Using GMPC on Windows 7 (R2)
Have used GPOs to control desktops but moving into applying GPO's to windows 2008 servers.

It seems that when you view services in the GPMC it generates the list from the endpoint you are running GPMC on?

for example - when editing a server gpo from Windows 7 the list of services comes from the local windows 7 box.

To actually see Server Services you need to access GPMC on a server.

That seems somewhat counterintuitive if GPOs are a central way to manage security settings. (not to mention diff boxes have diff services in many cases)

What is best practice for managing server GPOs - from Windows 7 or only directly on a 2008 server.

I want to be able to control principal of least functionality - all services should be set to automatic, stopped or manual per business/functional need - all unneeded services should be set to stop - nothing set to Not Defined. But this gets really problamatic if what is available depends on the platform from which you are viewing.



If its true - are there any other settings in GPO that work like this?