Home > Ask the Windows Experts > Active Directory Questions & Answers > Active Directory Group Policy Objects (GPO) basics
Ask The Win IT Expert: Questions & Answers
EMAIL THIS

Active Directory Group Policy Objects (GPO) basics

Laura Hunter EXPERT RESPONSE FROM: Laura Hunter

Pose a Question
Other Win IT Categories
Meet all Win IT Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 15 September 2005

I am VERY inexperienced with Active Directory, but am in a position where I need to evaluate certain areas of security and policies in a new implementation. I am having a hard time understanding how the GPOs are used, how they are pushed down to various sub domains (if they are pushed down at all), and how GPOs affect member servers.

Let me give you some background so this makes sense. There is the root domain, 6 sub domains (A, B, C, D, E, F) and 4 sub domains (1, 2, 3, 4) under domain C.

I was told that domains A-F each have their own GPO, and that domains 1-4 use the GPO in domain C. I was also told that the root domain has a default GPO. How do GPOs work when there are different policies at different levels? Does one get priority? Is there a setting I can check to see which gets applied?

Also, how do member servers in domains 1-4 work? Do they get the same password and audit settings as dictated in domain C or can they be setup differently?

Again, any help on this (or extra advice you want to just throw in) is GREATLY appreciated.


>
EXPERT RESPONSE

Group Policy objects are applied in the following order – Local machine policies are applied first, followed by Site policies, followed by Domain policies, followed by policies applied to individual Organizational units. A user or computer object can only belong to a single site and a single domain at any one time, so they will receive only those GPOs that are linked to that site or domain. In your example, objects in Domain C will receive any Group Policies that are linked to Domain C. Domain C's child domains will not "inherit" those Group Policies by default, you would need to either create a separate Group Policy for the child domains, or else you can manually link the same GPO to multiple domains.

There are a number of excellent online and print resources on Group Policy, including books by Jeremy Moskowitz, Darren Mar-Elia, and myself. Check out the following links for more information:

GPanswers.com
GPOguy.com
APress.com


Sound Off! -   Be the first to post a message to Sound Off!


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsWebcastsWhite PapersIT DownloadsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 1999 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts