AJJ36
asked on
Active Directory - Group Policy Question
1. Are local group policies applied differently than domain group policies in terms of which one takes precedence? It is my understanding that the most specific GPO is takes precedence is that true for both local and domain?
2. Reading the 70-622 book it states that if I had a domain structure like the one below
Forest: hq.contoso.com
OU: Accounting, Finance Human Resouces, IT etc
IT OU split into Desktops, Laptops, and Server OUs each with their own GPO
The order of precedence would be the in the following order
Local GPO
Default Domain Policy
IT GPO
IT Desktop GPO
Wouldn't the Local GPO be first then followed by the IT-Desktop GPOs, IT and finally Default Domain Policy...I thought it went most specific to most general.
A bit confused because on page 107 it says Settings in lower-level GPOs override settings in higher GPOs but then they say domain GPOs override lower GPOs in the very next sentence.
I am hoping someone out there has a simple way to think of this. THanks
Aaron
2. Reading the 70-622 book it states that if I had a domain structure like the one below
Forest: hq.contoso.com
OU: Accounting, Finance Human Resouces, IT etc
IT OU split into Desktops, Laptops, and Server OUs each with their own GPO
The order of precedence would be the in the following order
Local GPO
Default Domain Policy
IT GPO
IT Desktop GPO
Wouldn't the Local GPO be first then followed by the IT-Desktop GPOs, IT and finally Default Domain Policy...I thought it went most specific to most general.
A bit confused because on page 107 it says Settings in lower-level GPOs override settings in higher GPOs but then they say domain GPOs override lower GPOs in the very next sentence.
I am hoping someone out there has a simple way to think of this. THanks
Aaron
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for the help
Also remeber enforce is also authorative.