here)

--------------------------------------- Computer Config Group Policy Object
Link 1 (this is an applied GPO) 

--------------------------------------- Computer Config Group Policy Object
Link 2 (this is an applied GPO)

------------------------------------MarketingDept Computer OU (put your Mktg
PC's here)

------------------------------------Programmers Computer OU  (.OK you get
the idea)

-----------------------------User Policies OU

---------------------------------Enforced Group Policy Object Link

------------------------------------Accounting Dept OU (put your Accounting
User's here)

--------------------------------------- User Config Group Policy Object Link
1 (this is an applied GPO)

--------------------------------------- User Config Group Policy Object Link
(this is an applied GPO)

------------------------------------MarketingDept User  OU (put your Mktg
User's here)

------------------------------------ProgrammerDept User OU  (.OK you get the
idea)

 

 

 

Good name to know:  Jeremy Moskowitz

His Awesome  book :  Third Edition of Group Policy, Profiles, and
IntelliMirror 

Related Site:  http://www.gpanswers.com/book/

 

 

Great GP sites for help

http://gpanswers.com <http://gpanswers.com/>  

http://www.gpoguy.com/ 

http://www.activedir.org/article.aspx?aid=25 

 

Group Policy Management Console with 2003 Service Pack 1included.

http://www.microsoft.com/downloads/details.aspx?familyid=0A6D4C24-8CBD-4B35-
9272-DD3CBFC81887
<http://www.microsoft.com/downloads/details.aspx?familyid=0A6D4C24-8CBD-4B35
-9272-DD3CBFC81887&displaylang=en> &displaylang=en

 

Group Policy Settings Reference for Windows Server 2003 with Service Pack 1
(Excel sheet with all GP settings) 

http://www.microsoft.com/downloads/details.aspx?familyid=7821C32F-DA15-438D-
8E48-45915CD2BC14
<http://www.microsoft.com/downloads/details.aspx?familyid=7821C32F-DA15-438D
-8E48-45915CD2BC14&displaylang=en> &displaylang=en 

 

GPO backups info

http://www.windowsitlibrary.com/Content/1635/04/1.html

 

Group Policy ADM files
http://www.microsoft.com/downloads/details.aspx?FamilyId=92759D4B-7112-4B6C-
AD4A-BBF3802A5C9B
<http://www.microsoft.com/downloads/details.aspx?FamilyId=92759D4B-7112-4B6C
-AD4A-BBF3802A5C9B&displaylang=en#top> &displaylang=en#top 

 

Recommendations for administering Group Policy ADM files
http://support.microsoft.com/default.aspx?scid=kb;en-us;816662#top 

 

 

Windows KB related to GP: http://support.microsoft.com/?kbid=842804 

 

Scripting help and support:

http://www.scriptinganswers.com <http://www.scriptinganswers.com/> 

 

WQL (SQL for WMI)
http://windowssdk.msdn.microsoft.com/en-us/library/ms758365.aspx 

 

WMI Code Creator v1.0

http://www.microsoft.com/downloads/details.aspx?familyid=2CC30A64-EA15-4661-
8DA4-55BBC145C30E
<http://www.microsoft.com/downloads/details.aspx?familyid=2CC30A64-EA15-4661
-8DA4-55BBC145C30E&displaylang=en> &displaylang=en 

 

Delegation of control
http://www.mcpmag.com/features/article.asp?EditorialsID=233 

 

 

Mark Mills, Sr. Network Engineer 

Office Phone:  281-444-2300 x113

Email: mark.mills@xxxxxxxxxxxxxxxxxxxxxx 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Gray Troutman
Sent: Thursday, August 17, 2006 1:37 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] hello

 

Hi,
I just signed up.  I'm curious to know how many people (roughly) subscribe
to this list.  I've subscribed to a couple before and they had a pretty wide
range of content due to the number of subscribers.  I've been working with
Windows-based networks for about eleven years now, but this is the first
time I've really been involved with creating an AD from scratch and the
creation of Groups Policies.  I'm really interested in seeing what other
folks are doing, hopefully that way I will catch problems before they occur.


Regards,
Gray




Other related posts: