Basic GPO questions

Posted on 2008-11-13
Last Modified: 2012-05-05
Hello AD experts!

I was hoping someone could help me out with some basic GPO questions I had...

i) From what I understand, there are two types of Group Policies; User Config and Computer Config. User config is settings that are centred around the user, and can be applied to the OU that the specificed users reside in

ii) Computer config relate to settings for the machine, and are applied to the OU the target computer resides in

iii) If you want to apply a User Config for specificed target machines (e.g. a specific OU), you use LoopBack

iv) Is it possible to have one GPO that contains both User Config and Computer Config? If so, how would you apply it?

v) A User Config GPO cannot be applied to a computer OU (unless loopback is set). Likewise, a Computer Config OU cannot be set for a user OU

vi) What is GPO linking?

Question by:kam_uk
    LVL 70

    Accepted Solution

    Your understanding is basically correct.
    The user Config is applied based on the OU the user account us in
    The computer config is applied based on the OU the computer account is in

    OU linking referrs toattaching the polices to containers. You can create a GPO and then once created you link (or attach) it to the domain or OU, or indeed you can create a link to apply policies to multiple OUs
    LVL 7

    Assisted Solution

    More explaination about the Link OU if you needed:
    LVL 3

    Author Comment

    So, out of curiosity, can you have one GPO that contains both User and Computer config?
    LVL 6

    Assisted Solution

    Yes.. you can. Always computer policies are over ridden by user policies if there is a difference.. if its not different it will be a combination of all rules.
    LVL 70

    Expert Comment

    Yes - indeed its quite common to do so. Where polices are linked to the domain for example both the computer and user settings will be applied (in that order), since the computer account and user account are both in the linked object (the domain),

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    Synchronize a new Active Directory domain with an existing Office 365 tenant
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now