What are the Best Practices for Using Group Policy Objects?

By
Aaron Garnes
-
0
13
Asked By TechWhiz99 On

I'm looking for some guidance on best practices when it comes to Group Policy Objects (GPOs) and how many policies I should have. Is it better to have several policies with just a few settings each (like 1-5 per policy), or should I group many settings together into fewer policies (50+ changes)? Does it also make a difference if I apply these settings per location versus using a single policy for everything with item-level targeting? Right now, we have about 70 GPOs in place, many dating back to Windows 7. Each location has its own GPO for tasks like drive mappings and Windows Server Update Services (WSUS), and I've set up various policies for settings like Chrome configurations and power settings. As I plan to recreate several of these policies, I want to ensure I'm on the right track and not overcomplicating things.

5 Answers

Answered By SystemSavvy88 On

Using item-level targeting can become a hassle. Instead, apply policies to Organizational Units (OUs) while keeping inheritance in mind. I suggest having a "Default Domain" policy for common settings everywhere, then be more specific with GPOs targeted at different OUs for Users, Servers, and Workstations. Just remember that too many GPOs can slow logon times, and the same goes for having too many items in a single policy.

Answered By GPO_Master22 On

We have a mix of GPOs at my job. Some are broad with lots of settings, like security baselines for all computers, while others are narrow with just a few settings. It's often unnecessary to cram everything into one policy, but similar settings can coexist.

Answered By PolicyNerd23 On

I personally like to tackle policies one by one. It makes troubleshooting easier since you can pinpoint exactly which policy caused an issue if something goes wrong.

Answered By GPO_Guru18 On

I recommend organizing your GPOs by theme, like Chrome Settings or Windows baseline. This helps keep the number of GPOs down, which is important for avoiding long login times. Just be careful with inheritance and enforcement, and you should be in good shape!

Answered By AdminPro45 On

Try to avoid bloated GPOs. Have a few larger ones for baselines, but aim for targeted policies with clear names. If you're struggling to describe a GPO in a few words, you might be adding too many settings. Also, make sure to clean up any unused parts of the GPO and watch for inheritance issues.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.