Indicating GPO Processing Exceptions
As discussed in Lesson 1, GPOs are applied according to the Active Directory hierar-chy: local GPO, site GPOs, domain GPOs, and OU GPOs. However, the default order of processing Group Policy settings can be changed by modifying the order of GPOs for an object, specifying the Block Policy Inheritance option, specifying the No Override option, or by enabling the Loopback setting. This section provides procedures for accomplishing these tasks.
To modify the order of GPOs for an object, complete the following steps:
1.Open the Active Directory Users And Computers console to set the order of GPOs for a domain or OU, or open the Active Directory Sites And Services console to set the order of GPOs for a site.
2.In the console, right-click the site, domain, or OU for which you want to modify the GPO order, click Properties, and then click the Group Policy tab.
In the Properties dialog box for the object, in the Group Policy tab, shown in Figure 10-17, select the GPO for which you want to modify the order in the Group Policy Object Links list. Click the Up button or the Down button to change the priority for the GPO for this site, domain, or OU. Windows Server 2003 processes GPOs from the bottom of the list to the top of the list, with the topmost GPO having the final authority.
To enable the Loopback setting, complete the following steps:
1.Access the Group Policy Object Editor for the GPO.
2.In the console tree, expand Computer Configuration,CompTIA A+ certification,System, and Group Policy.
3.In the Setting pane, double-click User Group Policy Loopback Processing Mode.
4.In the User Group Policy Loopback Processing Mode Properties dialog box, click Enabled.
5.Select one of the following modes in the Mode list:
Replace, to replace the user settings normally applied to the user with the user settings defined in the computer’s GPOs.
Merge, to combine the user settings defined in the computer’s GPOs with the user settings normally applied to the user. If the settings conflict, the user settings in the computer’s GPOs take precedence over the user’s normal settings.
6.Click OK.
You link a GPO to the humongous.com domain, but that policy isn’t inherited by the east.humongous.com or west.humongous.com domains. Why is this happen?ing and how can you make it apply to those two domains?
GPOs linked to one domain aren’t inherited by other domains. The only way to affect multiple domains with a single GPO is to link the GPO to a site that includes the resources of multiple domains. Since sites and domains are independent entities, you could only be sure that a GPO linked to the site applies to the computer and user accounts that are part of the site. At Humongous Insurance, each domain’s resources are configured in three different sites. The only way to have a single GPO apply to the resources of multiple domains is to link the free practice exam questions policy to all three domains (or all three sites).
Processing your request, Please wait....
