No announcement yet.

New Domain frm Scratch / Laptop GPO Help

  • Filter
  • Time
  • Show
Clear All
new posts

  • New Domain frm Scratch / Laptop GPO Help

    I started with a new company. First day on the job both DC's are tombstoned. No one uses domain to login except a few. ALL USERS are (were) domain admins. Many more issues.

    Build new VM DC and now most are joined. Still a work in progress. I have been using MS Security Compliance Manager however I have been manually configure each policy as I CANNOT figure out how to export / Import the particualar GPO in MS Compliance MGR then import it into Group Policy.

    So basically I need to create a GPO for laptop users. Typical situation nothing out of the ordinary. Users bring in their laptops (some personal) others company owned. regardless I still need them joined and will be purchasing laptops for users bringing in personal.

    I see all the different policies in MS compliance mgr however I would really like a template or something that I can modify like in the old days 2003 using Security config and analysis.

    So this is really a question regarding a GPO for laptops (where can I get a reccomendation to go off of like a template) or how can I get MS compliance MGR to work for me. I have time to research however it is tuff because there are so many fires to put out here and I am by myself. Any help at this point would be great. it is such a pain to go through every policy and read it and configure it one by one. thanks in advance.

  • #2
    Re: New Domain frm Scratch / Laptop GPO Help

    If you're joining the laptops to the domain then why not put them all in an OU and apply the settings you want to that OU using Group Policy?

    Network Consultant/Engineer
    Baltimore - Washington area and beyond


    • #3
      Re: New Domain frm Scratch / Laptop GPO Help

      So is the new domain 2008 R2? If it is, look at the Starter GPOs and also google the same for more detailed information regarding their settings. They are a good starting point and you decide what fits your environment.

      Laptops wise, I would have the same policies apply to them as others and then ensure that the OU containing laptops is at a lower level than other GPOs applying to all workstations and then create a GPO specifically for laptops. For example, you may allow passwords to be cached for laptops only. Only allow offline files for laptops etc.