Sample Planning Worksheets |
To implement your client administration standards, you need to create Group Policy objects that include settings in a number of different areas: security, applications, computer systems, user environment, and application-specific. Most of these options are explained in the chapter "Defining Client Administration and Configuration Standards." The security issues are addressed in the chapter "Planning Distributed Security." (You might also need to create additional settings if you plan to implement the capabilities described in the chapter "Applying Change and Configuration Management.")
To define your organization's Group Policy requirements, first identify the types of policy settings that you require. These will normally break down into the following areas:
Security settings: __________________________________________________
_________________________________________________________________
Application packages to be deployed: _________________________________
_________________________________________________________________
Computer system settings: __________________________________________
_________________________________________________________________
User environment settings: __________________________________________
_________________________________________________________________
Application-specific settings: ________________________________________
_________________________________________________________________
Next, use a table similar to Table A.26 to determine the type of object in the directory (user, computer, and so on) where you will apply these settings:
At this stage, the document you create should be a first draft Group Policy structure. It is likely that many of your Group Policy settings are common to all of the client computers, users, servers, and so on in your organization. You can combine these universal Group Policy settings into a single Group Policy object for clients, users, servers, and so on.
Table A.26 Define Your Windows 2000 Group Policy Requirements
Domain |
Client Computers | Users |
Domain Controllers | Servers |
|
---|---|---|---|---|---|
Security |
Password; Account; Kerberos policy; PK trust list |
User rights; File and registry ACLs; Audit and event log; Local settings |
EFS policy | User rights; File and registry ACLs; Audit and event log; Local settings |
User rights; File and registry ACLs; Audit and event log; Local settings |
Application deployment | Mandatory core applications | Published optional applications and components | Administrative tools | Administrative tools | |
Computer (hardware) settings | Startup scripts; Logon; Disk quotas; Offline files |
Disk quotas | Printer moving | ||
User settings |
Logon scripts; Internet Explorer Settings; Remote access; Folder redirection; Desktop lockdown; Network; System |
Disable standard user desktop settings | Disable standard user desktop settings | ||
Application settings | Office 2000; In-house applications |
Some Group Policy settings will not apply to all objects of a particular type. You can create additional Group Policy objects or use some of the special Group Policy implementation options described in the chapter "Defining Client Administration and Configuration Standards"to address these unique needs. For example, you might need a unique Group Policy object to properly configure computers for users who access the network from remote computers. Alternately, for users who have administrative responsibilities, you probably do not want their applications to be installed when they log on to a server console. Setting a "loopback" policy for the systems you want to protect can prevent this by supplementing or overriding the normal user settings.
The chapter "Defining Client Administration and Configuration Standards"in this book will explain the many Group Policy options that you can use to customize and efficiently manage Group Policy. Table A.27 illustrates how you can document the scope of, and exceptions to, your Group Policy settings.
Table A.27 Define Your Group Policy Scope and Exceptions
Group Policy Settings | Scope | Exceptions |
---|---|---|
Domain (security) |
||
Workstation (security, applications, and system) |
||
User (security, applications, and system) |
||
Domain controller (security, applications, and system) |
||
Server (security, applications, and system) |