Best location for policies

From: Grace (yyy_at_yyy.com)
Date: 10/05/05

• Next message: Alexis: "Re: How to extend validity period of Sub CA"
• Previous message: Brian Komar [MVP]: "Re: How to extend validity period of Sub CA"
• Next in thread: Steven L Umbach: "Re: Best location for policies"
• Reply: Steven L Umbach: "Re: Best location for policies"
• Reply: Jorge_de_Almeida_Pinto: "Re: Best location for policies"
• Reply: Cary Shultz [A.D. MVP]: "Re: Best location for policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 5 Oct 2005 11:39:09 -0500

Please advice:

I have a small Windows 2000 domain: 200 users, 4 Win2k Servers, 4 Win2k3
servers, 1 Exchange 5.5. I created an OU for Our Computers (had to name it
differently since there already is a Computer container), with Workstations
and Notebooks OUs below, and an OU for User Accounts. I have a Test OU and
TSServer OU since I have a separate policy for TS users (works great BTW).

At the moment, I have 2 policies: one for Our Computers OU - it has a few
registry entries, security related, picked from the policy options, and a
policy for User Accounts OU that locks down users. I don't have
domain-level security policy (passwords, etc.) created yet.
I am ready to implement Windows Update policy w/WSUS server - it works
beautifully in test environment.

I am not sure what's the best way to organize policies. I read somewhere
that it's convenient to create a separate OU for all policies and just link
them to OUs as needed. If yes, how do I disable then delete the current
policies after recreating them for the new OU?

Any pointers/advice from the real world greatly appreciated...

Grace

---

• Next message: Alexis: "Re: How to extend validity period of Sub CA"
• Previous message: Brian Komar [MVP]: "Re: How to extend validity period of Sub CA"
• Next in thread: Steven L Umbach: "Re: Best location for policies"
• Reply: Steven L Umbach: "Re: Best location for policies"
• Reply: Jorge_de_Almeida_Pinto: "Re: Best location for policies"
• Reply: Cary Shultz [A.D. MVP]: "Re: Best location for policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Group Policies - not working? ... Ste ... make sure that the 'Domain Computers' security group has read & ... I am pretty sure I created the policy in the Active ... |>> Apply the policies from Active Directory Users and Computers. ... (microsoft.public.backoffice.smallbiz2000) Re: better way to limit users/group to logon to specific workstati ... You can still do it in policy, ... logon locally setting, and apply it to all computers except the ones you ... Workstations" attribute - applying to the user accounts ... (microsoft.public.windows.group_policy) Re: Group Policies - not working? ... make sure that the 'Domain Computers' security group has read & apply ... I am pretty sure I created the policy in the Active ... >> Apply the policies from Active Directory Users and Computers. ... (microsoft.public.backoffice.smallbiz2000) Re: Group Policies ... Group policies can be applied domain-wide, ... Organizational units can contain computers, users, or both, but typically ... In your original question you say the policy locks all of the ... (microsoft.public.backoffice.smallbiz2000) Re: better way to limit users/group to logon to specific workstations? ... Apply this policy to an OU where the computers are. ... We limit a set of user accounts to logging on to specific workstations by ... (microsoft.public.windows.group_policy)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.win2000.security  > 2005-10