Ask the Expert

Tips on Group Policy management

We know that managing the desktop environment is made very flexible by the use of Group Policy. But I fear that poor design and management of Policies could lead to an administrative burden that outweighs the benefits of the 'keep it simple' approach.

Regarding control of desktop features and user permissions using Group Policy Objects, do you have a set of top three (or more) dos and don'ts for design implementation and management of Group Policy?


    Requires Free Membership to View

I'm curious as to what you mean by Group Policy's poor design. I've encountered few design flaws in Group Policy itself. Group Policy definitely beats the keep-it-simple approach to management, since the keep-it-simple approach really means unmanaged. Consider the cost savings of standardized configurations and restricted users versus the administrative burden, which essentially translates to "it's too hard." If it's too hard, then you're doing it the wrong way.

My top three tips are these: (1) work from a plan, instead of sitting down in front of Active Directory and hunting down policies, (2) limit what you manage at the top of the directory to important corporate-wide policies (think password policy, security policy) and delegate down less important policies, (3) prioritize policies; then, implement the high priorities and let the rest go.

There's plenty of documentation for technology best practices, such as optimizing policies. You'll find most of those on Microsoft's Web site. One thing I like to do to make managing policies easier is to create focused GPOs -- such as a GPO that contains all of the settings necessary to implement offline files and folders, so that I can identify them easier, and I'm not duplicating policies across multiple GPOs (makes updating settings easier in the future). In other words, throughout an entire organization, I might have one Redirected Folders, one Locked Screen Saver, or one Office XP Security GPO that I can link to different OUs.

Editor's Note: For more information on Group Policy, check out our collection of Group Policy Best Web Links.


This was first published in May 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: