Re: Local caching of AD-based Group Policy
- From: "Darren Mar-Elia \(MVP\)" <dmanonymous@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 27 Sep 2006 21:52:32 -0700
Frank-
Group Policy settings are not cached in the sense that they are not
processed when a domain member computer is not connected to the network.
However, several things do occur in that scenario. First off, if GP settings
are applied when you are connected to the domain, and then you disconnect
and attempt to "muck" with your policy by editing the local GPO, you will
find that to be ineffective. This is because ALL GP processing ceases to
occur if a DC can't be contacted. So, any settings that were made by GP
prior to disconnecting from the network are still there--not really cached
because they are "live", just not updated.
Hope that makes sense. So the example below from Exam Cram is not correct.
If you have a setting, like disabling the floppy, that's put in place when
you're on the network, it will be retained when you're off the network, as
long as the machine is part of a domain.
As for the role of ntuser.pol, you may have read me talking about it here or
elsewhere. That file holds all registry policy that apply to the machine.
Its role is to store all the merged policies when a computer or user is
processing GP and then, to remove those policies during the next processing
cycle, before re-applying new settings. That file is really the key behind
registry non-tattooing behavior of true policies.
And really there is no relationship between cached creds, user profiles and
policies.
Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
Group Policy Management solutions at http://www.sdmsoftware.com
"Frank" <fvbarger@xxxxxxxxxxx> wrote in message
news:Ol8fybq4GHA.4888@xxxxxxxxxxxxxxxxxxxxxxx
I'm studying for the 70-270 exam and am confused about a point that I
expect to be tested on. A couple of sources, particularly the Exam Cram 2
text, seem to strongly suggest that the SDOU settings will not be present
if the Win XP Pro client is booted and the user logged in while
disconnected from the domain. Thus if certain settings, like disabling
the floppy, are to be in effect if the user is away from the network, they
should be in Local Group Policy, not Domain-Based Group Policy. Other
knowledgable sources claim the opposite: That if the Win XP Pro client is
booted and logged in on the domain network, and the SDOU settings have
been processed to completion just once, then those settings (though not
necessarily current) will be present ever more, under all circumstances,
provided that the user has a domain account. Authoritative texts, such as
ones about Win Server 2003, Active Directory, and Group Policy are silent
on the point.
Now, if AD-based Group Policy settings ARE actually cached on the Win XP
Pro client, could someone please tell me where they're stored? I'm
actually acquainted with the NTUSER.POL files, but haven't been able to
establish their exact function. From what I read somewhere in the distant
past, it seems like they might be to remove discontinued policies.
I hope I can provoke a little discussion, just to see if I hear any
agreement. It occurred to me that perhaps there has been confusion
between Cached Logon Credentials, Cached User Profiles, and Cached
AD-Based Group Policy. Well they are at least related, but do they
actually go hand in hand?
I'd sure appreciate any help you can give me on this matter.
Thanks!
.
- Follow-Ups:
- Re: Local caching of AD-based Group Policy
- From: Frank
- Re: Local caching of AD-based Group Policy
- References:
- Local caching of AD-based Group Policy
- From: Frank
- Local caching of AD-based Group Policy
- Prev by Date: Local caching of AD-based Group Policy
- Next by Date: Re: join new domain via group policy
- Previous by thread: Local caching of AD-based Group Policy
- Next by thread: Re: Local caching of AD-based Group Policy
- Index(es):
Relevant Pages
|
