GPO creation and edits can be very complicated, and if done wrong, can have significant impact on the entire domain. Here are some simple tricks to help make these easier and safer:
Don’t add anything into the Default Domain and the Default Domain Controller’s policy. Use them to configure security settings only.
Keep an OU for testing, and put a couple of test user accounts and a couple of test machine accounts in that OU. When you create a GPO, link it first to that OU so you can test the results. You can then link it to the production OU or domain as appropriate.
Remember that many GPO settings tattoo machines. Deleting a GPO will not reverse those settings. Use that test OU to confirm any reversals you want to make.
Document GPO settings and make sure other admins, and the help desk, know when a new GPO setting is about to be applied.
A SysAdmin has an almost endless list of tasks they must complete on a regular basis. Some are so routine that they can be done while multitasking, others require careful attention to detail and a laser-like focus to ensure that things are done well and completely. While many admins may look at most of the tasks on this list as run of the mill, they frequently present a challenge to others. In this slideshow, Christina Goggi, writing for GFI Software, provides some tips on how to approach them.