Group Policies and OU Design

Previous page
Table of content
Next page

Administrators create group policies to limit users from performing certain tasks or to automatically set up specific functionality. For example, a group policy can be established to display a legal disclosure to all users who attempt to log in to a system, or it can be set up to limit access to the command prompt. Group policies can be set on Active Directory sites, domains, and OUs but can also be configured to apply specifically to groups as well. This functionality increases the domain designer's flexibility to apply group policies.

As previously mentioned in this chapter, creating additional OUs simply to apply multiple group policies is not an efficient use of OU structure and can lead to overuse of OUs in general. Rather, you can achieve a more straightforward approach to group policies by applying them directly to groups of users. The following procedure illustrates how you can apply a specific group policy at the domain level but enact it only on a specific group:

1.

In Active Directory Users and Computers, right-click the domain name and choose Properties.

2.

Select the Group Policy tab.

3.

Select the group policy that you want to apply to a group and click the Properties button.

4.

Select the Security tab.

5.

Uncheck the Read and the Apply Group Policy check boxes from the Authenticated Users Group, if it exists.

6.

Click the Add button to select a group to apply the policy to.

7.

Type the name of the group into the text box and click OK.

8.

Select the group you just added and check the boxes for Read and Apply Group Policy, as shown in Figure 6.10.

Figure 6.10. Adding Read and Apply Group Policy security properties.


9.

Repeat steps 68 for any additional groups to apply the policy.

10.

Click OK and then Close to save the changes.

11.

Repeat steps 110 for any additional group policies.

This concept of applying a specific group policy at the domain level but enacting it at a specific group in and of itself can reduce the number of unnecessary OUs in an environment and help to simplify administration. In addition, group policy enforcement becomes easier to troubleshoot as complex OU structures need not be scrutinized.



Previous page
Table of content
Next page
Microsoft Windows Server 2003 Unleashed(c) R2 Edition
Microsoft Windows Server 2003 Unleashed (R2 Edition)
ISBN: 0672328984
EAN: 2147483647
Year: 2006
Pages: 499
Authors: Rand Morimoto, Michael Noel, Alex Lewis
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Absolute Beginner[ap]s Guide to Project Management
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Postfix: The Definitive Guide
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy