Planning Group Policy Deployment for Your Isolation Zones
Applies To: Windows Server 2008, Windows Server 2008 R2
After you have decided on the best logical design of your isolation environment for the network and computer security requirements, you can start the implementation plan.
You have a list of isolation zones with the security requirements of each. For implementation, you must plan the groups that will hold the computer accounts in each zone, the network access groups that will be used to determine who can access an isolated server, and the GPOs with the connection security and firewall rules to apply to corresponding groups. Finally you must determine how you will ensure that the policies will only apply to the correct computers within each group.