Options
GPO precedence inheritance
poguy
Member Posts: 91 ■■□□□□□□□□
Jane is the network administrator for a company whose AD DS forest includes a
domain tree called que.org with child domains named calif.que.org, ariz.que.org, and
texas.que.org. In the California domain, there is an OU named Sales. This OU contains
a user named Don Smith. Jane has implemented several GPOs within the domain,
including the following:
.Site Group Policy—The wallpaper is set to Green. Task Manager is disabled.
.Domain Group Policy—The Display Properties tab is disabled. (Enforced setting
is selected.) Task Manager is not disabled.
.OU1 Policy—The wallpaper is set to Red. The Display Properties tab is enabled.
(Block Inheritance is set to On.)
.OU2 Policy—The wallpaper is set to Blue.
The OU policies are set in the order of OU1 being on top and OU2 being on the bottom
of the application order list. What is the resultant set of policies?
solution:
Don logs on and his wallpaper is red. Task Manager is not disabled. Display
Properties is disabled.
How come wallpaper is RED?? I think it should be BLUE!!!
is it??
domain tree called que.org with child domains named calif.que.org, ariz.que.org, and
texas.que.org. In the California domain, there is an OU named Sales. This OU contains
a user named Don Smith. Jane has implemented several GPOs within the domain,
including the following:
.Site Group Policy—The wallpaper is set to Green. Task Manager is disabled.
.Domain Group Policy—The Display Properties tab is disabled. (Enforced setting
is selected.) Task Manager is not disabled.
.OU1 Policy—The wallpaper is set to Red. The Display Properties tab is enabled.
(Block Inheritance is set to On.)
.OU2 Policy—The wallpaper is set to Blue.
The OU policies are set in the order of OU1 being on top and OU2 being on the bottom
of the application order list. What is the resultant set of policies?
solution:
Don logs on and his wallpaper is red. Task Manager is not disabled. Display
Properties is disabled.
How come wallpaper is RED?? I think it should be BLUE!!!
is it??
Comments
-
Optionspoguy
Member Posts: 91 ■■□□□□□□□□
Jane is the network administrator for a company whose AD DS forest includes a
domain tree called que.org with child domains named calif.que.org, ariz.que.org, and
texas.que.org. In the California domain, there is an OU named Sales. This OU contains
a user named Don Smith. Jane has implemented several GPOs within the domain,
including the following:
.Site Group Policy—The wallpaper is set to Green. Task Manager is disabled.
.Domain Group Policy—The Display Properties tab is disabled. (Enforced setting
is selected.) Task Manager is not disabled.
.OU1 Policy—The wallpaper is set to Red. The Display Properties tab is enabled.
(Block Inheritance is set to On.)
.OU2 Policy—The wallpaper is set to Blue.
The OU policies are set in the order of OU1 being on top and OU2 being on the bottom
of the application order list. What is the resultant set of policies?
solution:
Don logs on and his wallpaper is red. Task Manager is not disabled. Display
Properties is disabled.
How come wallpaper is RED?? I think it should be BLUE!!!
is it??
anyone? or you think it should be blue too? -
Options
genXrcist
Member Posts: 531
Red Wallpaper OU2 is not a Child OU, thus no inheritance. If there are two GPO's applied to the same OU (say, OU1) then the one with precedence wins. OU1 must have precedence.
Remember that a User object cannot reside in two seperate OU's and it doesn't say Don Smith is in a child OU named Sales.1) CCNP Goal: by August 2012 -
Options
astorrs
Member Posts: 3,139 ■■■■■■□□□□
Wallpaper is red because: .OU1 Policy is set to the highest precedence (#1 position, top of the list). When multiple GPOs are linked to the same object the GPOs are processed from the bottom up; therefore the GPOs higher in the list are processed last (this is what gives them a higher precedence).
Task Manager is not disabled because: Block Inheritance set on the OU thereby preventing any application of .Site Group Policy (and even if it had been applied it would have been overridden by the setting in .Domain Group Policy)
Display Properties is disabled because: .Domain Group Policy disabled it and the Enforced (aka No Override) setting prevents later GPOs from replacing it. Although .OU1 Policy has Block Inheritance enabled, Enforced takes precedence over Block Inheritance. -
Options
jojopramos
Member Posts: 415
astorrs explained it well....
Wallpaper is Red - OU1 takes the highest precedence.. (Always remember that OU1 and OU2 Policy that stated here is the policy in order for a certain OU to be applied and not the OU (container) itself.)
Task Manager is not disabled - as set in the domain policy... (remember GPO processing order... local machine , site, domain OU, child OU)
Display Properties is disabled because domain group policy has enforced applied (no override)...