1

Hi

I’ve got three main group policy objects that do different things. I’m thinking of merging them into one.

Basic Policy: This policy handles the roaming profiles and redirects the desktop and documents folder. Also maps the network shared drives.

Default Domain Policy: This policy handles the Account Policies

Folder Redirection Policy: This enables Offline Files and redirects folders and makes them available.

  1. I am having difficulty with one of the mapped drives not fully synchronizing files to make them offline unless when Manually done. Sync interval is set to 10 (min), Sync Variance is set to 60 (mins) and maximum allowed time without sync is set to 30 (mins).
  2. Will it be best practice to have these three policies in one?
4 Spice ups
2

  1. It’s best practice to not edit the default domain policy unless absolutely necessary. Just leave it alone.

  2. When you combine GPOs it becomes harder to troubleshoot issues. Don’t do it unless there’s some really compelling need.

2 Spice ups
3

I would never merge multiple GPOs into one. It makes hard to troubleshoot GPO issues. Give a proper name to each GPO and configure it to do the thing that you were set on it.

4

IMO, I would not merge the policies. Each GPO should have its own policy with unique name. Good luck!

1 Spice up
5

I agree with everyone here. Leave the default policies alone (unless you configure a password policy, however I recommend fine grained password policies instead of a gpo). Have as many GPO’s as you want. Having a bunch in there does nothing to hurt performance and only allows you to be more granular with what is applied where, and allows for more descriptive naming (and in turn better organization).

As for a mapped drive policy, I personally prefer a single policy but utilizing item-level targeting using groups to assign them to users. Start with a decent group naming structure for this as if you’d have a ton of mappings in the future, you won’t regret getting this organization structure right from the beginning.