Options

Group Policy: User or Computer configuration?

w^rl0rdw^rl0rd Member Posts: 329
in Server 70-290
Which one takes precedence, the user or computer configuration in a GPO?

Lets say that I have a computer in the Computers OU and a user in the Users OU. What if the user in the Users OU logs onto a computer in the Computers OU and both OUs have different GPOs.

Which one wins?
· Share on FacebookShare on Twitter

Comments

  • Options
    elover_jmelover_jm Member Posts: 349
    w^rl0rd wrote:
    Which one takes precedence, the user or computer configuration in a GPO?

    Lets say that I have a computer in the Computers OU and a user in the Users OU. What if the user in the Users OU logs onto a computer in the Computers OU and both OUs have different GPOs.

    Which one wins?

    the answer would be Computer configuration.......User config only apply to local or domain users....while computer config is lock to the machine itself......
    stonecold26.jpg
    · Share on FacebookShare on Twitter
  • Options
    sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    If you search for "Order of Events in startup and logon" in Start > Help and Support Center you'll find the following:
    Step 3 - Computer policy is applied. These are the settings under Computer Configuration from the gathered list. This is synchronous by default and in the following order: local, site, domain, organizational unit, child organizational unit, and so on. No user interface appears while computer policies are processed.

    Step 8 - User policy is applied. These are the settings under User Configuration from the gathered list. This is synchronous by default and in the following order: local, site, domain, organizational unit, child organizational unit, and so on. No user interface appears while user policies are processed.

    However, this can be modified by using User Group Policy loopback processing mode in the Computer Configuration settings. Using Loopback with Replace the Group Policy object list for the user is replaced by the Group Policy object list for the computer.
    In Loopback with Merge the Group Policy object list is merged. The Group Policy object list that is obtained for the computer is applied later, and therefore it has precedence if it conflicts with settings in the user's list.

    As a final note however, it should be noted that anything you set in the Computer Settings policies ONLY apply to computers, while only USERS are affected by settings in the User policies. It is only in the case of a conflict that you need to worry about "who wins".
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • Options
    agustinchernitskyagustinchernitsky Member Posts: 299
    As sprkymrk says,

    First the Computer GPO gets applied and then the User GPO.

    Loopback processing mode forces the Computer GPO over the user GPO (if in replace mode)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.