?
Solved

Local policy versus Group Policy

Posted on 2006-04-05
8
Medium Priority
?
291 Views
Last Modified: 2010-04-18
in the past (before i had AD) i configured local (xp service pack 2) firewall policies on xp laptops using gpedit.msc

now these laptops are members of AD and pick up Group Policy.

1) do the local firewall settings on the laptops override the group policy settings?
2) without remotely accessing each laptop and changing the settings to "Not Configured", is there a way I can force the Group Policy settings to override the local settings?

thanks
0
Comment
Question by:naifyboy123
  • 5
  • 3
8 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16379386
Hi naifyboy123,

a Group policy will always override a local policy

rule of thum is last policy applied wins

ie   local    default domain    OU then any sub OU's   the last policy applied is the OU and that takes precedence

if local says deny and Group policy says allow   -  allow wins

Cheers!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16379392
naifyboy123,

you can set your group policy and from the client run a gpupdate /force and the policy settings will take over from the DC

http://www.adminprep.com/articles/default.asp?pageNum=3&action=show&articleid=55

MKBeans Words of advice....
0
 

Author Comment

by:naifyboy123
ID: 16379415
ok jay_jay70 thanks....

For example if i have a local firewall setting of:

Allow Remote Desktop Exception
Enabled
192.168.0.0/16      (where 192.168.0.0/16 means allow that network)

and the Group Policy

Allow Remote Desktop Exception
Enabled
*       (where * mean any network)

which one will be applied?

thanks again
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 2000 total points
ID: 16379483
the group policy will be applied and take precedence

once you are in a domain environment you should be touchng the local policy on machines :)
0
 

Author Comment

by:naifyboy123
ID: 16379517
ok - one more -

when the laptop is remote and offline (I.E not connected to the network)

which policy will apply?
will the domain group policy be cached and get applied or will the local policy be applied?

thanks
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16379534
naifyboy123,

your correct   the domain policy is cached and the settings hold :)
0
 

Author Comment

by:naifyboy123
ID: 16379564
cool - thanks very much
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16379692
naifyboy123,

no worries mate

all the best
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question