Group Policy Question

mininday

I have a question regarding Group Policy objects used in Active Directory. By default when you create a new GPO for an OU, domain or whatever, Authenticated users are the only group that the GPO applies to. From my reading, when you make adjustments to 'Computer Settings' within a GPO, the settings are applied when the system starts up, but this is where my question arises.

How can computer settings be applied at startup, if only authenticated users can have the settings be applied? If you want the settings to be applied pre-login of authenticated users, do you have to add the computer account to the Security Filtering section of 'Group Policy Management'?

theseman

An interesting fact: 'Authenticated Users' actually include computer accounts that are authenticated with a DC. So they are included with this group.

Hopefully this clears this up.

-Travis

mininday

"An interesting fact: 'Authenticated Users' actually include computer accounts that are authenticated with a DC. So they are included with this group. "

Ahhhhh....makes more sense now. So, authenticated users includes the following:

All Domain User Accounts
All Domain Computer/Server Accounts

theseman

mininday wrote:

"An interesting fact: 'Authenticated Users' actually include computer accounts that are authenticated with a DC. So they are included with this group. "

Ahhhhh....makes more sense now. So, authenticated users includes the following:

All Domain User Accounts
All Domain Computer/Server Accounts

As long as they have been Authenticated to a DC, then yes, you got it.

-Travis

sprkymrk

On a related note, did you know that computer accounts have passwords just like user accounts? Yup - and they get changed every 30 days by default. They also meet complexity requirements.