Remote Configuration, Execution Status
mathi January 30, 2006
In my previous blog, I was mentioning about the importance of specifying the filters along with the targets list when defining the remote configuration. This topic is also related to remote configuration but about its Execution Status !
Just think, writing a exam but result is not available ! How pain it is ? Similarly you are applying a remote configuration to your windows desktops but execution status is not available, .i.e. you don’t know whether the configuration is applied to all desktops or not ? To get the result, you have to roam around and ensure that the configuration is applied to all desktops or not. If something goes wrong then the help desk will be flooded with more phone calls. End result, productivity loss ! A tool which provides remote configuration capability with execution status saves lot of your money.
If you are applying remote configuration to your windows network then one of the important requirements is, the execution status of the configuration should be available ! Otherwise you have to prepare for more help desk calls !
Thanks
Mathi
Help others find this article:
| 
| 
| 
Remote Configuration, Targets List
mathi January 27, 2006
Rolling out a new configuration to windows desktops in a network is always time consuming and challenging one for IT Pros. First, correct configuration details to be decided (for example proxy server configuration needs server IP address and port number) then the target list of computers or users to be identified where the configuration will be applied. Instead of giving users or computers separately, the Windows containers such group, OU, Domain and Site can be used. But it is not sufficient in the real time usage. For example, the Windows Firewall configuration should be applied to Windows XP+SP2 systems only. So using the Windows container will not be sufficient in this scenario. Hence a filtering option is required to eliminate few users or computers from the given container. The possible filter options are OS name, hardware type (laptop, notebook, etc.), even few users or groups from a container, available hard disk space, cpu speed, etc. The advantage of using these filters are unwanted users or systems will not be touched when configurations is applied and if the configuration execution status is available then it will be accurate.
It is the best practice to provide specific targets list when applying configurations to the remote systems !
Thanks
Mathi
Help others find this article:
| | |
GPO - Best Practices
romanus January 23, 2006
Group Policy Objects (GPO) Best Practices
I thought it would be interesting and useful to write about ‘GPO Best Practices’ as the first topic of the year. Microsoft recommends Active Directory and GPO for windows desktop management. GPO is made available from Windows 2000 based domains. Built in tools provided by Microsoft are used for GPO management, Gpedit in the case of windows 2000 and GPMC for 2003. Inefficient management of GPO can bring negative impact on the network, it can slow down the logon process, do configuration overlaps etc. so, these ‘GPO best practices’ would be useful in designing better GPO infrastructure.
Here is the traditional way of thinking about the best practices about GPOs.
| Quote: |
| GPO Best Practices* Plan well before you go ahead with GPO implementation. GPO is a swiss knife, wrong handling could cause severe damages* Differentiate production and test environment. Don’t combine and choose a risky play ground.
* Use small GPOs for easier management. Think about rollback, File replications etc., * Make sure you have very few administrators who can work with GPO. Too many cooks can spoil the soup * Proper naming conventions for GPOs are important for easier management. Baptize your configuration. * Use GPMC for better results. It has RSoP |
The list can go grow with specific scenarios. Here are some ‘GPO Best Practices’ referrals from Microsoft and John Howard blog.
Best practices link from Microsoft
http://blogs.technet.com/jhoward/archive/2005/01/23/359071.aspx
John Howard is one of my favourite blogger. In the given link he has mentioned lot of links related to GPO best practices.
In the case of large enterprise, chances of geting GPO problems is high, since there will be bunch of IT service professionals who has permissions to meddle with GPOs which can confuse and overlap the policies. It is very essentioal to have utmost care for GPO management in large enterprises. There are many tools available in market for GPO and configuration management.
But it would be best, if we get to know Managing Group Policy in a large enterprise environment. Check out the Microsoft link which talks about the GPO infrastructure Management at Microsoft. (pretty new :wink:, August 05) In this white paper Microsoft IT, shares its experience and recommendations of GPO. However, there is a explicit warning that the informations are not to be considered as procedural guidelines. You know, perhaps every enterprise has its own needs.
Here are some interesting information about the AD network of Microsoft IT, the data given here correspond to the production environment.
| Quote: |
| * Single Forest and 9 Domains (a total of 6 forests and 20 AD domains)* Each domain has 7 to 30 Domain Controllers
* The IT integrated IAM is responsible for Designing AD and GPO * They maintain 900 Individual GPO and Approve global GPOs * GPO is most widely used for – Password policy and auditing – Event log settings – Compliance – XP Firewall settings – Access Control for code repository – Testing new configurations etc., |
From a administrator’s point of view, i would encourage to collect and read such successful IT implementations of GPO infrastructure for clear understanding and to evolve a better design for your own unique setup. Please feel free to post any of your GPO best practices or success stories of GPO implementors, for others can also learn and make use of it.
~ romanus ~
Help others find this article:
| | |
