- Use caution when delegating authority over GPO’s to other users or group. It is very easy to accidentally give the wrong user or group rights to modify GPO’s that they do not need access to.
- Minimize the use of the block inheritance, no override, and group policy object filtering features. These things are only intended to be used as a workaround when there is no other option available. It is very easy to forget that one of these things were used which would lead to major dilemmas when troubleshooting policies.
- Use the Group Policy Management Console. The GPMC is a free tool from Microsoft designed solely for the purpose of being a better way to interact with Group Policy. If you are going to be doing any GPO work at all then this is a tool you need to get.
- Use descriptive names. Although you may start out with only a few GPO’s, this number could grow tremendously. This means you should always use descriptive names. If you have multiple locations or network segments these policies apply to you may also want to add a prefix to them for easy recognition.
- Don’t nest too deeply. One of the biggest benefits of Group Policy is being able to nest multiple GPO’s. Just remember however, the more of these policies you nest, the greater chance you have to throw something off.
***
Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris's specialties include general network administration, windows server 2003, wireless networking, and security. You can view Chris' personal website at www.chrissanders.org.