Establishing Group Policy Operational Guidelines
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
As you design and implement your Group Policy solution, it is also important to plan for the ongoing administration of Group Policy.
Establishing administrative procedures to track and manage GPOs can ensure that all changes are implemented in a prescribed manner.
To simplify and regulate ongoing management of Group Policy, it is recommended that administrators:
Always stage Group Policy deployments using the following pre-deployment process:
Use Group Policy Modeling to understand how a new GPO will interoperate with existing GPOs.
Deploy new GPOs in a test environment modeled after your production environment.
Use Group Policy Results to understand which GPO settings actually are applied in your test environment.
Use GPMC to make backups of your GPOs on a regular basis.
Use GPMC to manage Group Policy across the organization.
Do not modify the default domain policy or default domain controller policy unless necessary. Instead, create a new GPO at the domain level and set it to override the default settings in the default policies.
Define a meaningful naming convention for GPOs that clearly identifies the purpose of each GPO.
Designate only one administrator per GPO. This prevents one administrator’s work from being overwritten by another’s.
Windows Server 2003 and GPMC allow you to delegate permission to edit and link GPOs to different groups of administrators. Without adequate GPO control procedures in place, delegated administrators can duplicate GPO settings, or create GPOs that conflict with settings set by another administrator or that are not in accordance with corporate standards. Such conflicts might adversely affect the users’ desktop environment, generate increased support calls, and make troubleshooting GPOs more difficult.