[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Basic GPO questions

Posted on 2008-11-13
Medium Priority
Last Modified: 2012-05-05
Hello AD experts!

I was hoping someone could help me out with some basic GPO questions I had...

i) From what I understand, there are two types of Group Policies; User Config and Computer Config. User config is settings that are centred around the user, and can be applied to the OU that the specificed users reside in

ii) Computer config relate to settings for the machine, and are applied to the OU the target computer resides in

iii) If you want to apply a User Config for specificed target machines (e.g. a specific OU), you use LoopBack

iv) Is it possible to have one GPO that contains both User Config and Computer Config? If so, how would you apply it?

v) A User Config GPO cannot be applied to a computer OU (unless loopback is set). Likewise, a Computer Config OU cannot be set for a user OU

vi) What is GPO linking?

Question by:kam_uk
LVL 70

Accepted Solution

KCTS earned 1200 total points
ID: 22955822
Your understanding is basically correct.
The user Config is applied based on the OU the user account us in
The computer config is applied based on the OU the computer account is in

OU linking referrs toattaching the polices to containers. You can create a GPO and then once created you link (or attach) it to the domain or OU, or indeed you can create a link to apply policies to multiple OUs

Assisted Solution

enzogoy earned 400 total points
ID: 22955864
More explaination about the Link OU if you needed:

Author Comment

ID: 22956016
So, out of curiosity, can you have one GPO that contains both User and Computer config?

Assisted Solution

question earned 400 total points
ID: 22956189
Yes.. you can. Always computer policies are over ridden by user policies if there is a difference.. if its not different it will be a combination of all rules.
LVL 70

Expert Comment

ID: 22956260
Yes - indeed its quite common to do so. Where polices are linked to the domain for example both the computer and user settings will be applied (in that order), since the computer account and user account are both in the linked object (the domain),

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question