Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Setting up Group Policy from Scratch
New Posts  All Forums:Forum Nav:

Setting up Group Policy from Scratch

post #1 of 4
Thread Starter 
Hi there gurus (I hope gurus at least),

I walked into a mess of a network at my current job. It was my first real IT job so I was basic when it came to anything networking and server wise. I'm still somewhat simplistic and because I am the only IT person here, it's tough to fall back on others when there aren't any others here to help!

One thing I said to my boss the other day was that we absolutely cannot continue business with every single employee having administrator privileges, especially since we use a terminal server and the actions of one person could affect the entire server.

I have never ever messed with Active Directory except for creating new users/computers to a basic extent. I have little to no experience in group policy. Almost everything server to me is basic troubleshooting and maintenance, no real hardcore configurations or installations. Therefore, where should I start when it comes to group policy?

We have about 40 people here in sales, accounting, purchasing, management, shipping, quality control, etc. Are there examples of good small business policies out there that I could follow? Is there anything that explains specifically how it works, how to set it up, what it affects, etc?
post #2 of 4
Add users to groups, then add groups to OUs. Don't add users directly to OUs.

Edit: What do you mean by administrator? Local administrator? Domain Administrator?

I'm assuming you want to set up a policy so that the users aren't local administrators on the terminal server?
    
CPUMotherboardGraphicsRAM
E6300 @ 2.3 GHz Foxconn Intel x3100 4.5 Rendition 
Hard DriveOptical DriveOSMonitor
160+500 DVDRW Server 08 x64 Princeton 17'' square 
KeyboardPowerCaseMouse
Unicomp Germanic Model M 250W Dell Vostro 200 Gateway Ball Mouse 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
E6300 @ 2.3 GHz Foxconn Intel x3100 4.5 Rendition 
Hard DriveOptical DriveOSMonitor
160+500 DVDRW Server 08 x64 Princeton 17'' square 
KeyboardPowerCaseMouse
Unicomp Germanic Model M 250W Dell Vostro 200 Gateway Ball Mouse 
  hide details  
Reply
post #3 of 4
Thread Starter 
Okay that seems to make sense. I'm a bit fuzzy on the concept of OUs though. What are they designed for? For example, lets say I have this:

Management (only five users get access to this)
Sales (management + sales get access)
Quality (management + quality get access)
Human Resources (only human resources get access to this)
Maintenance (management + maintenance get access)
Office (everyone except maintenance has access)

First of all, that probably looks less than ideal for a group policy so critique it please, but how would I accomplish that using what you said? What is this OU designation?
post #4 of 4
Thread Starter 
I have been diving into this a TINY bit and it's quite interesting.

I don't want to get off on the wrong foot here but how should I structure my OUs? I haven't started with groups yet but I want to set up a plan first.

My original instinct was to create an OU such as Sales, Marketing, etc. and then I said to myself "Hmm, maybe I should start a level up." such as Massachusetts HQ -> Sales, Marketing, etc. but then I just begin to get into complex thoughts.

Can there be an OU within an OU or is that more complicated rather than simplistic? We just have a 100 person plant here with departments as described above.

For example, I could create an OU named Sales, but it would seem useless to put a Sales group inside a Sales OU. See what I mean? Just need some simple guidance I hope. headscratch.gif
Edited by xyeLz - 2/6/12 at 8:03am
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Setting up Group Policy from Scratch