Login scripts and AD DesignLocked
I’m looking for the best way to map my printers and netowrk drives on our new ActiveDirectory.
We have a pretty straightfoward architecture.
4 Companies under the same Domain.
13 Sites under each company
0 to 10 Divisions under each site
0 to 5 Departments under each division
X users under each department
What I intended to do is create security groups like this
Company_Site_Divison_Sales_Rep (8 persons in this group)
Company_Site_Divison_Sales_Secretary (1 person in this group)
Company_Site_Divison_Sales_Managemet (1 person in this group)
Then include those 3 groups in Company_Site_Division_Sales
Then include this group in Company_Site_Divison. Etc, etc.
My OU structure now stops at the Site level (i.e.: Company1 – Site1, Company1 – Site2, etc.)
1. Is this a good way to manage security?
2. How should I go around to map my printers and network drives?
I’ve read about GPO filtering but it looks like a lot of maintenance. I was thinking about writting one script and applying it to the domain with a GPO and in the script test to determine group membership until I trickle down to the lowest group. Is this going to slow down my logon process a lot?
Or should I just drill down the GPO to the Rep, Secretary and Management level and apply the script directly on the OU? I’m a bit lost here.
Thanks for any input.