Information Systems:2021 GPO Rework

From uniWIKI
Jump to navigation Jump to search 
Update: This page is now archived, as this project became a bigger undertaking, involving restructuring the OUs and implementing inheritance, in addition to redoing almost all GPOs. A new page will be created to discuss this.

Overview

Review and reconfigure GPOs to erase outstanding technical debt. These are the main issues with GPOs currently:

  • Monolithic objects
  • Related to the previous point - non-separation of computer and user settings
  • Upgrade of Windows OS since initial GPO design (outdated settings)
  • Overly strict (read: Machiavellian) policies

Changes

  • Machine account password policy - delete 1-day machine account passwords setting to revert to 30-day default
  • Printer deployment - delete old printer definitions, add new ones
  • General unlinked (stale) GPOs - delete
  • "Standard" GPOs - this used to be the primary, monolithic object where GPOs were stored. Now we break them out. There are 7 of these related to Windows 7. They will be compared to the "Standard Windows 10" GPO. This one will then be reduced and genericized to apply to all desktops and users, and selectively applied settings will be broken out
Retrieved from "https://owl.unipharm.com/mediawiki/index.php?title=Information_Systems:2021_GPO_Rework&oldid=13969"