• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 285
  • Last Modified:

GPO vs Application

What takes presedence in the event the Group Policy Object is configured one way and a Windows end user application is set a different.  

For example:
With in the Windows Settings/Security Settings/Security Options  the policy is configured to Smart Card Removal Behavior = Lock Workstation.


The Smart Card Middleware that resides on the desktop is is configured to Card Removal Behavior= Logoff

Does the GPO take presedence?
  • 2
1 Solution
Yes, the GPO should win out.

Policies are processed in the order of Local, Site, Domain, OU  (LSDOU) - any conflicting settings will be decided by the policy that processes last. So local will always lose out if it's configured elsewhere in the domain.
I've not seen that specific scenario in action, but my bet would be that:

[a] The middleware would set the item in question
[b] GPO would overwrite the setting the next time it refreshes - every 90-is minutes on a member server or workstation

I'd have to mock something up in a test lab to confirm, but my hip shot is that you will wind up with non-deterministic behavior if you stay in that configuration.
Sorry, aissim is correct.  I was thinking of a configuration item in some kind of Tools-->Options screen, not having the middleware configure that setting in local GPO.  domain-based GPO will always win out over local GP, as aissim indicates.

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now