Re: Question regarding Group Policy appling order
- From: Valdas Adomaitis <biesas_2000@xxxxxxxxx>
- Date: Wed, 16 Jul 2008 07:24:01 -0700
Thanks for the reply.
I think there is a bit of confusion in terminology. I think firewall applies
last, but it has the highest priority (it stays) i.e. as it is applied last
ir overwrites all earlier settings that conflict with each other (that in my
example default domain policy has set earlier). but.. i got the idea. I now
understand that there are two terms "appling order" and "priority"..
For real world now. That RSOP user configuration properties window is for
administrator that is in built-in users container.
GPMC is :
http://i355.photobucket.com/albums/r447/biesas/GPMC.jpg
"Meinolf Weber" wrote:
Hello Valdas,.
GPO's are applied in the following order, listed low to high:
local
site
domain
ou
subou
subsubou
So your firewall is the first that applies, then domain policy. First OU,
then domain. From high to low.
For your real would be nice to see where your user account is located. GPMC
overview.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello,
This is a general question - do i correctly interpret what i have
read. I'm
reading 70-294 training kit. It says:
<...>
Computer configuration settings are processed. This occurs
synchronously by
default and in the following order: local GPO, site GPOs, domain GPOs,
and OU
GPOs.
<...>
GPOs linked to the OU highest in the Active Directory hierarchy are
applied
first, followed by GPOs linked to its child OU, and so on. Finally,
the GPOs
linked to the OU that contains the user or computer are applied. At
the level
of each OU in the Active Directory hierarchy, one, many, or no GPOs
can be
linked. If several group policies are linked to an OU, then they are
applied
synchronously
in an order specified by the administrator.
This order means that the local GPO is applied first, and GPOs linked
to the
OU of which the computer or user is a direct member are applied last,
overwriting the earlier GPOs.
So I make a test lab.
Here is what my group policy management looks like
http://i355.photobucket.com/albums/r447/biesas/GP.jpg
Here is what my RSOP generates for a computer under TestComputers OU
looks
like
http://i355.photobucket.com/albums/r447/biesas/RSOP.jpg
The question is why are the GPO's listed in reverse order. From what
i've read local policy applies first, default domain policy applies
second and Firewall RPC DCOM.. applies third.. Understanding this will
help me understand the next thing.
Now the real environment.
http://i355.photobucket.com/albums/r447/biesas/Real.jpg
Why there are 2 default domain policy, 2 proxy, 2 local group policy
entries
in this RSOP user configuration properites window???? May there be
something
with loopback processing?
I know i mix up computer and user configuration properties in my lab
and real environment examples. But GPO processing is reverse in both
cases. Is this the way it supposed to be. What i am missing?
Please comment.
- Follow-Ups:
- Re: Question regarding Group Policy appling order
- From: Meinolf Weber
- Re: Question regarding Group Policy appling order
- References:
- Re: Question regarding Group Policy appling order
- From: Meinolf Weber
- Re: Question regarding Group Policy appling order
- Prev by Date: Re: Unlock administrator accounts
- Next by Date: Re: Question regarding Group Policy appling order
- Previous by thread: Re: Question regarding Group Policy appling order
- Next by thread: Re: Question regarding Group Policy appling order
- Index(es):
Relevant Pages
|
