Re: Question regarding Group Policy appling order
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Fri, 18 Jul 2008 11:30:39 +0000 (UTC)
Hello Valdas,
Thank's for the feedback.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Yep that was a loopback issue with "merge" setting causing the
duplication of GPO records in user configuration settings in RSOP. I
changed this to replace and unnecesary GPO's no longer apply when user
logs on to terminal server.
Thank you for your replies.
"Meinolf Weber" wrote:
Hello Valdas,
What roles have the server where the administrator logs on to?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I think loopback processing is the cause. I'll investigate. If I
come to a conclusion i'll post here.
"Meinolf Weber" wrote:
Hello Valdas,
I have no idea, why it is showing up that way. If i run RSOP for my
administrator it displays only once the policies. I suggest for
this specific topic, to post here:
microsoft.public.windows.group_policy
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Thanks for the reply.
I think there is a bit of confusion in terminology. I think
firewall applies last, but it has the highest priority (it stays)
i.e. as it is applied last ir overwrites all earlier settings that
conflict with each other (that in my example default domain
policy has set earlier). but.. i got the idea. I now understand
that there are two terms "appling order" and "priority"..
For real world now. That RSOP user configuration properties window
is
for
administrator that is in built-in users container.
GPMC is :
http://i355.photobucket.com/albums/r447/biesas/GPMC.jpg
"Meinolf Weber" wrote:
Hello Valdas,
GPO's are applied in the following order, listed low to high:
local
site
domain
ou
subou
subsubou
So your firewall is the first that applies, then domain policy.
First
OU, then domain. From high to low.
For your real would be nice to see where your user account is
located. GPMC overview.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Hello,
This is a general question - do i correctly interpret what i
have
read. I'm
reading 70-294 training kit. It says:
<...>
Computer configuration settings are processed. This occurs
synchronously by
default and in the following order: local GPO, site GPOs, domain
GPOs,
and OU
GPOs.
<...>
GPOs linked to the OU highest in the Active Directory hierarchy
are
applied
first, followed by GPOs linked to its child OU, and so on.
Finally,
the GPOs
linked to the OU that contains the user or computer are applied.
At
the level
of each OU in the Active Directory hierarchy, one, many, or no
GPOs
can be
linked. If several group policies are linked to an OU, then they
are
applied
synchronously
in an order specified by the administrator.
This order means that the local GPO is applied first, and GPOs
linked
to the
OU of which the computer or user is a direct member are applied
last,
overwriting the earlier GPOs.
So I make a test lab.
Here is what my group policy management looks like
http://i355.photobucket.com/albums/r447/biesas/GP.jpg
Here is what my RSOP generates for a computer under
TestComputers
OU
looks
like
http://i355.photobucket.com/albums/r447/biesas/RSOP.jpg
The question is why are the GPO's listed in reverse order. From
what
i've read local policy applies first, default domain policy
applies
second and Firewall RPC DCOM.. applies third.. Understanding
this
will
help me understand the next thing.
Now the real environment.
http://i355.photobucket.com/albums/r447/biesas/Real.jpg
Why there are 2 default domain policy, 2 proxy, 2 local group
policy
entries
in this RSOP user configuration properites window???? May there
be
something
with loopback processing?
I know i mix up computer and user configuration properties in my
lab
and real environment examples. But GPO processing is reverse in
both
cases. Is this the way it supposed to be. What i am missing?
Please comment.
.
- References:
- Re: Question regarding Group Policy appling order
- From: Valdas Adomaitis
- Re: Question regarding Group Policy appling order
- Prev by Date: Re: imaging a Domain Controller in a multi-Domain Controller environment
- Next by Date: maybe off-topic...but I know that RMueller hangs out here sometimes...
- Previous by thread: Re: Question regarding Group Policy appling order
- Next by thread: Re: New AD Forest in an existing domain "Real World" gotchas?
- Index(es):
Relevant Pages
|
