Windows Thread, just wondering??? in Technical; Hi all,
I was just wondering...
a] how many Group Policies does everyone have for installing software? For example, do ...
16th November 2008, 03:50 PM #1
I was just wondering...
a] how many Group Policies does everyone have for installing software? For example, do you have a GPO for each individual piece of software, or do you run them all under one?
b] how well organised are everyones Active Directories? i have found myself organising all the users and computers into smaller OU's... for example, i have split the students into year groups, i have separated the computers in our suite, teachers laptops, laptops for the students
interested to hear how everyone else works
16th November 2008, 04:05 PM #2
I have GPO's for each piece of software we have licenses for, for instance i can the selectivly install software when and where it is required rather than having a GPO per room/depeartment etc. Encarta gets installed in Room T3 which is the department who purchased the licenses, but English have also purchased some linceses this term so we can push it off to F5 also.
I've organised AD as follows:
Pupils: Simple - By Year Group
Teachers - Just one big teacher group
Non-Teaching Staff - Pretty much the same as the Teachers group!
16th November 2008, 04:55 PM #3
I have GPOs split into four main categories:
Machines, Users, Software Restrictions, Software Deployment
Plus an otherwise unused one called Password Security -which applies to everything and everyone.
Then within each category:
Machines: has a general "default workstations", that every machine gets, then I have "normal" and "special", and Servers.
Users: All Users, staff, students, administrative (IE me);
Software Restrictions: staff, students, admin, programmers (they need to be able to run VB, and EXE and access specific stuff); The access to the Programmers SRP is based upon a security group, which also gives power user access to certain machines;
Software Deployment: I have one per computer room/cluster (5 general, 2 languages, and 5 clusters);
It's a battle between how many GPOs you want (as few as possible - easier to manage), how much differences are needed between the areas, keeping things logically separate, and minimising the number of GPOs that load per person/machine.
Machines bootup time is longer the more GPOs are applied to them; Machines have 3;
Users logon time is longer the more GPOs are applied to them; Users have 3;
In terms of OU, we upgraded from NT and this left an unsorted mess of users in the general "students" OU, but these are gradually leaving. To replace this, we have created an OU per year, into which they go, although for KS5 we have this only for the new starters (we get about 70 external students per year)
Then there is also staff OU, and an admin OU.
Machines are all sorted into "Machines", and then each computer room, cluster has an OU, as do certain buildings that have machines dotted around (IE Tech dept, have about a dozen machines, so they have an OU).
I tend to apply GPOs to OUs, but we do have certain machines (the "special" group) that need different access, and the "programmers" groups that have access to the programmers SRP/GPO.
We've had SIMS learning gateway installed recently, so I now have an extra OU called SLG, into which SIMS have been creating duplicate usernames, just the staff now, but it will become the students, and eventually the parents too - which will give me an extra 5000 users, I have no GPO applied to this lot, but I will need to introduce one to stop them logging in.
16th November 2008, 06:10 PM #4
A mixture; mostly a GPO per application where they are deployed to different OUs, where an app is solely in one OU they are collected together into one policy to reduce the number that have to be evaluated during refreshes.
Originally Posted by Admiral208
Meticulously and, probably, anally.
how well organised are everyones Active Directories?
16th November 2008, 08:47 PM #5
a) One single GPO for all deployed software. Each individual package is security group filtered, so only computers that are members of the corresponding security group receive the software.
b) AD is organised as follows:
- Servers are organised into OUs by their primary role, i.e. DC, File Server, Web Server.
- Workstations are organised into OUs by teaching department (plus Administrative), with sub-OUs for laptops and/or labs with many workstations.
- Student users are all in one OU.
- Staff users are organised roughly by primary job role, i.e. Teaching, Administrative, IT Support. Administrative is further divided into OUs such as Site, Secretarial, Finance, etc.
By siuko in forum Educational IT Jobs
Last Post: 2nd May 2008, 01:55 AM
Last Post: 11th July 2007, 08:09 PM
By russdev in forum General EduGeek News/Announcements
Last Post: 28th April 2006, 10:12 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)