Basic GPO questions

Hello AD experts!

I was hoping someone could help me out with some basic GPO questions I had...

i) From what I understand, there are two types of Group Policies; User Config and Computer Config. User config is settings that are centred around the user, and can be applied to the OU that the specificed users reside in

ii) Computer config relate to settings for the machine, and are applied to the OU the target computer resides in

iii) If you want to apply a User Config for specificed target machines (e.g. a specific OU), you use LoopBack

iv) Is it possible to have one GPO that contains both User Config and Computer Config? If so, how would you apply it?

v) A User Config GPO cannot be applied to a computer OU (unless loopback is set). Likewise, a Computer Config OU cannot be set for a user OU

vi) What is GPO linking?



LVL 3
kam_ukAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
Your understanding is basically correct.
The user Config is applied based on the OU the user account us in
The computer config is applied based on the OU the computer account is in

OU linking referrs toattaching the polices to containers. You can create a GPO and then once created you link (or attach) it to the domain or OU, or indeed you can create a link to apply policies to multiple OUs
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
enzogoyCommented:
More explaination about the Link OU if you needed:
http://www.petri.co.il/working_with_group_policy.htm
0
kam_ukAuthor Commented:
So, out of curiosity, can you have one GPO that contains both User and Computer config?
0
questionCommented:
Yes.. you can. Always computer policies are over ridden by user policies if there is a difference.. if its not different it will be a combination of all rules.
0
Brian PiercePhotographerCommented:
Yes - indeed its quite common to do so. Where polices are linked to the domain for example both the computer and user settings will be applied (in that order), since the computer account and user account are both in the linked object (the domain),
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.