Solved

gpo question about enforced

Posted on 2008-06-12
4
845 Views
Last Modified: 2012-06-27
in a gpo what does it meand enforced yes no
0
Comment
Question by:zenworksb
  • 2
4 Comments
 
LVL 11

Expert Comment

by:Forrest Burris
Comment Utility
Enforced means that when each PC polls the server for running group policies, it will only enact the ones that are enforced. If it is not enforced, it will SEE the GPO but ignore the enactment of it. It's like a REM line in a script file.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
Comment Utility
An enforced policy is a policy that cannot be overridden. Normally when a policy is applied any configuration chnages it makes can be overridden by other policies applied afterwards, and policies can also be blocked with the "block inheritance" option.

If a policy is enforced ten any settings it applies cannot be overridden or blocked.

0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
The Enforced setting is applied to individual GPO links to containers (OUs etc.) within your Group Policy structure. It does not apply to the GPO object itself - a GPO could be linked in two places, with one link enforced and the other not enforced.

Using the enforced option is just one of the ways to control inheritance of Group Policy settings by child containers and subsequently child objects. The normal procedure for inheriting settings if the same setting is set in two different policies is to use the policy which was set last - i.e. the child-most policy relative to the object the policy is applying to. If you Enforce a GPO link, ALL the policies within that GPO will never be overwritten by any child GPOs below the container where you link the policy.

Unless you have good reason to, you shouldn't set all your policies to Enforced as it can hamper troubleshooting when policies don't work correctly later on. There are also other ways to get around requiring enforced policies if necessary - organising OUs and objects better for example.

More info: http://technet2.microsoft.com/windowsserver/en/library/ec6f9770-6a45-49c1-a37f-648a9012827c1033.mspx?mfr=true
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
So even after providing a link and some more information I don't get any points?
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now