Re: Best location for policies

From: Jorge_de_Almeida_Pinto (UseLinkToEmail_at_WindowsForumz.com)
Date: 10/05/05 

Date: 5 Oct 2005 16:36:18 -0400

"" wrote:
> Please advice:
>
> I have a small Windows 2000 domain: 200 users, 4 Win2k
> Servers, 4 Win2k3
> servers, 1 Exchange 5.5. I created an OU for Our Computers
> (had to name it
> differently since there already is a Computer container), with
> Workstations
> and Notebooks OUs below, and an OU for User Accounts. I have
> a Test OU and
> TSServer OU since I have a separate policy for TS users (works
> great BTW).
>
> At the moment, I have 2 policies: one for Our Computers OU -
> it has a few
> registry entries, security related, picked from the policy
> options, and a
> policy for User Accounts OU that locks down users. I don't
> have
> domain-level security policy (passwords, etc.) created yet.
> I am ready to implement Windows Update policy w/WSUS server -
> it works
> beautifully in test environment.
>
> I am not sure what's the best way to organize policies. I
> read somewhere
> that it's convenient to create a separate OU for all policies
> and just link
> them to OUs as needed. If yes, how do I disable then delete
> the current
> policies after recreating them for the new OU?
>
> Any pointers/advice from the real world greatly appreciated...
>
> Grace

That would be a great way if you only had windows 2000. In w2k and
w2k3 if you use the default group policy editor (which sucks) you need
to assign an OU when you create a GPO. If you use the GPMC (works with
wxp and w2k3) you can just create the GPO and after that link it to
whatever OU you want. The GPMC is VERY COOL. It provides lots of fun
stuff like backing up ans restoring GPOs.
See:
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en 

-- 
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-location-policies-ftopict429032.html 
Visit Topic URL to contact author (reg. req'd).  Report abuse: http://www.windowsforumz.com/eform.php?p=1438317

Relevant Pages

  • Re: Local GPO refreshes outside of refresh interval
    ... I looked through my GPO's Windows Settings section ... > Some policies, including IE policies, have a checkbox that defines if this ... > it should apply EVEN if the value defined in GPO did not change since the ... we are talking about one particular policy: ...
    (microsoft.public.windows.group_policy)
  • Re: "There are 0 filters" using IPSec via GPO
    ... 1)Deleting all IPSec policies in the GPO ... 4)Assigning "request security" policy in Local Security Settings, ...
    (microsoft.public.win2000.security)
  • Re: Windows 2003 Server - Group Policy
    ... Group Policies refresh time is 90-minute intervals by default. ... For Windows 2000 Computers see the follow KB: ... Policy Inheritance can be set to this OU it means no policies from higher ... You can also set No Override to a particular GPO. ...
    (microsoft.public.win2000.active_directory)
  • Local GPO refreshes outside of refresh interval
    ... We are experiencing an unique situation where local group ... we are talking about one particular policy: ... a homepage on users and therefore, we never set this policy on the AD GPO. ... Even though we knew that group policies are refreshed every 90 minutes on ...
    (microsoft.public.windows.group_policy)
  • RE: Group Policy: multiple password policies in the same domain?
    ... > it under access to the GPO. ... The conflict only happens when both policies ... results in having the policy denied. ... > user accounts it affects be able to read it and have "apply ...
    (Focus-Microsoft)