The best answer is that it really depends
upon:
--what you're doing in your GPOs
--how available/reliable/performant your network
is
--how you've delegated GP
administration
--more granular delegation typically results in
more GPOs
My obvious advice is to always keep the implementation as
simple as possible to achieve your goals. Generally speaking, the more GPOs, the
more chance of something going wrong, the longer a particular computer startup
or logon takes,etc. One thing I would say is that make sure that whatever is in
your test environment is the same as what you have in prod. Changing or
consolidating policy as you're moving into production is probably not a good
idea. Also, stay away from implementing policy that is compute intensive, such
as the file system and registry security policies. Creating file or registry
security policy that permissions large trees is not a good idea.
All
that being said, there is no magic number but if you have a small-ish
environment without a lot of variation in desktop configuration, and you have
100s of GPOs. that's probably too many :). In a large organization, 100s of
GPOs is not unheard of.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Williams
Sent: Tuesday, January 24, 2006 9:23 AM
To: [email protected]
Subject: [ActiveDir] Group Policies
How many group
policies are considered too many? Is there a good average to shoot for? Should
they be consolidated into one policy after testing?
Thanks
Mike
Michael P. Williams
Information Technology
Carlyle Van Lines
801 West
Young
Warrensburg, Missouri 64093
(660)
747-8128 X 3816
[EMAIL PROTECTED]
www.carlylevanlines.com
