Printable View
I have recently become the network manager of a school. I have inherited a DC with pretty much all policies rolled into one or two default GPOs. The logons take FOREVER.
I just wanted to know how other people manage their GPO's. Do you do the same or are you a one GPO per policy person. Or do you have another way.
I tend to roll all my installs into one policy, all my lockdowns into one policy (one each for staff & students), but create individual policies for anything more specific ie per application firewall rules.
Thank you for your response. I will take this into consideration. Do you find logons are quick this way?
We do pretty much the same here as fairm010, we have a whole domain policy (not the Default), then one for all PCs. We then have separate for Staff and Student PCs, separate for Staff and Student users, and I have a few separate policies for things like enabling Aero so I can apply a WMI object to it. GP installs are in separate policies each, for use when needed. In total, a logged on user will have five or six GPOs applied. Logons take between 15-40 seconds depending on the speed of the machine and whether the profile is cached etc. Total sysvol size is around 200MB.
We have Win 7 clients with 08R2 and a gigabit network and tend to find logins take 20 seconds ish. Also depends if you use profiles or redirected desktops or the likes. Just taken over a new school where the old tech had made a new GPP for literally EVERYTHING. Every individual lockdown change he had a seperate policy for, logons took 4 mins +!
GPO's here are done by department, for Sales we have different GPO's for software installs, internet properties etc etc and the same with other departments, we even have GPO's by group so that certain groups of users have certain policies. We have the Staff groups then we have Staff GPO's for installs etc.