I'm look for real world examples on how people manage GPO's in a large environment. We have close to a 1000 GPO's over 5 domains, and dozens of IT teams (I actually don't know how many). I currently don't know why many of our GPO's exist, who made them, or if they are still required, but when I clean them up, I want to stop this happening again. How have you prevented this from happening in your environment?
I thought of having each GPO (going forward), have a team that owns it, with a scope and purpose detailed in the comments. But most importantly, a GPO would contain all the setting required for the business policy or application it's supporting. If the application or policy is no longer required, the entire policy could be deleted. Now the down side of this is there might be several GPO's that contain, for example, firewall rules or mapped drives, all applying to the same computer, and I'm certainly going to end up with more GPO's than if I merged policies, but I can't see any other way of keeping my environment clean, and up-to-date.
I don't know if this is radical idea, the done thing, or just plain stupid.
(re-reading this, it sounds like I know, is that I don't know a lot :-) )
Managing GPO's in a large enviroment
- 88 Views
- Last Post 19 November 2015