Sun, Sep 5 2010 23:28
So do you add new policies or edit existing ones
In a discussion on a private listserve a discussion came up regarding where and how you should make group policy edits.
I personally will make a new separate policy when it makes sense to do so. I won't make a new policy for example, for a Firewall rule that I feel should have been native to the box (such as additional policy edits needed). I will however ensure that I document these edits "should I be hit by a bus" as the old saying goes.
I personaly do so in regards to firewall workstation policies because I don't want the workstations to have to process firewall rules twice for one. Also I feel that it puts the workstation at greater risk of me screwing things up by not building a rule set properly.
So firewall rules are one exception (in my mind) to the rule that in SMB you'd want to have new policies for anything that you add to the group policies you build.
What about you?
Filed under: News