Spring 2008 CITRT: Domain Policies

(raw notes)

Domain Policies

• What are some basic do and don't do?
• Lots of ScriptLogic users.  ScriptLogic vs. GPOs -- a place for each, sometimes OK to use both, independently
• Don't put your backup software on your domain controller
• Any success with virtual backup servers?  (no)
• Don't make your Exchange box a domain controller
• Domain controllers typically disable write-cache; any other service on that same server will suffer
• General: don't mess with the default policy.  Add other policies instead
• Gpanswers.com has good info on GPO ideas, troubleshooting
• What are common/good policies?  Password complexity, screen saver, firewall, Folder redirection, printer mapping, disabling user access to local drives
• iTunes needs a "reverse" special exception to force the files to be local, not on the network
• Deepfreeze alternative to snapshot lab system.  (wandering into the computer lab topic).  Steady State is the MS (and free) alternative
• Some firewall products (SonicWall) can push anti-virus software to workstations
• Moreno: tools now exist to inspect a system for AV, etc., and ensure it meets standards before allowing it on network
• 802.1x options in many switches; tied with policies; can force a machine to the "outside only" network.  Server 2008 has some future features for similar