Hey all, For the past few years I have been doing my GPOs primarily based up on the user settings. (We don't have a firewall on my campus so by disabling a lot of stuff using the security portion of the user GPO I can help reduce the security risk.) However, I have just been asked to only use computer based GPOs (a migration scheme will leave me no access to user accounts).
1) I was wondering if anyone has any suggestion (pro or con) to doing only computer based policies? 2) Are there any really good documents that might help clarify the process by which loopback (and troubleshooting loopback) is utilized? I will probably need to implement this in order to have a good policy. 3) Does anyone here only do computer based policies? What is your experience with them? I am going to re-read the Microsoft Group Policy white paper tonight, but if anyone knows of any additional documentation that is related to this and might discuss the issues (negative or positive) about this type of organization scheme, it would be tremendously helpful. Just for a little more background, if I end up implementing the scheme that was suggested to me today it would consist of a five level OU structure with 1 OU at 1 tier, 1 OU at 2 tier, 35 OUs at 3 tier, 4 OUs at 4 tier and 2 OUs at 5 tier (not all of the 4th tier OUs will have a fifth, only about 40% of them.) Does anyone have any feedback of having a five level nested OU structure. I would like to maintain my current 3 tier OU structure, but I need some technical ammo to defend my structure with. Thanks, Chuck List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
