[itdiscuss] Group policy statement

Bobby Stewart bStewart at brentwoodbaptist.com
Thu Nov 19 13:43:15 EST 2009 

Yes, Michael, I agree there is a lot that can be done with the method
you describe. My biggest issue was... Great! It's blown up because I put
in the wrong security parameters! Now, where was that security setting?

 

Amazing control via granularity. Management yielded more trouble than I
could deal with, at least with my limited tools and expertise on Win2k3
server R2, before I liberated myself with structured OUs.

 

Bobby Stewart
Network Analyst
Brentwood Baptist Church
Brentwood, TN
WWW.BrentwoodBaptist.com <http://WWW.BrentwoodBaptist.com> 
(615) 324-6149 office

(615) 830-0012 cell

 

From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Michael Sainz
Sent: Thursday, November 19, 2009 12:16 PM
To: IT Discussion Forum
Subject: Re: [itdiscuss] Group policy statement

 

Well...scoping them correctly is implied. ;)

 

Some shops do some pretty amazing AD design and OU's I believe are not
based solely for management of GPO's. That's the reason for Security
Filtering as you have a static design of OU's and objects, but need
additional scoping options for fine tuning.

 

With that said, if your AD design allows for it...scoping to OU's is the
easiest.

 

michael|sainz

information technology coordinator | sunset presbyterian church
<http://www.sunsetpres.org/> 

michaelsainz at sunsetpres.org | twitter.com/michaelsainz
<http://twitter.com/michaelsainz>  | Blog <http://www.iamdigerati.com/> 

 

"We listen to worship music, while the rest of the world listens to hip
hop and pop. We talk about history, while the rest of the world talks
about reality. We use bulletins, while the rest of the world is on
Facebook." -Tony Morgan

 

From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Bobby Stewart
Sent: Thursday, November 19, 2009 10:04 AM
To: IT Discussion Forum
Subject: Re: [itdiscuss] Group policy statement

 

Yes, you can but my experience with this is that it's tedious and
sometimes unpredictable (or at least not as easy to manage the results).
We use the OU method with servers in their own OU separate from all
other systems. We've done the same for systems that are portable
(notebooks, tablets, etc.) vs. desktops, Windows XP vs. Vista vs. Win7
(at one time an issue for our antivirus automated deployment) as well as
separating users in OUs for different policy applications. It's a great
tool!

 

Bobby Stewart
Network Analyst
Brentwood Baptist Church
Brentwood, TN
WWW.BrentwoodBaptist.com
(615) 324-6149 office

(615) 830-0012 cell

 

From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Michael Sainz
Sent: Thursday, November 19, 2009 11:50 AM
To: IT Discussion Forum
Subject: Re: [itdiscuss] Group policy statement

 

You can scope your GPO's appropriately using Security Filtering.

 

michael|sainz

information technology coordinator | sunset presbyterian church
<http://www.sunsetpres.org/> 

michaelsainz at sunsetpres.org | twitter.com/michaelsainz
<http://twitter.com/michaelsainz>  | Blog <http://www.iamdigerati.com/> 

 

"We listen to worship music, while the rest of the world listens to hip
hop and pop. We talk about history, while the rest of the world talks
about reality. We use bulletins, while the rest of the world is on
Facebook." -Tony Morgan

 

From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of blloyd at buskercom.com
Sent: Thursday, November 19, 2009 8:14 AM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Group policy statement

 

Yep.  Just setup the policy for the OU(s) that your workstations are in
and make sure there aren't any servers in the same OU(s).  Keep in mind
that you can link GPOs to more than one OU.

 

 

Bill Lloyd 
IT Manager

 

2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604 Ext.: 250
Fax:     770-417-1747
Cell:     404-379-6963

blloyd at buskercom.com <mailto:blloyd at buskercom.com> 

This email and any accompanying attachments may contain confidential and
proprietary information. If you are not the intended recipient, you are
requested to delete this entire communication immediately. Emails cannot
be guaranteed to be secure or free of errors or viruses. The sender does
not accept any liability or responsibility for any problems that may
result from emails you receive.

From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Steve Huffman
Sent: Thursday, November 19, 2009 10:43 AM
To: IT Discussion Forum
Subject: [itdiscuss] Group policy statement

 

Is there a way to force autoupdates on your workstations but exempt your
servers in group policy? I don't want my servers to reboot on their own
J

 

Steve

 

Steve Huffman

Network Administrator

Blackhawk Church

shuffman at blackhawkchurch.org

www.BlackhawkChurch.org 

608.828.4200

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://optimus.thompsonic.com/pipermail/discuss/attachments/20091119/adb1c476/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 14873 bytes
Desc: image001.jpg
Url : http://optimus.thompsonic.com/pipermail/discuss/attachments/20091119/adb1c476/attachment-0001.jpeg

More information about the discuss mailing list