Hi,
1) Are you saying that you dont have any protection at all from the
internet, except your policies? If so then that is a dangerous situation to
be in.... have u had a decent port scan / vulnerability test done?
2) I know that it's good practice not to go deeper than 3 OUs down on most
environment and recommended on a wide scale.... mostly down to policy
processing time though if I remember... I guess it depends on the amount of
policies you are running... then again if you haven't got a firewall as u
say... u must be running a good few.
How are you accessing the Internet?
Best Regards,
Rob
"Charles Carerros"
<[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>
Sent by: cc:
[EMAIL PROTECTED] Subject: [ActiveDir] GPO Question
tivedir.org
30/07/2003 22:48
Please respond to
ActiveDir
Hey all,
For the past few years I have been doing my GPOs primarily based up on
the user settings. (We don't have a firewall on my campus so by
disabling a lot of stuff using the security portion of the user GPO I
can help reduce the security risk.) However, I have just been asked to
only use computer based GPOs (a migration scheme will leave me no access
to user accounts).
1) I was wondering if anyone has any suggestion (pro or con) to doing
only computer based policies?
2) Are there any really good documents that might help clarify the
process by which loopback (and troubleshooting loopback) is utilized? I
will probably need to implement this in order to have a good policy.
3) Does anyone here only do computer based policies? What is your
experience with them?
I am going to re-read the Microsoft Group Policy white paper tonight,
but if anyone knows of any additional documentation that is related to
this and might discuss the issues (negative or positive) about this type
of organization scheme, it would be tremendously helpful.
Just for a little more background, if I end up implementing the scheme
that was suggested to me today it would consist of a five level OU
structure with 1 OU at 1 tier, 1 OU at 2 tier, 35 OUs at 3 tier, 4 OUs
at 4 tier and 2 OUs at 5 tier (not all of the 4th tier OUs will have a
fifth, only about 40% of them.)
Does anyone have any feedback of having a five level nested OU
structure. I would like to maintain my current 3 tier OU structure, but
I need some technical ammo to defend my structure with.
Thanks,
Chuck
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
**********************************************************************
This E-mail and any files transmitted with it are in
commercial confidence and intended solely for the use of
the individual or entity to whom they are addressed.
If you have received this E-mail in error please notify the
Administrator by E-mail ([EMAIL PROTECTED]).
Any views or opinions expressed are solely those of the
author and do not necessarily represent those of
DEK International., or its affiliates.
**********************************************************************
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.dek.com
**********************************************************************
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
