Server 2003 Migration and Group Policy Rationalization

Prior to migrating from Windows Server 2003 to Windows Server 2012 R2, you should perform some sort of audit to determine how many group policy objects your organization has, how group policy is applied, and whether or not it could be done in a more efficient manner.

The reality for many organizations when it comes to group policy is that many group policies are put in place, do the job that they were put in place for, but are eventually forgotten. I’ve talked to a large number of administrators who have come into an environment to find a substantial number of group policies applied, with little or no documentation explaining why they were deployed in the first place.

Rather than attempt to undo the Gordian knot and possibly break something, many administrators take the approach that it may simply be better not to mess with things. Any administrator who has been around the block knows the “Pottery Barn Rule of SysAdmins” – that is, you break it and you own the problem until it is fixed (though I must admit to having worked with a few admins who have tried the Bart Simpson approach of “I didn’t do it”).

Unfortunately, if you want to rationalize a group policy deployment, at some stage you do have to tackle that Gordian knot and figure out what each group policy does and whether what it does still needs to be done. There are group policy modelling tools built into Windows or better ones available from third parties. Once you’ve figured out what still needs doing, you can take the group policy deployment that will have grown by accretion over the years since you deployed Windows Server 2003 and rationalize it into something a lot more coherent.

Your overall aim should be to accomplish everything that you need to accomplish with the minimum required number of GPOs applied. You should also put in place some good documentation explaining what everything does, so that the next person who comes along in the future to untangle whatever your organization’s group policy deployment has metastasized into has a bit of a head start.