[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Group Policy and Local Policy,

Posted on 2006-04-02
6
Medium Priority
?
290 Views
Last Modified: 2010-04-18
I am still not familiar on how does a particular group policy enforced in a PC. For instance what happened if a client can't connect to a DC then which policy will be enforced? (Local or Group Policy domain)?
Can anyone help me on this? Perhaps by giving me a relevant document to this?
0
Comment
Question by:kecoak
  • 4
  • 2
6 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16354479
Hi kecoak,

rule of thumb with security policies is last applied wins

local policy applies first - then default domain - then any GPO policies that relate to the machine.... GPO policies will enforce and win.

when a policy is applied it is also cached on the machine itself, so if the user cant connect to a DC, all his settings are still there. if not then a massive security hole would be opened as anyone could just unplug their cable, log in with cached credentials, stick  cable back in and then for the next 90 mins have a completely unlocked machine.......

Policies once applied will basically look after themselves

Cheers!
0
 
LVL 20

Accepted Solution

by:
ikm7176 earned 2000 total points
ID: 16354485
Hi kecoak,

Follow a simple rule, the group policies will be applied in the following order LSDOU

1. L = Local Group Policy
2. S = GP applied at Site level
3. D = GP applied at Domain Level
4. OU=GP applied at OU level

If GP is applied at  Local and Domain level, GP applied at Domail level will be enforced.



Cheers!
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 20

Expert Comment

by:ikm7176
ID: 16354563
kecoak,

You can always use the GPresult.exe to determine the Group policy applied to your client machine.

http://www.windowsnetworking.com/articles_tutorials/Resultant-Set-Policy-Queries-GPRESULT.html

For more information on Group Policies, follow the link below

http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/default.mspx
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16414077
is that not the same answer i gave you to start with?

why did you accept the same answer that wasnt given afterwards?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16414079
was given*
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Integration Management Part 2
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question