Evaluating Computer and User Roles

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

It is recommended that you configure a user’s environment according to the user’s job or role in the organization. You can then specify the security and other configuration settings for different types of computers such as member servers and desktops. The Group Policy settings you define for each group of users and computers should be based on their business requirements.

Domain controllers and member servers

If you have different types of member servers, such as Microsoft® Exchange 2000 Server, terminal servers, or file and print servers, it is likely that you need to define and create different Group Policy objects to configure the settings on each type of server. For example, when managing terminal servers, you need to ensure that you apply user settings Group Policy based on the computer that the user logs on to. To achieve this, consider using the Group Policy setting for loopback policy processing. (The User Group Policyloopback processing mode policy setting is an advanced option that applies user settings based on the location of the computer object.)

To simplify troubleshooting and problem solving, place the domain controllers and the different types of member servers into separate organizational units and allocate Group Policy objects accordingly.

Desktops

Different computers require different policy settings based on their roles. To support these differences, you need to create Group Policy objects that configure each computer according to its role.

To use IntelliMirror to create configurations for computers, you need to consider things such as whether a given computer is configured to allow multiple users to log on. You also need to determine if the computer retains or discards user profiles between user sessions and if the computer provides local storage space for copies of offline files.