Re: Question regarding Group Policy appling order
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Wed, 16 Jul 2008 13:32:58 +0000 (UTC)
Hello Valdas,
GPO's are applied in the following order, listed low to high:
local
site
domain
ou
subou
subsubou
So your firewall is the first that applies, then domain policy. First OU, then domain. From high to low.
For your real would be nice to see where your user account is located. GPMC overview.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello,
This is a general question - do i correctly interpret what i have
read. I'm
reading 70-294 training kit. It says:
<...>
Computer configuration settings are processed. This occurs
synchronously by
default and in the following order: local GPO, site GPOs, domain GPOs,
and OU
GPOs.
<...>
GPOs linked to the OU highest in the Active Directory hierarchy are
applied
first, followed by GPOs linked to its child OU, and so on. Finally,
the GPOs
linked to the OU that contains the user or computer are applied. At
the level
of each OU in the Active Directory hierarchy, one, many, or no GPOs
can be
linked. If several group policies are linked to an OU, then they are
applied
synchronously
in an order specified by the administrator.
This order means that the local GPO is applied first, and GPOs linked
to the
OU of which the computer or user is a direct member are applied last,
overwriting the earlier GPOs.
So I make a test lab.
Here is what my group policy management looks like
http://i355.photobucket.com/albums/r447/biesas/GP.jpg
Here is what my RSOP generates for a computer under TestComputers OU
looks
like
http://i355.photobucket.com/albums/r447/biesas/RSOP.jpg
The question is why are the GPO's listed in reverse order. From what
i've read local policy applies first, default domain policy applies
second and Firewall RPC DCOM.. applies third.. Understanding this will
help me understand the next thing.
Now the real environment.
http://i355.photobucket.com/albums/r447/biesas/Real.jpg
Why there are 2 default domain policy, 2 proxy, 2 local group policy
entries
in this RSOP user configuration properites window???? May there be
something
with loopback processing?
I know i mix up computer and user configuration properties in my lab
and real environment examples. But GPO processing is reverse in both
cases. Is this the way it supposed to be. What i am missing?
Please comment.
.
- Follow-Ups:
- Re: Question regarding Group Policy appling order
- From: Valdas Adomaitis
- Re: Question regarding Group Policy appling order
- Prev by Date: Re: DHCP Client & Dynamic DNS
- Next by Date: Re: Adding Domain Controller
- Previous by thread: query AD from Excel
- Next by thread: Re: Question regarding Group Policy appling order
- Index(es):
Relevant Pages
|
Loading
