If you install the extensions on all your systems so you can use the new 2008 Group Policy Preferences, you can use the "item-level targeting" feature to direct GPOs only onto systems in particular IP ranges. You can set these up within the GPOs (i.e. a set of settings in one GPO that each only apply to particular subnets) which would reduce the amount of GPOs in your sysvol
2009/10/13 Clayton Doige <clayton.do...@gmail.com> > Hi all, Windows 2003 R1 domain, 45 sites, 80 subnets, 340 MB sysvol share > due to bloated group policies and legacy scripts, bald sysadmin trying to > manage havin been with the company 6 months - talk about group policy > inheritance! > > in the process of cleaning up the AD in general (104 OU's containing > computers accounts, 2000 computer accounts have not reset their domain > password in the last 90 days, twice that number in AD) deep joy > > I would like to go old school on things to clean up AD so that I can start > to kill policies so I am creating a new structure and am going to migrate > objects into the new structure - for users and computers the structure will > be based on site > > So... > > I'd like to create a script that will assign various settings based on the > subnet the user is logging on to > > In the main the existing group polices simply set Important URL's in IE and > set the proxy settings (seriously) > > Important URLS I am happy to stick at the root of the users OU, however > for the proxy settings I would like to have the computer import a site.reg > file at logon based on the ip range - I don't know how to do this > > Trying to avoid the 'if member' route because the group structure in this > AD is even more messed up than the OU structure > > What do those of you with multiple sites do to manage the size of your > sysvol whilst making sure all of your site specific requirements are met? Is > there a nice script that says 'if ipconfig < 192.168.100.1 and > > 192.168.100.100 \\dc\sysvol\site.reg or similar? and then from there if i > wanted to specify drive mappings for the site etc? > > Thanks for any advice! > > Clayton > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~