Re: GPO
- From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
- Date: Thu, 26 Jan 2006 19:17:07 -0000
When a computer is booting, it goes through a stage of applying policy.
When this finishes you are left with the logon screen. Logging on does this
again, but this time using the context of the user who is logging on, not
the computer.
At both points the GPO CSE (Client Side Extensions) make a call to a DC to
find their location and then see if there are any GPOs within scope. If
there are, the permissions are checked and if they have the necessary
permissions application starts.
If the computer is not part of a domain, it is unable to locate a DC (as it
has no need to) and therefore doesn't apply any policy other than the local
one.
The "handing out" of IP information is done by DHCP, which is much lower in
the ISO model and has no idea of what Windows is. DHCP has nothing to do
with GPO. Although a domain machine that doesn't pick up a valid DHCP
address will use an APIPA address and then not be able to locate a DC and
thus not apply GPO (among other things).
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- Prev by Date: Re: External Trusts and "specified user doesn't exist"
- Next by Date: Re: Domain Controller Firewall
- Previous by thread: Re: GPO
- Next by thread: Re: Two Domains
- Index(es):
Relevant Pages
|
