Group Policy Query
pjrouse
Member Posts: 40 ■■□□□□□□□□
Hi Folks,
I've just started on my studies of server 2003 and am using Mike Meyers certification passport as my main study text. I'm currently reading up on Group Policy and something isnt quite clear in the book. I was wondering if anywhere here might clarify?
The query is around permissions on group policy - The paragraphs below are copied verbatim from the book with my queries in between
"Setting Permissions: Another change you might need to make is to modify which people are affected by the policy. While you can try top organize things so all computers in an OU are perfectly matched to their group policy, you might need to exempt some accounts from certain policies."
I presume he means computer (rather than user accounts?)
"In such a case you might need to change the permissions on the group policy object itself. To do this go to the properties of the OU in which the policy was created and click the properties button. A standard windows 2000/2003 User permissions windows is on the security tab. Select a computer (or add one if none is currently present) and in the lower window, look for the apply group policy permission."
This seems to make sense then........
There is then an Exam Tip box with the following information
"Users who have this permission (allow is checked) are subject to the policy. Those who dont (unchecked) have it wont receive the settings in the policy. Those with a Deny are prohibited from applying the policy, even if another group they are in would otherwise give them permission. Microsoft refer to this as filtering the policy"
My confusion arises from the fact that the paragraph prior to this one seems to refer to computer accounts only, yet the exam tip box is clearly referring to user accounts only?
So does group policy apply to users, computers or both in this case?
The final paragraph is as follows:
"Besides the apply permission, users must also have the read permission to access the information in the policy. This makes sense because you cant use information you cant see"
Having not configured GP before (can you tell? ) am i right in thinking that each policy object has it's own permissions tab, which is where you would configure this?
Thanks for reading this far guys and thanks for any help!
Paul
I've just started on my studies of server 2003 and am using Mike Meyers certification passport as my main study text. I'm currently reading up on Group Policy and something isnt quite clear in the book. I was wondering if anywhere here might clarify?
The query is around permissions on group policy - The paragraphs below are copied verbatim from the book with my queries in between
"Setting Permissions: Another change you might need to make is to modify which people are affected by the policy. While you can try top organize things so all computers in an OU are perfectly matched to their group policy, you might need to exempt some accounts from certain policies."
I presume he means computer (rather than user accounts?)
"In such a case you might need to change the permissions on the group policy object itself. To do this go to the properties of the OU in which the policy was created and click the properties button. A standard windows 2000/2003 User permissions windows is on the security tab. Select a computer (or add one if none is currently present) and in the lower window, look for the apply group policy permission."
This seems to make sense then........
There is then an Exam Tip box with the following information
"Users who have this permission (allow is checked) are subject to the policy. Those who dont (unchecked) have it wont receive the settings in the policy. Those with a Deny are prohibited from applying the policy, even if another group they are in would otherwise give them permission. Microsoft refer to this as filtering the policy"
My confusion arises from the fact that the paragraph prior to this one seems to refer to computer accounts only, yet the exam tip box is clearly referring to user accounts only?
So does group policy apply to users, computers or both in this case?
The final paragraph is as follows:
"Besides the apply permission, users must also have the read permission to access the information in the policy. This makes sense because you cant use information you cant see"
Having not configured GP before (can you tell? ) am i right in thinking that each policy object has it's own permissions tab, which is where you would configure this?
Thanks for reading this far guys and thanks for any help!
Paul
VCP5-DCV
MCSE Server 2012
MCITP: Enterprise Administrator - Server 2008
Network+
MCSE Server 2012
MCITP: Enterprise Administrator - Server 2008
Network+