Windows Small Business Server 2011 default Group Policy configuration

Windows Small Business Server 2011 Standard offers an integrated solution for small infrastructures. Read about the default Group Policy configuration of SBS 2011.

Windows Small Business Server (SBS) 2011 Standard may not look much different than Windows Server 2008 R2, but it packs a ready-to-go offering for the small infrastructure. When you install SBS 2011, you'll see that a number of defaults are in place; Group Policy, in particular, has a lot of ready-to-go configuration items for typical environments. The Group Policy configuration has the built-in organizational unit (OU) structure (Figure A) with a default installation of SBS 2011.

Figure A

Click the image to enlarge.

Figure A shows every OU expanded, and the SBS computer account that functions as a domain controller.

Numerous default group policy objects (GPOs) are linked to the various OUs of a default SBS installation; most of these GPOs configure many of the default settings of Windows servers and clients that are in line with the ready-to-go placement of SBS. The Windows SBS Client Policy GPO is created by default in the MyBusiness | Computers | SBSComputers OU. This GPO (Figure B) contains a number of settings, including a firewall section, a remote desktop authentication level, and SBS specific settings for Outlook mailboxes.

Figure B

Click the image to enlarge.

If you're making the transition from the mainstream versions of Windows Server, you'll be pleased to see that a number of other behaviors go along with SBS. For example, joining a member server to the Active Directory domain is mostly unchanged compared to that of mainstream versions except the computer account is not put in the top-level Computers OU. Once the computer account arrives in this OU, a number of default GPOs kick in; one of which is the Update Services Server Computers Policy GPO (Figure C), which will configure automatic updates (download and notify) at a specified time.

Figure C

Click the image to enlarge.

This GPO, as well as a number of other GPOs, is a good framework for addressing settings such as remote desktop, Windows Firewall, update policy, Internet Explorer start page and favorites, as well as a folder redirection framework.

Not all of the GPOs automatically enforce their settings. For instance, the folder redirection settings in the Small Business Server Folder Redirection Policy GPO need to have a filter applied to certain security groups or usernames to make it kick in.

If you have tinkered with SBS 2011, share your experiences in the discussion.