Yep.... Lets say you some apps that ALL users get and you have a lot of apps. In that case I think it is better to create one GPO with those "default available apps" instead of creating a GPO for each app. This depends on how many apps you and you to distribute with AD Cheers Jorge
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chandra Burra Sent: maandag 14 februari 2005 20:26 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO design I suggest have SUS or WUS in the business and create one GP for implementation of all patches and updates from MS at one go... Other applications consolidate into one and publish. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bart Vandyck Sent: 14 February 2005 18:25 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO design Hi Jorge, Great input.. But do i understand you correct that performance is depended on the amount of different GPO instead of the settings done by these gpo's? rgds, Bart On Mon, 14 Feb 2005 10:47:43 +0100, Jorge de Almeida Pinto <[EMAIL PROTECTED]> wrote: > Hi, > > Be carefull with creating a GPO for each application. If you have a > lot of apps and lets say all computers get those apps then those > wokstations will go through each GPO and then you may have performance > issue. It may be better to consolidate several apps that have similar "characteristics" into > one GPO. > If within a GPO the computer or user configuration is NOT used (not settings > defined) disable it accordingly. If it is disabled then it will not be > processed and that is good for performance! > > The naming convention for GPOs I always use is: > * GPO_<type>_<target>_<scope>_<description> > > Where: > <type> = POL (policy settings) or SWD (software distribution) <target> > = C (computer) or U (user) or B (both) this one also tells me which > configuration is enabled without opening the GPO <scope> = can be > anything such as location, region, department, etc. > <description> = what it is (e.g. default settings) > > Examples: > GPO_POL_C_Dept01_DefaultSettings > GPO_SWD_U_Site01_AcrobatReader > > As I think of it: don't go crazy on GPOs. GPOs provide lots of functionality > but may also kill performance > > Cheers, > Jorge > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bart Vandyck > Sent: maandag 14 februari 2005 10:22 > To: activedir@mail.activedir.org > Subject: [ActiveDir] GPO design > > Hi all, > > I just wanted some feedback on this project I'm working on from people with > real world knowledge. > > We have AD in place with and OU structure. I've been asked the make > plan to > implement GPO's in this organization. I was thinking about creating a > GPO for each application we want to manage and this in combination > with each OU > level. > For example: GPO-Region-IE6-users > GPO-Region-WINXPSP1-machine > GPO-Site01-IE6-users > GPO-Site02-IE6-machine > GPO-Site01-winxpsp1-user > > The site GPO will only be made or in effect if the need to overrule settings > made on the region level. > > Is this a maintainable solutions or will this become to complex in > the end. > > Anybody know some good descriptions or best practices about managing > software with GPO. I've seen lots of stuff about creating GPO's, > troubleshoot them, etc.. but haven't found real implementations case studies > with advantages and disadvantages.. > > rgds, > > Bart > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
