Where is Default policy for client WSs

Tutorials Win: Microsoft Windows Forum

Hi

So simple question. In standard/default SBS 2003 R2 enviromet. What is the
excact place where I modify policies for client computers joined into the
domain? I haven't been never sure about that. Eg. usually it takes some time
for me to find the place where I disable XP FW for hosts. BTW, what aboat
Vista clients?

Any guidance will be appreciated. Hope I'll learn this for good!

juha
Top

Re: Where is Default policy for client WSs by Cliff

Cliff
Thu Sep 18 11:47:50 PDT 2008

1) if you use GPMC instead of GPE then you can browse all group policies in
a domain.
2) From there you'll see two default policies. The "default domain policy"
applies to workstations. The "default domain controller policy" applies to
your server.
3) Don't change default policies unless you have to. If you are changing a
default behavior, ask yourself *why* you are changing it. There is a good
chance that it is a sign that maybe you are doing something wrong and should
change your methods, not change the system. There are always exceptions, of
course...particularly as you start getting into larger SBS installs. But
for a new SBS admin just getting started? Keep the defaults, they are there
for a reason.
4) For adding *new* settings, it is always better to create new policies and
link them to the OU's as appropriate.

:)

-Cliff



"Juha" <Juha@discussions.microsoft.com> wrote in message
news:9E0B1093-12A1-40A7-A322-E9159ED05E60@microsoft.com...
> Hi
>
> So simple question. In standard/default SBS 2003 R2 enviromet. What is the
> excact place where I modify policies for client computers joined into the
> domain? I haven't been never sure about that. Eg. usually it takes some
> time
> for me to find the place where I disable XP FW for hosts. BTW, what aboat
> Vista clients?
>
> Any guidance will be appreciated. Hope I'll learn this for good!
>
> juha

Top

Re: Where is Default policy for client WSs by Lanwench

Lanwench
Thu Sep 18 12:15:56 PDT 2008

Cliff Galiher <cgaliher@gmail.com> wrote:
> 1) if you use GPMC instead of GPE then you can browse all group
> policies in a domain.
> 2) From there you'll see two default policies. The "default domain
> policy" applies to workstations. The "default domain controller
> policy" applies to your server.
> 3) Don't change default policies unless you have to. If you are
> changing a default behavior, ask yourself *why* you are changing it. There
> is a good chance that it is a sign that maybe you are doing
> something wrong and should change your methods, not change the
> system. There are always exceptions, of course...particularly as you
> start getting into larger SBS installs. But for a new SBS admin just
> getting started? Keep the defaults, they are there for a reason.
> 4) For adding *new* settings, it is always better to create new
> policies and link them to the OU's as appropriate.

Definitely. I create multiple policies, called Companyname <whatever
describes it> and link them at the appropriate OU level. I learned the hard
way not to do too much with the built-in ones.
>
> :)
>
> -Cliff
>
>
>
> "Juha" <Juha@discussions.microsoft.com> wrote in message
> news:9E0B1093-12A1-40A7-A322-E9159ED05E60@microsoft.com...
>> Hi
>>
>> So simple question. In standard/default SBS 2003 R2 enviromet. What
>> is the excact place where I modify policies for client computers
>> joined into the domain? I haven't been never sure about that. Eg.
>> usually it takes some time
>> for me to find the place where I disable XP FW for hosts. BTW, what
>> aboat Vista clients?
>>
>> Any guidance will be appreciated. Hope I'll learn this for good!
>>
>> juha



Top

Re: Where is Default policy for client WSs by Juha

Juha
Mon Sep 29 22:41:01 PDT 2008

nThanks Cliff and Lanwench

This SBS network houses some 40-50 WSs and many of them are offshore. I
decided to make some testing in a virtual enviroment before changing anything
in production system.

GPs and OUs are something I haven't focused before. Now I have to and it is
fine. I have been ordered to strengthen the security of that system.

Juha

"Lanwench [MVP - Exchange]" wrote:

> Cliff Galiher <cgaliher@gmail.com> wrote:
> > 1) if you use GPMC instead of GPE then you can browse all group
> > policies in a domain.
> > 2) From there you'll see two default policies. The "default domain
> > policy" applies to workstations. The "default domain controller
> > policy" applies to your server.
> > 3) Don't change default policies unless you have to. If you are
> > changing a default behavior, ask yourself *why* you are changing it. There
> > is a good chance that it is a sign that maybe you are doing
> > something wrong and should change your methods, not change the
> > system. There are always exceptions, of course...particularly as you
> > start getting into larger SBS installs. But for a new SBS admin just
> > getting started? Keep the defaults, they are there for a reason.
> > 4) For adding *new* settings, it is always better to create new
> > policies and link them to the OU's as appropriate.
>
> Definitely. I create multiple policies, called Companyname <whatever
> describes it> and link them at the appropriate OU level. I learned the hard
> way not to do too much with the built-in ones.
> >
> > :)
> >
> > -Cliff
> >
> >
> >
> > "Juha" <Juha@discussions.microsoft.com> wrote in message
> > news:9E0B1093-12A1-40A7-A322-E9159ED05E60@microsoft.com...
> >> Hi
> >>
> >> So simple question. In standard/default SBS 2003 R2 enviromet. What
> >> is the excact place where I modify policies for client computers
> >> joined into the domain? I haven't been never sure about that. Eg.
> >> usually it takes some time
> >> for me to find the place where I disable XP FW for hosts. BTW, what
> >> aboat Vista clients?
> >>
> >> Any guidance will be appreciated. Hope I'll learn this for good!
> >>
> >> juha
>
>
>
>
Top

Re: Where is Default policy for client WSs by Lanwench

Lanwench
Wed Oct 01 07:22:04 PDT 2008

Juha <Juha@discussions.microsoft.com> wrote:
> nThanks Cliff and Lanwench
>
> This SBS network houses some 40-50 WSs and many of them are offshore.

I hope they're on networks that communicate directly with a DC. It's hard to
manage remote machines that useVPN client connections.

> I decided to make some testing in a virtual enviroment before
> changing anything in production system.
>
> GPs and OUs are something I haven't focused before. Now I have to and
> it is fine. I have been ordered to strengthen the security of that
> system.
>
> Juha

Great. Pick up Jeremy Moskowitz's group policy book(s) and also check out
http://www.gpoguy.com/ - also subscribe to
microsoft.public.windows.group_policy.




<snip>


Top