Confusion regarding Group Policy

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi,

I thought this a good a place as any to ask. I inherited an Active Directory when I started this job, one server, one domain, one forest, etc. Windows Server 2003 Standard.

There is a default domain policy, which has various settings set, including client side targetting to our WSUS machine; an account lockout policy of 5 failed attempts, and locked out for 5 mins; and a screensaver to come on after 30 mins.

I have an organisational unit, called 2nd floor.

I want to attach another policy which sets the screensaver to come on after 5 mins, so I create another policy in that 2nd floor organisational unit called "Screensaver", and set those settings. But what I also want to do is have all the other settings that I have stored in the default domain policy (which I have already linked using "link an existing GPO") applied also.

What I want to know is how to go about it. If I set the precedence in Link Order to ScreenSaver first, and Default Domain Policy second, then does it carry the other elements of the default domain policy such as the client side targetting and the account lockout policy also, or do I have to duplicate it in the "Screensaver" policy.

Hey, this is almost like a proper exam scenario

Hope this makes sense!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

LSDO acronym is your friend, Group policies apply in that order Local Site Domain OU, So in your case the screensaver policy that is part of the default domain policy will be processed first then overwritten with the screensaver policy created at the OU level (unless you have enforced or blocked policies mudding the water) any previous clashing settings will be overwritten by the subsequent policy executions. From what you say I would leave the link order alone and just test it out and make sure it does what you expect it too.

 

Thanks Dale. I just realised I could run a GPResult and find out.

I knew about the LDSO, but I always thought it was a case of: Local is applied strongest, and then ignores the others, rather than the other way around. That's actually made life a lot easier!