realized Posted September 11, 2005 Posted September 11, 2005 Windows 2003 SBS.... Testing Software Update Services w/ SP1Well first it says i must create a new GPO called "Basic SUS Config" and in there modify a few settings such as Computer Config / Admin Templates/ Windows components/ windows update - "configure automatic updates" and also "Specify intranet Microsoft update location"then it says to create ANOTHER GPO , modify the Computer Config / Admin Templates/ Windows components/ windows update - "configure automatic updates" , and set the TIME i want it to update.So my question is this, if i made the changes to the ONE GPO titled "Default domain Policy" wouldn't it do the exact same thing? I dont get why i need to create two new gpo's.. why not modify the default domain one? and if i change my mind later instead of deleting a GPO i just change the setting back to not configured?
InTheWayBoy Posted September 11, 2005 Posted September 11, 2005 You could edit the "Default Domain Policy", and many recommend that...but most will suggest that you leave that alone. The idea is that if you create a new GPO and then things don't work right you can go back and just disable or delete the one that is getting in the way. If you edit the "Default Domain Policy" too much and then find things are working you'll have a much harder time undoing the changes. In the end it's your call, but that's the way many people do it...I for instance have a few different GPO's...one for Folder Redirection, another for Software Distrobution, and various others to control desktop settings and the like.Also, by setting different GPO's you can easily apply them to certain groups if you have your AD setup for it. You can accomplish this other ways, but I find this to be another good reason to seperate the GPO's.
realized Posted September 11, 2005 Author Posted September 11, 2005 Thanks for the response, That makes lots of sense, and i see that it would be eaiser to manage diffrent gpo's that way as well.
ixion Posted September 12, 2005 Posted September 12, 2005 the only reason people recommend making changes to the default domain policy is because it reduces network traffic during site replication. If you are a single site then make your group policy changes as granular as you wish with many many seperate GPO's for all the different setting so you can keep track of things properly.If you are a domain with multiple sites with very slow WAN links than make the bulk of your changes on your default domain policy and only create new GPO's if you need them
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now