[gptalk] Re: hello

• From: "Mills, Mark" <Mark.Mills@xxxxxxxxxxxxxxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Thu, 17 Aug 2006 14:30:24 -0500

Gray 

 

So you're new to Group Policy.  I started working with it about 6 month
ago.  Below are some tidbits that may help you. I'm not claiming to be
an expert, and admit I am new also to GP, but I am trying to take a
granular approach to GP so I can get the most out of it in a single
domain (not a Forest) .  I also highly recommend the book mentioned
below by Jeremy Moskowitz.

 

My personal opinions

 

1)      keep all your user objects in their own "USER OU Branches" and
keep all your computer objects in their own Computer OU Branches.  (see
representation below) 

2)      Name your polices in a format so that you know what branch it
effects.  All GPOs that effect the Computer configuration should have
names that start with the words "Computer - "  and all for the User
Configuration should start with "Computer -"  It will help you
understand and manage your GPO's better and know the proper place to
apply them in most cases (accept where loopback is enabled) 

3)      Learn about Loop Back Processing as soon as possible - it is a
great feature

4)      Nothing anyone may tell you - including me-  may be right for
your organization, for best results analyze your needs and use Group
Policy accordingly.

 

5)      Representation mentioned in item 1 above:  keep all your user
objects in their own "USER OU Branches" and keep all your computer
objects in their own Computer OU Branches.  (see representation below) 

 

 

Group Policy Manangement

-------Forest: mydomain.com

------------Domains

------------------MyDomain.com

--------------------Default Domain Group Policy Object Link

----------------------Active Group Policies OU

-----------------------------Computer Policies OU

---------------------------------Enforced Group Policy Object Link

------------------------------------AccountingDept Computer OU (put your
Accounting PC's here)

--------------------------------------- Computer Config Group Policy
Object Link 1 (this is an applied GPO) 

--------------------------------------- Computer Config Group Policy
Object Link 2 (this is an applied GPO)

------------------------------------MarketingDept Computer OU (put your
Mktg PC's here)

------------------------------------Programmers Computer OU  (...OK you
get the idea)

-----------------------------User Policies OU

---------------------------------Enforced Group Policy Object Link

------------------------------------Accounting Dept OU (put your
Accounting User's here)

--------------------------------------- User Config Group Policy Object
Link 1 (this is an applied GPO)

--------------------------------------- User Config Group Policy Object
Link  (this is an applied GPO)

------------------------------------MarketingDept User  OU (put your
Mktg User's here)

------------------------------------ProgrammerDept User OU  (...OK you
get the idea)

 

 

 

Good name to know:  Jeremy Moskowitz

His Awesome  book :  Third Edition of Group Policy, Profiles, and
IntelliMirror 

Related Site:  http://www.gpanswers.com/book/

 

 

Great GP sites for help

http://gpanswers.com <http://gpanswers.com/>  

http://www.gpoguy.com/ 

http://www.activedir.org/article.aspx?aid=25 

 

Group Policy Management Console with 2003 Service Pack 1included.

http://www.microsoft.com/downloads/details.aspx?familyid=0A6D4C24-8CBD-4
B35-9272-DD3CBFC81887&displaylang=en

 

Group Policy Settings Reference for Windows Server 2003 with Service
Pack 1 (Excel sheet with all GP settings) 

http://www.microsoft.com/downloads/details.aspx?familyid=7821C32F-DA15-4
38D-8E48-45915CD2BC14&displaylang=en 

 

GPO backups info

http://www.windowsitlibrary.com/Content/1635/04/1.html

 

Group Policy ADM files
http://www.microsoft.com/downloads/details.aspx?FamilyId=92759D4B-7112-4
B6C-AD4A-BBF3802A5C9B&displaylang=en#top 

 

Recommendations for administering Group Policy ADM files
http://support.microsoft.com/default.aspx?scid=kb;en-us;816662#top 

 

 

Windows KB related to GP: http://support.microsoft.com/?kbid=842804 

 

Scripting help and support:

http://www.scriptinganswers.com <http://www.scriptinganswers.com/> 

 

WQL (SQL for WMI)
http://windowssdk.msdn.microsoft.com/en-us/library/ms758365.aspx 

 

WMI Code Creator v1.0

http://www.microsoft.com/downloads/details.aspx?familyid=2CC30A64-EA15-4
661-8DA4-55BBC145C30E&displaylang=en 

 

Delegation of control
http://www.mcpmag.com/features/article.asp?EditorialsID=233 

 

 

Mark Mills, Sr. Network Engineer 

Office Phone:  281-444-2300 x113

Email: mark.mills@xxxxxxxxxxxxxxxxxxxxxx 

________________________________

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Gray Troutman
Sent: Thursday, August 17, 2006 1:37 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] hello

 

Hi,
I just signed up.  I'm curious to know how many people (roughly)
subscribe to this list.  I've subscribed to a couple before and they had
a pretty wide range of content due to the number of subscribers.  I've
been working with Windows-based networks for about eleven years now, but
this is the first time I've really been involved with creating an AD
from scratch and the creation of Groups Policies.  I'm really interested
in seeing what other folks are doing, hopefully that way I will catch
problems before they occur. 

Regards,
Gray

• Follow-Ups:
  • [gptalk] Re: hello
    • From: Darren Mar-Elia

Other related posts:

• » [gptalk] hello
• » [gptalk] Re: hello
• » [gptalk] Re: hello
• » [gptalk] Re: hello
• » [gptalk] Re: hello
• » [gptalk] Re: hello
• » [gptalk] Re: hello
• » [gptalk] Re: hello

1. Home
2. gptalk
3. Archive
4. 08-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---