Site Policy

cbriantcbriant Member Posts: 59 ■■□□□□□□□□

I'm taking the 294 exam tomorrow and have heard that there will be a lot of questions on group policy so I am really going to focus on that today.

One question that I have is, what would be an advantage of linking a GPO to a site as opposed to an OU which represents a site? At work we only apply site policies for setting the WSUS update location so I don't really understand the advantages of site policies.



  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Let me give you an example. You have two offices, London and New York and each office has a nice big pipe to the Internet with a local proxy server, but only a small WAN link between the two offices (if you said "why don't they use a VPN?" - they're paranoid - go away).

    Users occasionally travel between the two offices but they bring all their files with them (no need to access their home directories on the other side of "the pond"). While they're in the other office they spend a heck of a lot of time on YouTube. You could therefore apply a GPO to a Site that set the proxy URL for any clients located at that site to the local proxy server to prevent Internet traffic from crossing over that measly 128k WAN link.

    I agree they're rare and what you're doing with the WSUS policies is another common use of them.

    Oh and good luck with 294! :D
  • cbriantcbriant Member Posts: 59 ■■□□□□□□□□
    One thing that confuses me a little bit is how the GPO applies when linked to a site. Linking to domain or OU makes sence as those containers in ADUC contain computer and user objects, but linking to a site in sites and services seems a bit wierd as it doesn't contain the user or computer objects.

    I guess that a site GPO must apply to any users or computers that belong to that site, i.e belong to the same subnet. Am I right in thinking this?

  • dave0212dave0212 Member Posts: 287
    Hi Chris

    You are correct

    The subnets you create in Sites and Services control site membership.
    This week I have achieved unprecedented levels of unverifiable productivity

    Working on
    Learning Python and OSCP
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Yup, and as for application of the GPOs, they are always applied following "SDOU" (site, domain, OU). So a setting in a GPO linked at either the domain or OU level would overwrite one set at the site level.
Sign In or Register to comment.