Group Policy Processing
As in the past, policies are applied in this order:
1. Local
2. Site
3. Domain
4. OU
The closer the policy is to the object, the more significant it is.
For old hippies, it is LSD OU
Policies are cumulative. If there is a conflict, for instance desktop color, the last policy applied wins.
If you had pink on the local it would be set initially.
If you then had red at the site, the desktop would turn red.
If you had purple at the Domain, the desktop would then turn purple.
We then apply blue at the OU and the desktop is blue--the final step and the policy closest to the object.
When multiple policies are linked to an OU, the apply from the bottom of the list to the top. That is if we had 3 policies, number 3 would apply, then number 2, and lastly number 1. If there were conflicts, a value set in more than one policy, the one that applies last wins.
In this policy set, Policy Two Applies then Policy One Applies
Policies inherit in the OU structure.
A domain poicy will inherit to all the OU's under it.
Policies can be blocked by the OU manager.
Right Click on the OU
Policies can be forced to be inherited with the enforced flag.
Loopback Mode
Use for computers in a public area. The users settings are not evaluated in replace mode. Can also have merge mode.
To refresh policies after changes, right click on the OU and choose group policy update.
You can update Group Policy on computers in a much more flexible way if you use the Invoke-GpUpdate cmdlet in Windows PowerShell.
| Group Policy Cmdlet | Function |
| Backup-GPO | Backs up one GPO or all GPOs in a domain |
| Copy-GPO | Copies a GPO |
| Get-GPInheritance | Retrieves Group Policy inheritance information for a specified domain or OU |
| Get-GPO | Gets one GPO or all GPOs in a domain |
| Get-GPOReport | Generates a report in either XML or HTML format for a specified GPO or for all GPOs in a domain |
No comments:
Post a Comment