Re: Best location for policies

From: Grace (yyy_at_yyy.com)
Date: 10/06/05

  • Next message: Shenan Stanley: "Re: ghstwalk, Outlook Express"
    Date: Wed, 5 Oct 2005 17:02:45 -0500
    
    

    "Jorge_de_Almeida_Pinto" <UseLinkToEmail@WindowsForumz.com> wrote in message
    news:3_1438317_b8a9e3b2f7910ee4b84fac4784d48776@windowsforumz.com...
    > "" wrote:
    > > Please advice:
    > >
    > > I have a small Windows 2000 domain: 200 users, 4 Win2k
    > > Servers, 4 Win2k3
    > > servers, 1 Exchange 5.5. I created an OU for Our Computers
    > > (had to name it
    > > differently since there already is a Computer container), with
    > > Workstations
    > > and Notebooks OUs below, and an OU for User Accounts. I have
    > > a Test OU and
    > > TSServer OU since I have a separate policy for TS users (works
    > > great BTW).
    > >
    > > At the moment, I have 2 policies: one for Our Computers OU -
    > > it has a few
    > > registry entries, security related, picked from the policy
    > > options, and a
    > > policy for User Accounts OU that locks down users. I don't
    > > have
    > > domain-level security policy (passwords, etc.) created yet.
    > > I am ready to implement Windows Update policy w/WSUS server -
    > > it works
    > > beautifully in test environment.
    > >
    > > I am not sure what's the best way to organize policies. I
    > > read somewhere
    > > that it's convenient to create a separate OU for all policies
    > > and just link
    > > them to OUs as needed. If yes, how do I disable then delete
    > > the current
    > > policies after recreating them for the new OU?
    > >
    > > Any pointers/advice from the real world greatly appreciated...
    > >
    > > Grace
    >
    > That would be a great way if you only had windows 2000. In w2k and
    > w2k3 if you use the default group policy editor (which sucks) you need
    > to assign an OU when you create a GPO. If you use the GPMC (works with
    > wxp and w2k3) you can just create the GPO and after that link it to
    > whatever OU you want. The GPMC is VERY COOL. It provides lots of fun
    > stuff like backing up ans restoring GPOs.
    > See:
    > http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
    >
    http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
    >
    > --
    > Posted using the http://www.windowsforumz.com interface, at author's
    request
    > Articles individually checked for conformance to usenet standards
    > Topic URL:
    http://www.windowsforumz.com/Active-Directory-location-policies-ftopict429032.html
    > Visit Topic URL to contact author (reg. req'd). Report abuse:
    http://www.windowsforumz.com/eform.php?p=1438317

    Jorge, Steve, thanks for your advice. I will use GPMC and all should be
    fine... ;-) Now what about removing current policies if I need to rearrange
    OUs. Do I just move users and they will be fine? What about computers?

    Thanks,

    Grace


  • Next message: Shenan Stanley: "Re: ghstwalk, Outlook Express"