Group policy objects
Group Policies provide the cornerstone technology for change and configuration management within the Windows operating system. It enables administrators to manage user desktops and servers and defines configurations for groups of users.
The aim of this article is to provide a set of design guidelines as well as an end to end GPO life cycle process to assist in correlating each policy request into an overall architecture for your AD infrastructure.
Create as Few GPO’s as Possible
This will improve performance by decreasing the number of GPO’s that needs to be processed and will consolidating settings to enable simpler management.
Minimize Number of GPO’s Applied to User or Computer
It is better to include many policy settings in a single GPO than to create many GPO’s. One GPO with one hundred GPO settings processes faster than one hundred GPO’s with only one Group Policy setting each.
Implement Straightforward Policies for Easy Troubleshooting
For easier troubleshooting, minimize “Block Policy Inheritance”, “No Override”, and “Filtering”, so that it is easier to locate the source of a particular setting. Only use loop back processing when you want the computer environment to be the same no matter which user logs on.
Disable Unused Parts of a Group Policy Object
If a Group Policy object has, under the User Configuration or Computer Configuration node of the console, only settings that are Not Configured, then you can avoid processing those settings by disabling the node. This expedites start-up and logon for those users and computers subject to the Group Policy object.
Group Policy naming convention
Use naming standard for each and every group policy .we can easily identify the group policy if we have good naming standard for group policy. Example- CL-U-ProxySetting-FD
Avoid Linking GPO’s between Domains
Linking GPO’s across domains has an impact the processing of those policies, which results in slower user logons.
Use Filtering to Refine
Use filtering to refine the application of Group Policy to a particular subset of user and computers within a given group. The need for filtering GPO’s can be reduced by creating additional OU’s to isolate the user and computers that require certain policy settings. Consult or make your request to the AD team before creating additional OU’s.
If you have any questions feel free to contact me on firstname.lastname@example.org also follow us on facebook @windowstechno to get updates about new blog posts.