The difference between Local Group Policy and Domain GPO apply on computer ( on "Computer Configurations" )

In either Local Goup Policy or Domain GPO , there are "Computer Configurations" and "User Configurations" . Now I only want to ask about "Computer Configurations"

When we configure LOCAL Group Policy on "Computer Configurations" , all the Policies on these " Computer Configurations" will be immediately applied to the computer when the computer is power on .

How about when we configure Domain GPOs on the computer would whatever configured on the "Computer Configurations"  immediately apply to the computer when computer power up , or, these policies only apply to the computer when domain user use this computer to logon to domain ????
kcnAsked:
Who is Participating?
 
B HConnect With a Mentor Commented:
domain policies will overwrite your local policies, if the computer is a member of the domain, and if the policy reaches the computer (a few seconds after getting to windows)

logging in is not required, but it is for 'user' configurations
0
 
ChiefITConnect With a Mentor Commented:
Domain policies are configured on a Domain controller. The policy is saved in the Sysvol folder and distributed out using Netbios broadcast. The broadcast will only apply to the computers within the domain. It may take a few minutes for the policy to reach the computers.

When broadcast out, the policy will actually be saved on the last partition of each computer in a file folder that has the user ID as the file name.

Domain policy is a default policy for domain computers.
Local policies are for your local computer.
Site policies are for the entire broadcast site.
and a group policy object is for whatever computers fall within the OU organizational unit that you link the policy to.

That applies to all computer and user configurations.

0
 
sfossupportConnect With a Mentor Commented:
A key point to remember is the order that polices are applied. By default the last one applied wins. They are put down in this order

 Local Policy Computer
 Site Policy Computer
 Domain Policy Computer
 OU Policy Computer
 <User Login>
 Local Policy User
 SIte Policy User
 Domain Policy User
 OU Policy User

 So the local policy is the first one put down and it can be overridden by any of the
 Site, domain or OU policies.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
kcnAuthor Commented:
Hi All ,

Let me try to summarize your comments and my answer .

Question#1
==========
My computer is domain computer . My computer has been configured with Domain GPOs AND Local Group Policy.

Once my computer is power up , the Domain GPOs will be applied to my computer. ==> Am I right ???

Question#2  
==========
My computer is domain computer . My computer has been configured with Domain GPOs AND Local Group Policy.

When my computer is power up , the Domain Controller (DC) is not available , so this time the LOCAL GROUP POLICY will be applied to my computer instead of  Domain GPOs===> Am I right ????
0
 
B HConnect With a Mentor Commented:
#1 yes.
#2 you are wrong.  

note #1 the domain gpo and local gpo are applied to your computer when it starts up.  if the server is available, and if there's a new gpo, it will take a copy of the new gpo and use it.  it uses this until there's a new one, or until the computer loses its domain membership

note #2 since the workstation takes a COPY of the gpo's, it uses them... internet connction or not, server or not, it uses them (see note #1 above)

the domain gpo can overwrite the local gpo... but if something is configured in the local gpo and NOT configured in the domain gpo, the local gpo for that setting will be in effect

0
 
ChiefITConnect With a Mentor Commented:
Domain and Local policies are saved on the client computer. Whether it is attached to the domain or not, the domain GPO's will be applied.

The Group policy objects can be found on that computer's LAST partition in the root of that partitioned drive. It will have a file folder that has a name that resembles a User SID.

0
All Courses

From novice to tech pro — start learning today.