• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 285
  • Last Modified:

GPO vs Application

What takes presedence in the event the Group Policy Object is configured one way and a Windows end user application is set a different.  

For example:
With in the Windows Settings/Security Settings/Security Options  the policy is configured to Smart Card Removal Behavior = Lock Workstation.

However

The Smart Card Middleware that resides on the desktop is is configured to Card Removal Behavior= Logoff

Does the GPO take presedence?
0
ebetancourth
Asked:
ebetancourth
  • 2
1 Solution
 
aissimCommented:
Yes, the GPO should win out.

Policies are processed in the order of Local, Site, Domain, OU  (LSDOU) - any conflicting settings will be decided by the policy that processes last. So local will always lose out if it's configured elsewhere in the domain.
0
 
LauraEHunterMVPCommented:
I've not seen that specific scenario in action, but my bet would be that:

[a] The middleware would set the item in question
[b] GPO would overwrite the setting the next time it refreshes - every 90-is minutes on a member server or workstation

I'd have to mock something up in a test lab to confirm, but my hip shot is that you will wind up with non-deterministic behavior if you stay in that configuration.
0
 
LauraEHunterMVPCommented:
Sorry, aissim is correct.  I was thinking of a configuration item in some kind of Tools-->Options screen, not having the middleware configure that setting in local GPO.  domain-based GPO will always win out over local GP, as aissim indicates.
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now