Defining Your Group Policy Objectives

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

When you plan the deployment of Group Policy, identify your specific business requirements and how Group Policy can help achieve them. You can then determine the most appropriate policy settings and configuration options to meet your requirements.

The objectives for each Group Policy implementation vary depending on user location, job needs, computer experience, and corporate security requirements. For example, in some cases, you might remove functionality from users’ computers to prevent them from modifying system configuration files (which might disrupt computer performance), or you might remove applications that are not essential for users to perform their jobs. In other cases, you might use Group Policy to configure operating system options, specify Internet Explorer maintenance settings, or establish a security policy.

Having a clear understanding of your current organizational environment and requirements helps you design a plan that best meets your organization’s requirements. Collecting information about the types of users (such as process workers and data entry workers) and existing and planned computer configurations is essential. Based on this information, you can define your Group Policy objectives.

Evaluating Existing Corporate Practices

To help you identify the appropriate Group Policy settings to use, begin by evaluating current practices in your corporate environment, including such things as:

  • User requirements for various types of users.

  • Current IT roles, such as the various administrative duties divided amongst administrator groups.

  • Existing corporate security policies.

  • Other security requirements for your server and client computers.

  • Software distribution model.

  • Network configuration.

  • Data storage locations and procedures.

  • Current management of users and computers.

Defining Group Policy Objectives

Next, as part of defining the goals for Group Policy, determine the following:

  • Purpose of each GPO

  • Owner of each GPO – the person who requested the policy and who is responsible for it

  • Number of GPOs to use

  • Appropriate container to link each GPO (site, domain, or OU)

  • Types of policy settings contained in each GPO, and the appropriate policy settings for users and computers

  • When to set exceptions to the default processing order for Group Policy

  • When to set filtering options for Group Policy

  • The software applications to install and their locations

  • What network shares to use for redirecting folders

  • The location of logon, logoff, startup, and shutdown scripts to execute