As I work in Managed Services on a global scale we have the requirement from our Clients frequently to apply individual GPO to machines in the form of Highly Managed, Lightly Managed and Un-Managed.
This guide WILL give you a basic run down of how to apply this filtering.
This guide will NOT provide GPO Settings, i may if i get time put together a cleaned up guide for this based loosely on our Templates.
This guide assumes that you have first setup Windows Server 2008 and configured it for Active Directory.
In a production environment please consult Technet for best practise, see below links:
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
As I work in Managed Services on a global scale we have the requirement from our Clients frequently to apply individual GPO to machines in the form of Highly Managed, Lightly Managed and Un-Managed.
This guide WILL give you a basic run down of how to apply this filtering.
This guide will NOT provide GPO Settings, i may if i get time put together a cleaned up guide for this based loosely on our Templates.
This guide assumes that you have first setup Windows Server 2008 and configured it for Active Directory.
In a production environment please consult Technet for best practise, see below links:
Design Active Directory:
Document - http://technet.microsoft.com/en-us/library/bb727085.aspx
WebCast - http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032317872&CountryCode=US
Implement Active Directory: http://technet.microsoft.com/en-us/library/cc778219(WS.10).aspx
Assigning Rights on OU Objects: http://technet.microsoft.com/en-us/library/cc786285(WS.10).aspx
Best Practices Analyzer for Active Directory Directory Services (BPA AD DS): https://connect.microsoft.com/ADBPA?wa=wsignin1.0
Create your Security Groups.
Open Active Directory Users and Computers:
Create your GPO Security Groups, (Highly, Lightly and Un-Matched is our standard)
e.g. <sitecode>-GPO-Highly-Managed, Global Group, Security Group
Example output:-
Create your Group Policy Objects
Open GPEdit.msc
Navigate to “Group Policy Objects”
Right-Click – Select “New”
– Create your GPO’s to suit the above created Groups.
<sitecode>-GPO-Highly-Managed
<sitecode>-GPO-Lightly-Managed
<sitecode>-GPO-Un-Managed
Build your GPO to your required levels
Applying Group Policy to the Security Groups
Navigate down your OU Structure to where you wish to apply your Group Policies:
Example: REGIONS\APAC\<country>\<sitecode>\Workstations\
Right Click the OU you want to apply GP too (Workstations) , select “Link an Existing GPO…”
Select your Group Policy Object to link and Click OK
Select the GPO you have just linked:
Select Authenticated Users and Click Remove.
Click Add and Type in the Security Group name specific to this GPO
Example: <sitecode>-GPO-Highly-Managed
Complete for the remaining GPO’s you wish to use
Let me know if i missed anything or any recommended changes :-)
Edited by jamitupyaShare this post
Link to post
Share on other sites