1
00:00:03,090 --> 00:00:07,020
So let's summarize what we've learned in this module on group policy deployment.

2
00:00:07,950 --> 00:00:12,180
So again, the best designed balance is aid and management needs.

3
00:00:13,110 --> 00:00:18,330
So being able to do things like delegating administration and efficiently targeting GPOs is kind of

4
00:00:18,330 --> 00:00:19,560
what I mean by that balance.

5
00:00:19,560 --> 00:00:22,050
And you can take a number of different approaches to that.

6
00:00:22,920 --> 00:00:24,300
I showed two approaches.

7
00:00:25,170 --> 00:00:30,120
One was a role based approach and the other was a geo or business unit based approach that allows for

8
00:00:30,120 --> 00:00:34,020
all use structures that kind of optimize for both aid and group policy management.

9
00:00:34,890 --> 00:00:39,870
And I set aside a number of principles that I talked about for good group policy deployment design.

10
00:00:40,680 --> 00:00:45,990
And one of those, probably the first one was deploying GPOs by linking them as close to their intended

11
00:00:45,990 --> 00:00:53,340
targets as possible and only using security group or WMI filtering or item level target as an exception.

12
00:00:54,180 --> 00:00:56,520
I think this is a really good tenant to follow.

13
00:00:57,420 --> 00:01:03,540
Sometimes you won't be able to based on your requirements, but if you start from this premise, then

14
00:01:03,540 --> 00:01:06,610
you'll have as efficient a group policy design as possible.

15
00:01:07,500 --> 00:01:11,400
I also introduced the concept of functional versus monolithic GPOs.

16
00:01:12,360 --> 00:01:19,050
Functional being GPOs that have a single policy area implemented in them, monolithic meaning multiple

17
00:01:19,050 --> 00:01:21,540
policy areas implemented in the GPO.

18
00:01:22,350 --> 00:01:25,770
And I also mentioned that both can have their place in the environment.

19
00:01:26,670 --> 00:01:32,070
You might use monolithic to delegate administration to a single EU administrator, whereas functional

20
00:01:32,070 --> 00:01:34,470
is good for example security settings.

21
00:01:35,440 --> 00:01:37,630
Functional GPOs can perform better.

22
00:01:38,500 --> 00:01:43,260
Primarily because of that issue I mentioned around synchronous and asynchronous extensions.

23
00:01:44,140 --> 00:01:49,060
And while we're on that topic, you can improve performance by reducing the use of group policy based

24
00:01:49,060 --> 00:01:55,240
scripts, not mixing sync and async client side extensions and keeping an eye on the number of GPOs

25
00:01:55,240 --> 00:01:57,400
that get processed by users and computers.

26
00:01:58,270 --> 00:02:05,230
So all of those methods can have an impact on processing performance and therefore the users experience

27
00:02:06,070 --> 00:02:11,770
and I mentioned also WMI filters that they some filter queries can be expensive and can cause slowdowns

28
00:02:11,770 --> 00:02:12,670
in your environment.

29
00:02:12,760 --> 00:02:14,260
So you want to keep an eye on that.

30
00:02:15,130 --> 00:02:20,080
And then finally there are some OS features that have been introduced in newer versions of Windows like

31
00:02:20,080 --> 00:02:22,210
GP caching and log on script delays.

32
00:02:23,110 --> 00:02:28,300
These are designed to reduce the impact of GP processing, but they can also change the behavior of

33
00:02:28,300 --> 00:02:29,080
group policy.

34
00:02:29,950 --> 00:02:32,260
So it's important to keep those in mind.

35
00:02:33,100 --> 00:02:36,670
And in the case of GP caching, you are based on the way it works.

36
00:02:36,670 --> 00:02:38,140
You are only likely to see it.

37
00:02:39,040 --> 00:02:45,580
You will only see it if a synchronous foreground refresh is happening, only is caused by folder redirection

38
00:02:45,580 --> 00:02:48,280
and software installation in Windows 8.1.

39
00:02:49,150 --> 00:02:52,720
So not very often unless you are using a lot of those extensions.

40
00:02:53,590 --> 00:02:57,850
And the lag on script delay feature introduced a five minute lag on script delay.

41
00:02:58,690 --> 00:03:04,150
So that reduces contention that user log on time, but also delays the execution of log on scripts,

42
00:03:05,020 --> 00:03:10,210
which is yet another reason in my estimation, why using something other than log on scripts for important

43
00:03:10,210 --> 00:03:14,110
stuff like drive mappings and printer mappings is probably a good way to go.

44
00:03:14,950 --> 00:03:19,390
So when the final module of this course, I'm going to spend some time talking to you about scripting

45
00:03:19,390 --> 00:03:20,590
group policy management.

46
00:03:21,490 --> 00:03:26,440
We're going to start off by talking about and primarily talk about PowerShell, but also introduce a

47
00:03:26,440 --> 00:03:28,930
little bit about VBScript within the module.