Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Straightening out that GPO structure!

  • Filter
  • Time
  • Show
Clear All
new posts

  • Straightening out that GPO structure!

    I have some questions/concerns about what I have inherited for a GPO structure. I have always been one for organization. I normally would create OU's and group users/devices by common needs. After that I would apply GP's at the OU level based on the needs.

    What I see here is GPO's living everywhere within in the GPO structure then security filtering be used for which they apply. So there could be a GPO that is suppose to be applied to network administrators, but rather than having all the network admins in an OU, they are all over the place and the GPO lives at the Domain level....

    I am wondering how others structure their network and some best practices?


  • #2
    Re: Straightening out that GPO structure!

    It is generally accepted that security filtering is a 'bad thing' and slows down GPO application (verifying group membership every time a GPO is applied)

    I'm with you and use OUs to manage and apply GPOs -- thats one of the main reasons for them
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: Straightening out that GPO structure!

      I am reading alot about Item level targeting for GP these days. Lots of people seem to leveraging this practice. Isn't item level targeting basically the same as security group filtering?