GROUP POLICY MODELLING
Group Policy modeling is a great security tool for troubleshooting Group Policy settings and testing GPOs before they are applied with Windows Server 2008.
When a user logs in, Windows combines all of the different Group Policies that apply to the user account with those that apply to the computer that the user is logging in from. While this might not sound so bad at first, each level of the Group Policy hierarchy contains many of the same settings. That means there is a potential for the administrative staff to implement contradictory Group Policy settings.
In smaller companies, administrators might be able to avoid Group Policy contradictions by using a single GPO, but this usually isn't practical in larger organizations.
The problem isn't really the contradictory settings themselves. Windows uses a set of rules to determine which policy setting takes precedence in the event of a contradiction. What can be a problem is figuring out what the effective policy is going to be once all of the various GPOs are combined and you're dealing with the contradictions. I have personally run into situations in which completely unexpected Group Policy settings were being applied, and figuring out where those settings came from was a real challenge because of the complexity of the Group Policy structure being used.
Fortunately, you no longer have to troubleshoot Group Policy settings manually. Instead, you can use a technique called Group Policy Object modeling to troubleshoot your settings quickly and easily. More importantly, though, you can use this technique to test Group Policy settings before they are applied. That way, you know that the settings you are about to implement will have the intended effect.
Source:
http://searchwindowsserver.techtarget.com/tip/Group-Policy-Object-modeling-simplifies-network-security
When a user logs in, Windows combines all of the different Group Policies that apply to the user account with those that apply to the computer that the user is logging in from. While this might not sound so bad at first, each level of the Group Policy hierarchy contains many of the same settings. That means there is a potential for the administrative staff to implement contradictory Group Policy settings.
In smaller companies, administrators might be able to avoid Group Policy contradictions by using a single GPO, but this usually isn't practical in larger organizations.
The problem isn't really the contradictory settings themselves. Windows uses a set of rules to determine which policy setting takes precedence in the event of a contradiction. What can be a problem is figuring out what the effective policy is going to be once all of the various GPOs are combined and you're dealing with the contradictions. I have personally run into situations in which completely unexpected Group Policy settings were being applied, and figuring out where those settings came from was a real challenge because of the complexity of the Group Policy structure being used.
Fortunately, you no longer have to troubleshoot Group Policy settings manually. Instead, you can use a technique called Group Policy Object modeling to troubleshoot your settings quickly and easily. More importantly, though, you can use this technique to test Group Policy settings before they are applied. That way, you know that the settings you are about to implement will have the intended effect.
Source:
http://searchwindowsserver.techtarget.com/tip/Group-Policy-Object-modeling-simplifies-network-security
Comments
Post a Comment