Active Directory: group policy precedenceIt's important to understand the sequence that group policy uses. I'm creating this video on Server 2008 domain controller, but it could've been done on server 2003 or 2000. Group policies affect all Microsoft operating systems. (2000, xp, vista, 7) ou=organizational unit gpo=group policy object requires a domain controller (active directory) Group Policy Precedence 1. Computer turns on 2. Local GPOs for the computer 3. Site GPOs for the computer 4. Domain GPOs for the computer 5. OU GPOs for the computer 6. Enforced GPOs for the computer 7. User logs in 8. Local GPOs for the user 9. Site GPOs for the user 10. Domain GPOs for the user 11. OU GPOs for the user 12. Enforced GPOs for the user Rule A user policies are more important than computer policies Rule B If a policy has Blocked Inheritance, it does not apply. Rule C Unless it is enforced. Then it does apply. (More than all others. Rule D Unless you deny read permissions to a user/computer for that GPO. Rule E You should never give a deny permission. Rule F Group policy loopback can make computer GPOs over rule User GPOs (computer configuration\policies\admin templates\system\group policy\user group policy loopback processing mode) Rule G Computer policies are updated every 90-120 minutes after the computer is turned on. User policies are updated every 90-120 minutes after the user logs in. Rule H Never get involved in a LAN war in Asia Providing training videos since last Tuesday. http://technoblogical.com Thanks for watching. code pour embarquer la vidéo : >>> http://www.youtube.com/embed/orQns7K-brM <<< |