Shivtek
asked on
Gpedit.msc
Hey Guys,
I am a bit bit confused about gpedit.msc.
If I do any changes from start>>run>>gpeit.msc
And create a new policy on a OU (Under properties>>group policy tab) from AD.
Which one takes effect on the user etc.
Can you please explain how that works.
Also for example if I want the user to automatically logoff after logon hours. Where would I make that change, on the OU properties or run>>gpedit.msc
Thanks
I am a bit bit confused about gpedit.msc.
If I do any changes from start>>run>>gpeit.msc
And create a new policy on a OU (Under properties>>group policy tab) from AD.
Which one takes effect on the user etc.
Can you please explain how that works.
Also for example if I want the user to automatically logoff after logon hours. Where would I make that change, on the OU properties or run>>gpedit.msc
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Create OU for computers and users, and create policies for those OU. GPO will work for specified OU, and if there are only users in particular OU, only users GPO settings will apply.
ASKER
I had installed GPO sp1 already.
So when a policy is created under a OU, It wont pick the changes already made in gpedit?
So when a policy is created under a OU, It wont pick the changes already made in gpedit?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Mike that answered my question to the best.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Currently I have setup each user to be a local admin for their computers...and that allows them to do whatever they want on the c:.
Is that a wise thing to do?
Is that a wise thing to do?
Giving admin permisions is not the smartest thing, but you know what you have to do.
Wise or not wise. Depends on what side you sits on :)
Users hates being restricted and management hate to let the emploess mess things up that affects their productivity.
Making them all local admins might be a risk according to viruses and getting junk installed on their (the company's) PC.
Users hates being restricted and management hate to let the emploess mess things up that affects their productivity.
Making them all local admins might be a risk according to viruses and getting junk installed on their (the company's) PC.
ASKER
I am only trying to do this so they save important stuff on their user shares...so that its safe...as servers are always backed up.
Admin rigths in local computer can cost company a lot, if users install not licensed software (CADs or other). Also it might become a gaming computer with fun stuff in it, and management doesn't like it very much.
If you have smart enough users, create the restricted user (regular domain user) for everyday work, and give them a password of local administrator, in case they will need minor changes. Computers will be more safe, and you will be more of a friend to users.
If you have smart enough users, create the restricted user (regular domain user) for everyday work, and give them a password of local administrator, in case they will need minor changes. Computers will be more safe, and you will be more of a friend to users.
ASKER
So if I make any changes from gpedit and not do anything on the OU. GPEDIT will apply.
But if on a OU I enter another policy. That specific policy will apply. Does that policy have the settings made in gpedit ? or its all default?
Please clarify what I understand is right.
Thanks