Sample Planning Worksheets

Previous Topic Next Topic

Define Your Group Policy Requirements

To implement your client administration standards, you need to create Group Policy objects that include settings in a number of different areas: security, applications, computer systems, user environment, and application-specific. Most of these options are explained in the chapter "Defining Client Administration and Configuration Standards." The security issues are addressed in the chapter "Planning Distributed Security." (You might also need to create additional settings if you plan to implement the capabilities described in the chapter "Applying Change and Configuration Management.")

To define your organization's Group Policy requirements, first identify the types of policy settings that you require. These will normally break down into the following areas:

Security settings: __________________________________________________

_________________________________________________________________

Application packages to be deployed: _________________________________

_________________________________________________________________

Computer system settings: __________________________________________

_________________________________________________________________

User environment settings: __________________________________________

_________________________________________________________________

Application-specific settings: ________________________________________

_________________________________________________________________

Next, use a table similar to Table A.26 to determine the type of object in the directory (user, computer, and so on) where you will apply these settings:

At this stage, the document you create should be a first draft Group Policy structure. It is likely that many of your Group Policy settings are common to all of the client computers, users, servers, and so on in your organization. You can combine these universal Group Policy settings into a single Group Policy object for clients, users, servers, and so on.

Table A.26 Define Your Windows 2000 Group Policy Requirements

 
Domain
Client Computers
Users
Domain Controllers
Servers
Security
Password;
Account;
Kerberos policy;
PK trust list
User rights;
File and registry ACLs;
Audit and event log;
Local settings
EFS policy User rights;
File and registry ACLs;
Audit and event log;
Local settings
User rights;
File and registry ACLs;
Audit and event log;
Local settings
Application deployment   Mandatory core applications Published optional applications and components Administrative tools Administrative tools
Computer (hardware) settings   Startup scripts;
Logon;
Disk quotas;
Offline files
  Disk quotas Printer moving
User settings
    Logon scripts;
Internet Explorer Settings;
Remote access;
Folder redirection;
Desktop lockdown;
Network;
System
Disable standard user desktop settings Disable standard user desktop settings
Application settings     Office 2000;
In-house applications
   

Some Group Policy settings will not apply to all objects of a particular type. You can create additional Group Policy objects or use some of the special Group Policy implementation options described in the chapter "Defining Client Administration and Configuration Standards"to address these unique needs. For example, you might need a unique Group Policy object to properly configure computers for users who access the network from remote computers. Alternately, for users who have administrative responsibilities, you probably do not want their applications to be installed when they log on to a server console. Setting a "loopback" policy for the systems you want to protect can prevent this by supplementing or overriding the normal user settings.

The chapter "Defining Client Administration and Configuration Standards"in this book will explain the many Group Policy options that you can use to customize and efficiently manage Group Policy. Table A.27 illustrates how you can document the scope of, and exceptions to, your Group Policy settings.

Table A.27 Define Your Group Policy Scope and Exceptions

Group Policy Settings Scope Exceptions
Domain (security)

   
Workstation (security, applications, and system)
   
User (security, applications, and system)
   
Domain controller (security, applications, and system)
   
Server (security, applications, and system)
   

© 1985-2000 Microsoft Corporation. All rights reserved.