Although group policies are an extremely powerful security mechanism, it can be a bit tricky to deploy them in an effective manner. That’s because the effective group policy is made up of multiple and sometimes contradictory group policy elements that are applied to the user object and / or to the computer that the user is working from. It is therefore critically important that you manage your group policy objects in a way that will allow you to keep them well organized so that you can always figure out which policy elements apply in a given situation.
Further complicating things is the fact that group policy objects can be combined with other group policy objects from the local computer or from a number of different locations within the Active Directory. If you want to make things really interesting though, you can even throw in some loopback or non inheritance settings to make things really confusing.
My point in telling you all of this is to illustrate that without the proper planning, your group policy structure can easily become huge and overly complicated. It is therefore critically important that you manage your group policy objects in a way that will allow you to keep them well organized so that you can always figure out which policy elements apply in a given situation. In this article, I will share with you some best practices that you can use to keep your group policy objects well organized.
No comments:
Post a Comment