Re: Best location for policies
From: Grace (yyy_at_yyy.com)
Date: Wed, 5 Oct 2005 17:02:45 -0500
"Jorge_de_Almeida_Pinto" <UseLinkToEmail@WindowsForumz.com> wrote in message
> "" wrote:
> > Please advice:
> > I have a small Windows 2000 domain: 200 users, 4 Win2k
> > Servers, 4 Win2k3
> > servers, 1 Exchange 5.5. I created an OU for Our Computers
> > (had to name it
> > differently since there already is a Computer container), with
> > Workstations
> > and Notebooks OUs below, and an OU for User Accounts. I have
> > a Test OU and
> > TSServer OU since I have a separate policy for TS users (works
> > great BTW).
> > At the moment, I have 2 policies: one for Our Computers OU -
> > it has a few
> > registry entries, security related, picked from the policy
> > options, and a
> > policy for User Accounts OU that locks down users. I don't
> > have
> > domain-level security policy (passwords, etc.) created yet.
> > I am ready to implement Windows Update policy w/WSUS server -
> > it works
> > beautifully in test environment.
> > I am not sure what's the best way to organize policies. I
> > read somewhere
> > that it's convenient to create a separate OU for all policies
> > and just link
> > them to OUs as needed. If yes, how do I disable then delete
> > the current
> > policies after recreating them for the new OU?
> > Any pointers/advice from the real world greatly appreciated...
> > Grace
> That would be a great way if you only had windows 2000. In w2k and
> w2k3 if you use the default group policy editor (which sucks) you need
> to assign an OU when you create a GPO. If you use the GPMC (works with
> wxp and w2k3) you can just create the GPO and after that link it to
> whatever OU you want. The GPMC is VERY COOL. It provides lots of fun
> stuff like backing up ans restoring GPOs.
> Posted using the http://www.windowsforumz.com interface, at author's
> Articles individually checked for conformance to usenet standards
> Topic URL:
> Visit Topic URL to contact author (reg. req'd). Report abuse:
Jorge, Steve, thanks for your advice. I will use GPMC and all should be
fine... ;-) Now what about removing current policies if I need to rearrange
OUs. Do I just move users and they will be fine? What about computers?