The difference between Local Group Policy and Domain GPO apply on computer ( on "Computer Configurations" )

In either Local Goup Policy or Domain GPO , there are "Computer Configurations" and "User Configurations" . Now I only want to ask about "Computer Configurations"

When we configure LOCAL Group Policy on "Computer Configurations" , all the Policies on these " Computer Configurations" will be immediately applied to the computer when the computer is power on .

How about when we configure Domain GPOs on the computer would whatever configured on the "Computer Configurations"  immediately apply to the computer when computer power up , or, these policies only apply to the computer when domain user use this computer to logon to domain ????
kcnAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

B HCommented:
domain policies will overwrite your local policies, if the computer is a member of the domain, and if the policy reaches the computer (a few seconds after getting to windows)

logging in is not required, but it is for 'user' configurations
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ChiefITCommented:
Domain policies are configured on a Domain controller. The policy is saved in the Sysvol folder and distributed out using Netbios broadcast. The broadcast will only apply to the computers within the domain. It may take a few minutes for the policy to reach the computers.

When broadcast out, the policy will actually be saved on the last partition of each computer in a file folder that has the user ID as the file name.

Domain policy is a default policy for domain computers.
Local policies are for your local computer.
Site policies are for the entire broadcast site.
and a group policy object is for whatever computers fall within the OU organizational unit that you link the policy to.

That applies to all computer and user configurations.

0
sfossupportCommented:
A key point to remember is the order that polices are applied. By default the last one applied wins. They are put down in this order

 Local Policy Computer
 Site Policy Computer
 Domain Policy Computer
 OU Policy Computer
 <User Login>
 Local Policy User
 SIte Policy User
 Domain Policy User
 OU Policy User

 So the local policy is the first one put down and it can be overridden by any of the
 Site, domain or OU policies.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

kcnAuthor Commented:
Hi All ,

Let me try to summarize your comments and my answer .

Question#1
==========
My computer is domain computer . My computer has been configured with Domain GPOs AND Local Group Policy.

Once my computer is power up , the Domain GPOs will be applied to my computer. ==> Am I right ???

Question#2  
==========
My computer is domain computer . My computer has been configured with Domain GPOs AND Local Group Policy.

When my computer is power up , the Domain Controller (DC) is not available , so this time the LOCAL GROUP POLICY will be applied to my computer instead of  Domain GPOs===> Am I right ????
0
B HCommented:
#1 yes.
#2 you are wrong.  

note #1 the domain gpo and local gpo are applied to your computer when it starts up.  if the server is available, and if there's a new gpo, it will take a copy of the new gpo and use it.  it uses this until there's a new one, or until the computer loses its domain membership

note #2 since the workstation takes a COPY of the gpo's, it uses them... internet connction or not, server or not, it uses them (see note #1 above)

the domain gpo can overwrite the local gpo... but if something is configured in the local gpo and NOT configured in the domain gpo, the local gpo for that setting will be in effect

0
ChiefITCommented:
Domain and Local policies are saved on the client computer. Whether it is attached to the domain or not, the domain GPO's will be applied.

The Group policy objects can be found on that computer's LAST partition in the root of that partitioned drive. It will have a file folder that has a name that resembles a User SID.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.