Remove From My Forums

Microsoft recommended Default domain Group Policies

Question
0

Sign in to vote

I need pointers to Microsoft recommended Default domain Group Policies. Is there any case study available for pharmaceuticals clients I am in process of reviewing the existing group policies and recommending new policies for pharmaceuticals client. The environment has all Windows 2012 Servers and Windows 8 Enterprise clients. If you can send me recommended Policies and their settings that we can test out in the environment that would be very helpful.

Monday, April 29, 2013 5:48 PM

Answers

1

Sign in to vote
I agree completely!

Here is a link that will also help you get an idea of what should and should not be enabled:

http://blogs.technet.com/b/grouppolicy/archive/2010/01/25/gp-editorial-group-policy-best-practices.aspx

One specific setting that you might want to look at is Highly Detailed Status Messages. It helps in troubleshooting!

http://deployhappiness.com/the-one-group-policy-setting-that-you-need-to-enable/
If my answer helped you, check out my blog: DeployHappiness. Subscribe by RSS or email.
- Marked as answer by Andy Qi Monday, May 6, 2013 5:57 AM
Monday, April 29, 2013 6:31 PM
0

Sign in to vote
Hello,

first rule should be. Let both default GPOs as they are.

Configure your own GPO with YOUR required settings and test them in a lab or at least in an OU with test machines and test users BEFORE linking them to a production GPO.

Nobody here can know what your specific network needs so testing and finding out what you have to set is in your responsibility.

The Group policy reference you will find in http://www.microsoft.com/en-us/download/details.aspx?id=25250
Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Joseph__Moody Monday, April 29, 2013 6:28 PM
- Marked as answer by Andy Qi Monday, May 6, 2013 5:57 AM
Monday, April 29, 2013 6:06 PM
0

Sign in to vote
There are many recommend Group Policy security template in the Microsoft Security Compliance tool you can download from www.Microsoft.com/scm however don't modify the default domain policies (password policy excepted). Always just apply them as an additional policy...

Hope it helps
Alan Burchill (MVP)
http://www.grouppolicy.biz

@alanburchill
- Proposed as answer by Alan Burchill Tuesday, April 30, 2013 2:48 AM
- Marked as answer by Andy Qi Monday, May 6, 2013 5:57 AM
Tuesday, April 30, 2013 2:48 AM

All replies

0

Sign in to vote
Hello,

first rule should be. Let both default GPOs as they are.

Configure your own GPO with YOUR required settings and test them in a lab or at least in an OU with test machines and test users BEFORE linking them to a production GPO.

Nobody here can know what your specific network needs so testing and finding out what you have to set is in your responsibility.

The Group policy reference you will find in http://www.microsoft.com/en-us/download/details.aspx?id=25250
Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Joseph__Moody Monday, April 29, 2013 6:28 PM
- Marked as answer by Andy Qi Monday, May 6, 2013 5:57 AM
Monday, April 29, 2013 6:06 PM
1

Sign in to vote
I agree completely!

Here is a link that will also help you get an idea of what should and should not be enabled:

http://blogs.technet.com/b/grouppolicy/archive/2010/01/25/gp-editorial-group-policy-best-practices.aspx

One specific setting that you might want to look at is Highly Detailed Status Messages. It helps in troubleshooting!

http://deployhappiness.com/the-one-group-policy-setting-that-you-need-to-enable/
If my answer helped you, check out my blog: DeployHappiness. Subscribe by RSS or email.
- Marked as answer by Andy Qi Monday, May 6, 2013 5:57 AM
Monday, April 29, 2013 6:31 PM
0

Sign in to vote
There are many recommend Group Policy security template in the Microsoft Security Compliance tool you can download from www.Microsoft.com/scm however don't modify the default domain policies (password policy excepted). Always just apply them as an additional policy...

Hope it helps
Alan Burchill (MVP)
http://www.grouppolicy.biz

@alanburchill
- Proposed as answer by Alan Burchill Tuesday, April 30, 2013 2:48 AM
- Marked as answer by Andy Qi Monday, May 6, 2013 5:57 AM
Tuesday, April 30, 2013 2:48 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Microsoft recommended Default domain Group Policies

Question

Answers

All replies