Re: More than one GPO on the same OU
From: Chriss3 (noSpamHere_at_chrisse.se)
Date: 04/28/04
- Next message: Chriss3: "Re: ie security trusted sites entries get lost"
- Previous message: bogden: "Instant Messenger"
- In reply to: Ihab Abedrabbo: "More than one GPO on the same OU"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 28 Apr 2004 17:13:40 +0200
Please read answers inline.
You may found the follow link help full.
How does the Group Policy 'No Override' and 'Block Inheritance' work?
http://www.winnetmag.com/Article/ArticleID/15420/15420.html
-- Regards Christoffer Andersson No email replies please - reply in the newsgroup ------------------------------------------------ http://www.chrisse.se - Active Directory Tips "Ihab Abedrabbo" <ihab17@hotmail.com> skrev i meddelandet news:587801c42d2d$f4315af0$a001280a@phx.gbl... > Hi > General Knowlwdge/Basic Question > I get confused between: > 1: BLOCK POLICY INHERITANCE > 2: NO OVERRIDE option of a GPO > 3: PRIORITY (When 2 or more GPOs are applied on the same > OU) > > I have a domain called AQ. This AQ domain has an > Organizational Unit OU called ClientsOU where specific > client computer accounts and user accounts reside. > > I configured my DEFAULT DOMAIN POLICY GPO linked to the > whole domain with a simple GPO for testing. I only changed > the settings found on: > COMPUTER CONFIGURATION > ADMINISTRATIVE TEMPLATES > WINDOWS COMPONENTS > WINDOWS INSTALLER > ALWAYS INSTALL WITH ELEVATED PRIVILAGES to (ENABLED) > > The rest of the GPO is left untouched (NOT CONFIGURED) > On the ClientsOU instead, I added another GPO called > ClientsOUGPO, where I configured only the following item: > COMPUTER CONFIGURATION > ADMINISTRATIVE TEMPLATES > WINDOWS COMPONENTS > WINDOWS INSTALLER > ENABLE USER CONTROL OVER INSTALLS to (ENABLED). > > Question(s): > 1: Does that mean that the resultant configuration on > computers in the ClientsOU get BOTH settings enabled? > In other words, the > ENABLE USER CONTROL OVER INSTALLS (NOT CONFIGURED) of the > domain becomes (ENABLED) on the client PCs, and also > ALWAYS INSTALL WITH ELEVATED PRIVILAGES becomes (ENABLED) > too? [Christoffer Andersson] Yes you are right here. The ALWAYS INSTALL WITH ELEVATED PRIVILAGES needs to be set in both User Configuration Part and Computer Configuration Part to be come active. > > 2: If I check the BLOCK POLICY ENHERITANCE on the > properties of ClientsOU, does that mean that I won't get > ANY configuration from the DEFAULT DOMAIN POLICY settings? > Meaning, will I only get : > ENABLE USER CONTROL OVER INSTALLS set to (ENABLED) while > the rest remain set to (NOT CONFIGURED)? [Christoffer Andersson] Yes no policys from higher-level objects are applied, No Override Option takes precedence over Block Inheritance > > 3: The priority I believe is connected to two ore more > conflicting settings, and that the highest GPO set on an > OU wins the battle, right? [Christoffer Andersson] Yes if a No Override Option are set to anyother. > > 4: And finally, If I have 2 or more GPOs linked to the > same OU, the resultant Computer/User settings would be the > SUM of all GPOs' settings, but of course, with exception > to conflicting settings of the same items where the > highest GPO gets applied! RIGHT? [Christoffer Andersson] The down level GPO will be used if some settings conflicting > > Thanks a lot. > Ihab >
- Next message: Chriss3: "Re: ie security trusted sites entries get lost"
- Previous message: bogden: "Instant Messenger"
- In reply to: Ihab Abedrabbo: "More than one GPO on the same OU"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
