Channeling GPO creation through the Governing body prevents GPO creation outside of the AGPM. Each AGPM server has only control over the policies which they can see, which obviously is controlled by permissions. As an administrator you can create GPOs anywhere in the domain, which is a nightmare.Which are best practices for Apply Group Policy?
Group Policy design best practices Do not modify the Default Domain Policy and Default Domain Controller Policy. ... Create a well-designed organizational unit (OU) structure in Active Directory. ... Give GPOs descriptive names. ... Add comments to your GPOs. ... Do not set GPOs at the domain level. ... Apply GPOs at the OU root level. ... Do not use the root Users or Computers folders in Active Directory. ... More items...What is group policy enforced option?
Enforced Group Policy Object (GPO): A Group Policy Object (GPO) that is specifically associated with a scope of management (SOM) so that the associated GPO has a higher GPO precedence compared to non-enforced GPOs that are associated with the same SOM and compared to all GPOs that are associated with descendant SOMs.