Working with the Default Domain Policy and Domain Controllers Policy
When you eventually come to the third step, you should already have a good grasp of what your organization needs in order to function. You already have a strong organizational structure and know the limitations, goals, and perhaps even a few deliverables. During the design phase, you need to do the following:
Define the scope of your group policies. Determine the number of GPOs.
Determine whether GPOs will be enforced.
Set Group Policy for all users.
Determine Group Policy delegation.
The overall goal here in your design is to mcsa make sure your policies go from the most general to the most speci?c. A good design practice is to determine the highest-level policies that will be enforced at all levels and then ensure that those policies are followed by designating those links as Enforced. However, you should strive to use this as little as possible, because if you use this feature consistently, it can become dif?cult to troubleshoot in any issues that may arise with Group Policy.
When you go down to further levels of granularity, you can pick and choose where to apply GPOs that will have the least impact. Accordingly, at this level you can also decide how to place your GPOs in such a fashion that you can use ?ltering as little as possible. Last, when you deploy your design, make sure you implement a staging area of some sort. Many environments have been collapsed or improperly implemented because of improper testing. By having a dedicated lab, you can spare yourself from this.
The first rule of thumb when working with the default domain and domain controllers policies is as follows: Don’t do it unless absolutely necessary.
In any enterprise that is going to require ongoing updates to Group 70-640 Policy, you want to strive to not change this crucial portion of your network. Alternatively, you can create a domain policy that overrides the default domain policy and implement changes on this. This means that any additions you make to this new policy won?t affect your settings.
Keep in mind that the default domain policy is the policy that is created as soon as an administrator logs on for the first time. It contains account policy settings, password poli- cies, Kerberos policies, and other vital information. It’s absolutely essential in order for your Windows network to operate properly.
Processing your request, Please wait....
