|
I'm curious as to what you mean by Group Policy's poor design. I've encountered few design flaws in Group Policy itself. Group Policy definitely beats the keep-it-simple approach to management, since the keep-it-simple approach really means unmanaged. Consider the cost savings of standardized configurations and restricted users versus the administrative burden, which essentially translates to "it's too hard." If it's too hard, then you're doing it the wrong way.
My top three tips are these: (1) work from a plan, instead of sitting down in front of Active Directory and hunting down policies, (2) limit what you manage at the top of the directory to important corporate-wide policies (think password policy, security policy) and delegate down less important policies, (3) prioritize policies; then, implement the high priorities and let the rest go.
There's plenty of documentation for technology best practices, such as optimizing policies. You'll find most of those on Microsoft's Web site. One thing I like to do to make managing policies easier is to create focused GPOs -- such as a GPO that contains all of the settings necessary to implement offline files and folders, so that I can identify them easier, and I'm not duplicating policies across multiple GPOs (makes updating settings easier in the future). In other words, throughout an entire organization, I might have one Redirected Folders, one Locked Screen Saver, or one Office XP Security GPO that I can link to different OUs.
Editor's Note: For more information on Group Policy, check out our collection of Group Policy Best Web Links.
|
