We know that managing the desktop environment is made very flexible by the use of Group Policy. But I fear that...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
poor design and management of Policies could lead to an administrative burden that outweighs the benefits of the 'keep it simple' approach.
Regarding control of desktop features and user permissions using Group Policy Objects, do you have a set of top three (or more) dos and don'ts for design implementation and management of Group Policy?
I'm curious as to what you mean by Group Policy's poor design. I've encountered few design flaws in Group Policy itself. Group Policy definitely beats the keep-it-simple approach to management, since the keep-it-simple approach really means unmanaged. Consider the cost savings of standardized configurations and restricted users versus the administrative burden, which essentially translates to "it's too hard." If it's too hard, then you're doing it the wrong way.
My top three tips are these: (1) work from a plan, instead of sitting down in front of Active Directory and hunting down policies, (2) limit what you manage at the top of the directory to important corporate-wide policies (think password policy, security policy) and delegate down less important policies, (3) prioritize policies; then, implement the high priorities and let the rest go.
There's plenty of documentation for technology best practices, such as optimizing policies. You'll find most of those on Microsoft's Web site. One thing I like to do to make managing policies easier is to create focused GPOs -- such as a GPO that contains all of the settings necessary to implement offline files and folders, so that I can identify them easier, and I'm not duplicating policies across multiple GPOs (makes updating settings easier in the future). In other words, throughout an entire organization, I might have one Redirected Folders, one Locked Screen Saver, or one Office XP Security GPO that I can link to different OUs.
Editor's Note: For more information on Group Policy, check out our collection of Group Policy Best Web Links.
Related Q&A from Jerry Honeycutt
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.