You need to consider possible interoperability issues when planning a Group Policy implementation in a mixed environment, if you do not immediately plan to upgrade all your servers and/or clients . Group Policy only applies to computers running Windows 2000, Windows XP Professional, or Windows Server 2003.
Windows Server 2003 and Windows XP Professional include many new Group Policy settings that are not used on Windows 2000. However, even if the client and server computers in your organization mostly run Windows 2000, and you have any Windows Server 2003-based computers, you should use the Windows Server 2003 administrative templates (.adm files) because they are the most inclusive. If you apply a GPO with newer settings to a previous operating system that does not support the setting, it will not cause a problem. Destination computers that are running Windows 2000 or Windows XP Professional will simply ignore settings supported only in Windows Server 2003. To determine which settings apply to which operating systems, in the description for the setting, see the Supported on information in the Group Policy Object Editor Group Policy Object Editor, in either the Extended view or the setting s Properties page, which explains which operating systems can read the setting.
If you plan to deploy Group Policy in mixed environments, take the following Group Policy processing behavior into account.
If the destination computer is running Windows NT 4.0, Windows 95, or Windows 98, it uses System Policy rather than Group Policy. System Policy is a Windows NT 4.0-style policy based on registry settings specified by using the System Policy Editor, Poledit.exe.
If the destination computer is running Windows 2000, Windows XP Professional, or Windows Server 2003, and the computer account and the account for the logged-on user are both located in a Windows 2000 or Windows Server 2003 domain, both the computer and the user portions of a GPO are processed. If either the logged- on user account or the computer account is located in a Windows NT 4.0 domain, System Policy is processed for those accounts located in the domain.
You can also configure GPOs individually per computer by using local GPOs (LGPOs), on Windows 2000, Windows XP Professional, or Windows Server 2003 computers. LGPOs are processed before Active Directory-based GPOs, which means that if the computer or user is a member of a domain, the Active Directory-based GPOs will override the LGPOs if the same settings are configured in both.
Identifying and troubleshooting problems in a mixed environment where both System Policy and Group Policy apply can be complicated. When possible, move both the computer and the user account into a Windows 2000 or Windows Server 2003 domain.
For more information about migrating user and computer accounts from a Windows NT 4.0 domain to a Windows 2000 or Windows Server 2003 domain, see Upgrading Windows NT 4.0 Domains to Windows Server 2003 Active Directory in Designing and Deploying Directory and Security Services of the Microsoft Windows Server 2003 Deployment Kit .