Through much time spent battling Windows NT, Frank Aneiros and Adam Greenspan became System Policy masters. So, when they migrated their company from NT to Windows 2000 last year, they were ready to master another domain: Group Policy. Now, the two senior system engineers at Datek Online, an online trading company, share some dos and don'ts for taming Group Policy.
Group Policy is a feature of Active Directory that allows administrators to configure and define user's settings. It is used to determine where users can save files and the settings for security and Internet Explorer, among other things.
1. Do keep a duplicate Active Directory on hand, Aneiros advised. Applying the wrong policy to the wrong location could cause Active Directory itself to be damaged beyond salvation.
2. Do "test before you fly," Aneiros added. Again, if something goes wrong, you have a backup Active Directory, so you won't have to start over from scratch.
3. Don't tackle Group Policy until you've studied your Registry settings, said Greenspan. "Understand how your operating system works and how the Registry can be set." There are many layers to Active Directory and subsequently, Group Policy, so taking the time to figure out the Registry and permissions will, in turn, help you create appropriate policies. "If you apply the wrong policies, you can crash your servers," Greenspan warned.
4.Don't tackle Active Directory without mastering Group Policy. Active Directory gives administrators more functionality than is present in Windows NT. But be careful, Aneiros advised, because "Active Directory is so powerful it can lockdown all the machines in a company." Unless you want that to happen, learn how to best manage it and the group policies you plan to run.
FOR MORE INFORMATION
SearchWindowsManageability Best Web Links on Policy Management.