newbie: concepts of gpo's

  • Thread starter Thread starter tim moor
  • Start date Start date
T

tim moor

dear gpo-gurus,
i have just setup a ts-farm with citrix ps 3.0. all ts-users and the
ts-servers are placed in a ou-structure like this:

ou_ts_ressources
ou_ts_users
ou_ts_computers

a few of my policies i'd like to set are computer (computer configuration)
related, a few are user (user configuration) related. would you create two
gpo's ? one for the ou_ts_users with all the user configuration stuff and
one for the ou_ts_computers with the computer-configuration settings ? or
should i create one main gpo with both parts (computer and user-settings)
and place it to the ou_ts_ressources.

ps: i do not need any loopback functionality, as all users only can connect
to the farm with ts-sessions.

thanx alot
tim
 
Hi Tim

You can use either approach. It's usually easier to manage and for new
administrators to understand what's going on if you keep it separated
however. If you name the GPO's with sensible names, you can easily get a
feel for where to look when a setting isn't working as expected.

If you haven't already, check out GPMC ... group policy management heaven
....

http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

HTH
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
What I typically do is simply create an OU for terminal servers and leave
the users in whatever OU they would normally be in. I just add them to a
group call TS Users (That way I can control the group's access to the
policies). If your TS Users are only ever going to use TS, then your config
is fine. In the end, it's probably 6 of one, half dozen of the other.

For policies, I usually make two, and apply them both to the OU with the
terminal servers in it. One of them simply enables Loopback processing.
This enables users who may have other GPO's set elsewhere (including the
defaul domain policy) to use the policies applied to the terminal server.
(The actual definition is a bit more technical, I think. You can look at
the Explain tab for the setting if you want). You can find that in Computer
Config | Admin Templates | System | Group Policy

The second policy has all the actual configurations. Make sure to document
the changes you make, especially if you aren't using the Group Policy
Management Console. You can policy yourself right out of a box if you're
not careful. In this policy, I do both computer configs and user configs.
 
Oh, the reason I put the Loopback Processing setting in it's own GPO is that
it tends not to work when it is bulked in with the rest of the settings.
I've never had a problem with it on it's own, though.

"Gabe Knuth" <[email protected] (not for legit emails, use my first name @
gabeknuth.com for those)> wrote in message
 
Back
Top