Best Practice Ezine #70 Group Policy

Best Practice Ezine. Computer Performance. Advertise

Is your server running slowly? Check with SolarWinds ipMonitor.

Get your free evaluation copy of ipMonitor here

IPAM will assist you in managing IP addresses.

To let you into a secret, this utilities is fun to use, even if you don't have a pressing need to calculate your IP address space.

Get a free evaluation copy of Orion IPAM

Group Policy for Windows 2003

I love everything about Active Directory Group Policies. From playing 'Mr Nasty' and screwing down the users' desktop, to playing 'Mr Nice' and pampering users with printer locations and proxy settings, Group Policy is satisfying.

Even troubleshooting Group Policy is a labour of love. Before I share my tips and tricks with you, a word about the underlying problem. It is symptomatic of certain personality types that they want everything at once, the most complex, the most advanced and the most obscure settings. With Group Policy, such an attitude is a recipe for disaster. You need the reverse philosophy. Start simply. Begin by getting one or two obvious policies working. Experiment with removing the run command or the setting; don't display last user name. Only when you can control which users do, (or don't) get your simple policy, should you move on to policies that may require a reboot, or specific software or hardware.

80% of all group policy problems are caused because your policy is in one OU, while the user you are troubleshooting is in a different OU. Once you absorb that trick, don't fall for the trap where a computer policy is applied to the Sales OU, but all the computer objects are in the computer container. Last week I had a new twist, the groups were in a separate branch of Active Directory compared with policies were trying to control them.

You can cure half of the remaining problems are by running gpupdate /force. Most of your residual problems are due to logic, either a double negative, or one policy over-riding another. Solve these problems by studying GPMC (Group Policy Management Console) in general and Group Modeling or Group Results, in particular.

Unfortunately, there are dozens of causes for the remaining 2% of group policies problems. Here are just a few examples.

Latency, if your PDC emulator is miles away from where you are experimenting with group policies.
Group Policies with spaces can give problems.
Thoughtless behaviour such as trying to rename the group policies - wrong.
Still stuck? I would go back to basics and get a simple policy working on a test user in a test OU.
Finally, there is a get-out-of-jail card called dcgpofix. However, before you reset all your group policies with dcgpofix, be sure to backup all your group policies.

Group Policy ebook Windows 2003 Download my 'Master Group Policies' ebook only $6.25

The extra features you get in your eBook include: Spreadsheet with over 850 policies. Printer friendly version over Word A4 pages in Word.

More Free Computer Jokes

See funny excuses sent by real people School Excuses

Guy Thomas recommends Computer Training Software.

Their topics and material are ideal for getting you started with VBScript. The videos are easy to follow and you can control the pace. Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

Guy Recommends: Orion's NPM - Network Performance Monitor

Orion's performance monitor is designed for detecting network outages. A network-centric view make it easy to see what's working, and what needs your attention.

This utility guides you through troubleshooting by indicating whether the root cause is faulty equipment or resource overload.

Download a free trial of the Network Performance Monitor

Please report a broken link, or an error.