Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Windows 2000 / Group Policy / July 2008

Tip: Looking for answers? Try searching our database.

Best way to apply policy to all computers except servers

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Deb H - 29 Jul 2008 21:07 GMT
Trying to decide what the best way to apply certain features such as event
log settings and other computer related GPO settings. Currently I have all
computers in their OUs designed by location. Should I also create a group and
add all computers to the group, then add group to a certain policy affecting
the event logs. Or should I adjust all the OUs?
Reply to this Message
Florian Frommherz [MVP] - 29 Jul 2008 21:23 GMT
Deb,

> Trying to decide what the best way to apply certain features such as event
> log settings and other computer related GPO settings. Currently I have all
> computers in their OUs designed by location. Should I also create a group and
> add all computers to the group, then add group to a certain policy affecting
> the event logs. Or should I adjust all the OUs?

avoid security filtering (that is tweaking permissions on the Group
Policy) as far as you can. That slows down Group Policy application. If
possible, re-organize the OU structure so that you can create and add
your GPOs more easily or link the policy in question to multiple
locations in the hierachy.

cheers,

Florian
Signature

Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

Reply to this Message
Barkley Bees - 30 Jul 2008 09:31 GMT
We have our OU structure setup as follows (simplified):

MAIN OU (Contains our client PC's and users)
--- SERVERS OU (Servers only under the Main OU)

The main OU has server Pollicies applied to it (Default domain policy,
Firewall, WSUS for clients, etc).
The Server OU has only two set for it (Remote Desktop setting and WSUS).

Yet, I can see from GPMC that the parent OU's Group Policies are being
inherited to the Server OU. Can I simply select 'block inheritance' to
prevent these unwanted ones from being applied (ie: Client Firewall, WSUS
for Clients)?

> Deb,
>
[quoted text clipped - 13 lines]
>
> Florian
Reply to this Message
Mark Heitbrink [MVP] - 30 Jul 2008 14:36 GMT
Barkley Bees schrieb:
> We have our OU structure setup as follows (simplified):
>
> MAIN OU (Contains our client PC's and users)
> --- SERVERS OU (Servers only under the Main OU)

IMHO, the easiest way to handle it:
MAIN OU
- Link all GPOs that are for both kind of computers
--- SERVERS OU
    - link only GPOs with server settings
--- WORKSTATIONS OU
    - link only GPOs with special client settings

Mark
Signature

Mark Heitbrink - MVP Windows Server - Group Policy

Homepage: www.gruppenrichtlinien.de - deutsch
Discuss : www.freelists.org/list/gpupdate

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.