I'm trying to help a former NT administrator get the hang of OUs and GPOs. I'm trying to make things simple for him, but also neat and tidy in the long run. So here's my question, where do you link your GPOs?
I was linking my GPOs at the root of the domain, and then using security filtering by groups. Basically you would add a user and their computer to a group (such as GPOBusinessOffice) and then they would have rights to the GPO. The advantage here is that the OU isn't as important as the Group Membership. Plus you don't scatter GPOs all over the GPMC tree.
The other way is the more common way, link the GPO to the OU, and don't do any security filtering. This is certainly easier, but does that make it better?
Looking for input....
I do realize that this is about 90% personal preference, but I'm interested in what other people do.
Thanks
Tylan
I was linking my GPOs at the root of the domain, and then using security filtering by groups. Basically you would add a user and their computer to a group (such as GPOBusinessOffice) and then they would have rights to the GPO. The advantage here is that the OU isn't as important as the Group Membership. Plus you don't scatter GPOs all over the GPMC tree.
The other way is the more common way, link the GPO to the OU, and don't do any security filtering. This is certainly easier, but does that make it better?
Looking for input....
I do realize that this is about 90% personal preference, but I'm interested in what other people do.
Thanks
Tylan
