mistaking
asked on
Group Policy processing question and Loopback
I am trying to get my head around the order of group policy processing and the difference loopback makes to it.
Now first of all I have read a load of MS articles and web resources and for me none of them are completely clear.
I know the processing order is Local, site, domain, OU
I know that each GPO processes user configuration first and computer configuration second (making computer configuration take precedence)
Now my first question is are the GPOs linked to BOTH the user account and to the computer account applied (assuming there are GPOs for each)? if so in what order, whcih one takes presedence? and are both parts of the GPO applied (i.e. computer and user configuration settings?)
My next question is how does Loopback change this?
I appreciate the help - its driving me crazy!
Now first of all I have read a load of MS articles and web resources and for me none of them are completely clear.
I know the processing order is Local, site, domain, OU
I know that each GPO processes user configuration first and computer configuration second (making computer configuration take precedence)
Now my first question is are the GPOs linked to BOTH the user account and to the computer account applied (assuming there are GPOs for each)? if so in what order, whcih one takes presedence? and are both parts of the GPO applied (i.e. computer and user configuration settings?)
My next question is how does Loopback change this?
I appreciate the help - its driving me crazy!
ASKER
Ok so if there is a setting in computer configuration of a GPO that I change for example and I apply that GPO to an OU that contains only users - that setting will never be applied beacuse there are no computers in that OU and so computer configuration will never be applied?
I hear ya... this stuff drives me crazy too.
I have found the Group Policy Management Console (GPMC.MSC) to help in understanding the Link Order, Precedence, status etc...
If you don't have it, you may want to try it out.
fs
I have found the Group Policy Management Console (GPMC.MSC) to help in understanding the Link Order, Precedence, status etc...
If you don't have it, you may want to try it out.
fs
The configuration will be applied, but it will be transparent without any settings...
/F
/F
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The computer configuration is processed against the computer account first, so it will cover anyone who may log on. The user settings are then applied after the user's access token has been granted from the domain controller. Those settings are specific to the user.
Loopback settings can either merge or replace the tallied GPO settings for a particular user. merge combines the user's effective GPO settings with the prescribed settings from loopback. Replace, does exactly that, but is geared to giving everyone the same settings on a given machine irregardless of who logs on. Replace is good for kiosks and public computers,
/F