Re: Domain GPO v DC

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 07/10/04 

Date: Sat, 10 Jul 2004 16:49:44 GMT

Think of it this way. Group Policies [GPO] apply to computers or users in the
container they are applied to. The container is either the domain container, the
domain controller container, or an Organizational Unit that you create. Policy is
processed in this order with any defined settings in the last applied policy
"winning" - local>site>domain>Organizational Unit [which always would be a
subcontainer of the domain]. In your case, either your computers are in the domain
controller container OR you have the domain controller Group Policy "linked" to the
domain container. A Group Policy after being created, can be "linked" which means it
will apply to any container in the domain. See the link below on learning more about
Group Policy. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/management/groupsteps.asp
http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/distsys/part4/dsgch22.mspx

"Peter" <anonymous@discussions.microsoft.com> wrote in message
news:2a49b01c4659c$e05532c0$a301280a@phx.gbl...
> Thanks for your reply.
>
> Sorry, I didn't quite get it. I am a little bit thick !
>
> Could you please re-explain ?
>
> Peter.
>
> >-----Original Message-----
> >By default the Domain Controller Security Policy applies
> only to computers in
> >the domain controller container which should be only
> domain controllers. Either
> >you have your computers in the domain controllers
> container or you have the
> >default domain controller GPO linked to the domain
> container which you can check
> >in AD Users and Computers. Select the domain
> container/properties/Group Policy
> >to view what GPO's are linked to the domain. You can
> also use the gpresult free
> >support tool to view what Group Policy's are applied to
> a computer and the
> >logged on user. --- Steve
> >
> >
> >"Peter" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:2a0f901c4654d$feb26d90$a301280a@phx.gbl...
> >> Hello
> >>
> >> Anyone knows why GPOs which are defined in the domain
> >> security strategy do not apply ? on all my machines in
> >> the domain it's the domain controller security strategy
> >> which apply to all my machines in the domain.
> >>
> >> TIA
> >>
> >>
> >
> >
> >.
> >

Relevant Pages

  • RE: Client Access Rights
    ... You can do this with Group Policy. ... the COMPUTERS in the admin and sales dept. Create a group policy ... Now apply this policy to the container you made containing the computers ...
    (microsoft.public.windows.server.networking)
  • RE: Client Access Rights
    ... You can do this with Group Policy. ... the COMPUTERS in the admin and sales dept. Create a group policy ... Now apply this policy to the container you made containing the computers ...
    (microsoft.public.cert.exam.mcse)
  • RE: Client Access Rights
    ... You can do this with Group Policy. ... the COMPUTERS in the admin and sales dept. Create a group policy ... Now apply this policy to the container you made containing the computers ...
    (microsoft.public.win2000.networking)
  • Re: Group Policies have stopped working.
    ... > We've had Group Policies running for well over a year here with little ... > Group Policy was applied from: ... > My AD is split geographically with a US container with seperate Users ... > There is also a EU container with seperate Users and Computers ...
    (microsoft.public.win2000.group_policy)
  • Re: Join a PC to a specific OU?
    ... A new feature in Windows 2003 is you can redirect the Computers container to ... Since I'm doing the domain join as part of an unattended build, ... > should be the default container/OU to add machines to. ...
    (microsoft.public.win2000.setup_deployment)