Solved

gpo question about enforced

Posted on 2008-06-12
4
855 Views
Last Modified: 2012-06-27
in a gpo what does it meand enforced yes no
0
Comment
Question by:zenworksb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 11

Expert Comment

by:Forrest Burris
ID: 21769943
Enforced means that when each PC polls the server for running group policies, it will only enact the ones that are enforced. If it is not enforced, it will SEE the GPO but ignore the enactment of it. It's like a REM line in a script file.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 21770029
An enforced policy is a policy that cannot be overridden. Normally when a policy is applied any configuration chnages it makes can be overridden by other policies applied afterwards, and policies can also be blocked with the "block inheritance" option.

If a policy is enforced ten any settings it applies cannot be overridden or blocked.

0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21770299
The Enforced setting is applied to individual GPO links to containers (OUs etc.) within your Group Policy structure. It does not apply to the GPO object itself - a GPO could be linked in two places, with one link enforced and the other not enforced.

Using the enforced option is just one of the ways to control inheritance of Group Policy settings by child containers and subsequently child objects. The normal procedure for inheriting settings if the same setting is set in two different policies is to use the policy which was set last - i.e. the child-most policy relative to the object the policy is applying to. If you Enforce a GPO link, ALL the policies within that GPO will never be overwritten by any child GPOs below the container where you link the policy.

Unless you have good reason to, you shouldn't set all your policies to Enforced as it can hamper troubleshooting when policies don't work correctly later on. There are also other ways to get around requiring enforced policies if necessary - organising OUs and objects better for example.

More info: http://technet2.microsoft.com/windowsserver/en/library/ec6f9770-6a45-49c1-a37f-648a9012827c1033.mspx?mfr=true
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21770354
So even after providing a link and some more information I don't get any points?
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question