Some basic steps are involved in using Group Policy to enforce security.

First, you need to identify exactly what security settings you need to deploy. Do you simply need to ensure that all users are forced to use a password-protected screensaver? If so, a simple GPO will probably provide the necessary functionality. However, if you need to deploy complex security settings, including file permissions and network security settings, you’ll need to configure a security template and add that template to a GPO.

The next step requires you to determine the scope for your security deployment. Do you need to deploy all your security settings domainwide or to particular OUs? It’s actually quite rare to deploy one all-encompassing set of security settings across an entire domain, because those settings would affect every user and computer in the domain, including domain controllers and servers. Instead, you’ll typically deploy security settings to specific OUs. In fact, once you start thinking about where you want to deploy your security settings, you may find that you need to restructure your Active Directory OU hierarchy a bit to accommodate your security deployment needs.

Of course, you’ll need to thoroughly test your security settings before deploying them companywide. Create a test OU (or even an entire test network) that you can use to deploy your security settings to a small number of computers for evaluation. It’s very easy to create security templates ...