Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: GPO Assistance

  1. #1
    Junior Member
    Join Date
    Feb 2004
    Posts
    10

    Question GPO Assistance

    Hello All,

    I am working on a new GPO on a Server 2000 network. Just to make sure I covered everything, what are some of the more imporant settings to configure in a GPO. (I'm sure the list goes on, just some of the top ones please)

    Just some suggestions from people who have been doing this much longer than I have been would be greatly appreciated.

    Thank you,
    Murph

  2. #2
    Junior Member
    Join Date
    Feb 2004
    Posts
    10

    Question GPO Assistance

    Hello All,

    I am working on a new GPO on a Server 2000 network. Just to make sure I covered everything, what are some of the more imporant settings to configure in a GPO. (I'm sure the list goes on, just some of the top ones please)

    Just some suggestions from people who have been doing this much longer than I have been would be greatly appreciated.

    Thank you,
    Murph

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    That's a pretty big question and is very dependent upon your environment, the kind of business you are in, the threat/risk and what you are trying to achieve. Remember also that if you have multiple OU's you may have multiple GPO's do acheive different goals'

    If you could outline some of that information and then give us an idea of what you have done so far it would help us help you a lot.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    That's a pretty big question and is very dependent upon your environment, the kind of business you are in, the threat/risk and what you are trying to achieve. Remember also that if you have multiple OU's you may have multiple GPO's do acheive different goals'

    If you could outline some of that information and then give us an idea of what you have done so far it would help us help you a lot.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Junior Member
    Join Date
    Feb 2004
    Posts
    10
    Ok, that's true...kind of vague huh ?

    For right now its only one OU, which I'm working on changing. Its the first GPO in the domain for 75 users. Basically for right now I'm working on some type of baseline setting, as there isn't anything in place at the moment. Aside from password complexity, length, etc...what are some of the more major ones in general that should be configured.


    I know this is still somewhat vague, any general info is appreciated.

    Thanks again,

    Murph

  6. #6
    Junior Member
    Join Date
    Feb 2004
    Posts
    10
    Ok, that's true...kind of vague huh ?

    For right now its only one OU, which I'm working on changing. Its the first GPO in the domain for 75 users. Basically for right now I'm working on some type of baseline setting, as there isn't anything in place at the moment. Aside from password complexity, length, etc...what are some of the more major ones in general that should be configured.


    I know this is still somewhat vague, any general info is appreciated.

    Thanks again,

    Murph

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'd start with the domain policy. Put everything in there that you want to apply to every computer on the network, (audit policies, password policies, lockout etc.). That's your baseline....

    Then move down to your OU's. As long as you don't check "No Override" then the domain policy flows down so then you just need to set what you want for each OU. For example if you had machines accessible to the general public you would put them in a searate OU and lock them down pretty tight, whereas the accounting department may need a "looser" policy to allow them to do certain things.

    I would just run through the entire GPO looking at what things are, what they do and if they are appropriate. If the network is live right now I would set up a test OU and put a machine with all the "odd" apps your company runs and apply the policy to it by plaing it in the test OU. Remember that machine policies only apply at reboot or on the standard check time, (default 30 mins IIRC), while user policies apply at each reboot or at standard check time. That little gem of information becomes important when you think the darned thing isn't working....

    It's a good exercise and it will allow you to see what the GPO can do rather then us telling you things that may not apply in your situation and thus leave big gaps in your knowledge.

    If you get specific questions though, fire away....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'd start with the domain policy. Put everything in there that you want to apply to every computer on the network, (audit policies, password policies, lockout etc.). That's your baseline....

    Then move down to your OU's. As long as you don't check "No Override" then the domain policy flows down so then you just need to set what you want for each OU. For example if you had machines accessible to the general public you would put them in a searate OU and lock them down pretty tight, whereas the accounting department may need a "looser" policy to allow them to do certain things.

    I would just run through the entire GPO looking at what things are, what they do and if they are appropriate. If the network is live right now I would set up a test OU and put a machine with all the "odd" apps your company runs and apply the policy to it by plaing it in the test OU. Remember that machine policies only apply at reboot or on the standard check time, (default 30 mins IIRC), while user policies apply at each reboot or at standard check time. That little gem of information becomes important when you think the darned thing isn't working....

    It's a good exercise and it will allow you to see what the GPO can do rather then us telling you things that may not apply in your situation and thus leave big gaps in your knowledge.

    If you get specific questions though, fire away....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Using me as a template - take Tiger Sharks advice, never force a GPO on a live network without testing it. You will come in and have some pissed off people the next day while they waited around for you to show up late as usual and "unlock" everything.

    //edit I found this very helpful while adjusting some settings recently:

    Technet Article
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  10. #10
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Using me as a template - take Tiger Sharks advice, never force a GPO on a live network without testing it. You will come in and have some pissed off people the next day while they waited around for you to show up late as usual and "unlock" everything.

    //edit I found this very helpful while adjusting some settings recently:

    Technet Article
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •