We help IT Professionals succeed at work.

GPO vs Application

What takes presedence in the event the Group Policy Object is configured one way and a Windows end user application is set a different.  

For example:
With in the Windows Settings/Security Settings/Security Options  the policy is configured to Smart Card Removal Behavior = Lock Workstation.


The Smart Card Middleware that resides on the desktop is is configured to Card Removal Behavior= Logoff

Does the GPO take presedence?
Watch Question

Top Expert 2007
Yes, the GPO should win out.

Policies are processed in the order of Local, Site, Domain, OU  (LSDOU) - any conflicting settings will be decided by the policy that processes last. So local will always lose out if it's configured elsewhere in the domain.
I've not seen that specific scenario in action, but my bet would be that:

[a] The middleware would set the item in question
[b] GPO would overwrite the setting the next time it refreshes - every 90-is minutes on a member server or workstation

I'd have to mock something up in a test lab to confirm, but my hip shot is that you will wind up with non-deterministic behavior if you stay in that configuration.
Sorry, aissim is correct.  I was thinking of a configuration item in some kind of Tools-->Options screen, not having the middleware configure that setting in local GPO.  domain-based GPO will always win out over local GP, as aissim indicates.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.