Define Your Group Policy Requirements

To implement your client administration standards, you need to create Group Policy objects that include settings in a number of different areas: security, applications, computer systems, user environment, and application-specific. Most of these options are explained in the chapter "Defining Client Administration and Configuration Standards." The security issues are addressed in the chapter "Planning Distributed Security." (You might also need to create additional settings if you plan to implement the capabilities described in the chapter "Applying Change and Configuration Management.")

To define your organization's Group Policy requirements, first identify the types of policy settings that you require. These will normally break down into the following areas:

Security settings: __________________________________________________

_________________________________________________________________

Application packages to be deployed: _________________________________

_________________________________________________________________

Computer system settings: __________________________________________

_________________________________________________________________

User environment settings: __________________________________________

_________________________________________________________________

Application-specific settings: ________________________________________

_________________________________________________________________

Next, use a table similar to Table A.26 to determine the type of object in the directory (user, computer, and so on) where you will apply these settings:

• Domain (password or account policy)
• Client computers
• Users
• Domain controllers
• Servers (application, file and print)

At this stage, the document you create should be a first draft Group Policy structure. It is likely that many of your Group Policy settings are common to all of the client computers, users, servers, and so on in your organization. You can combine these universal Group Policy settings into a single Group Policy object for clients, users, servers, and so on.

Table A.26 Define Your Windows 2000 Group Policy Requirements

Some Group Policy settings will not apply to all objects of a particular type. You can create additional Group Policy objects or use some of the special Group Policy implementation options described in the chapter "Defining Client Administration and Configuration Standards"to address these unique needs. For example, you might need a unique Group Policy object to properly configure computers for users who access the network from remote computers. Alternately, for users who have administrative responsibilities, you probably do not want their applications to be installed when they log on to a server console. Setting a "loopback" policy for the systems you want to protect can prevent this by supplementing or overriding the normal user settings.

The chapter "Defining Client Administration and Configuration Standards"in this book will explain the many Group Policy options that you can use to customize and efficiently manage Group Policy. Table A.27 illustrates how you can document the scope of, and exceptions to, your Group Policy settings.

Table A.27 Define Your Group Policy Scope and Exceptions

© 1985-2000 Microsoft Corporation. All rights reserved.