Home
Certification Preparation
Microsoft
MCSA / MCSE on Windows 2003 General
AD Infra 70-294
Site Policy
cbriant
Hi,
I'm taking the 294 exam tomorrow and have heard that there will be a lot of questions on group policy so I am really going to focus on that today.
One question that I have is, what would be an advantage of linking a GPO to a site as opposed to an OU which represents a site? At work we only apply site policies for setting the WSUS update location so I don't really understand the advantages of site policies.
Chris.
Find more posts tagged with
Comments
astorrs
Let me give you an example. You have two offices, London and New York and each office has a nice big pipe to the Internet with a local proxy server, but only a small WAN link between the two offices (if you said "why don't they use a VPN?" - they're paranoid - go away).
Users occasionally travel between the two offices but they bring all their files with them (no need to access their home directories on the other side of "the pond"). While they're in the other office they spend a heck of a lot of time on YouTube. You could therefore apply a GPO to a Site that set the proxy URL for any clients located at that site to the local proxy server to prevent Internet traffic from crossing over that measly 128k WAN link.
I agree they're rare and what you're doing with the WSUS policies is another common use of them.
Oh and good luck with 294!
cbriant
One thing that confuses me a little bit is how the GPO applies when linked to a site. Linking to domain or OU makes sence as those containers in ADUC contain computer and user objects, but linking to a site in sites and services seems a bit wierd as it doesn't contain the user or computer objects.
I guess that a site GPO must apply to any users or computers that belong to that site, i.e belong to the same subnet. Am I right in thinking this?
Chris.
dave0212
Hi Chris
You are correct
The subnets you create in Sites and Services control site membership.
astorrs
Yup, and as for application of the GPOs, they are always applied following "SDOU" (site, domain, OU). So a setting in a GPO linked at either the domain or OU level would overwrite one set at the site level.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of