Question about GPOs

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

There's a review question in a book I am reading. The answer doesn't make sense to me and I'm wondering if it's a misprint. Can I post the question and answer here? Is that allowed?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Well I won't post the question and answer, But I'll just ask my own based on it.

If you have a group of systems in an OU, you configure local policies on each of the systems, and all the the GPOs are configured with the No Override option, which policies would take over if there was a conflict?

The no override option prevents lower level GPs from overriding higher level GPs correct?
So if this was the case wouldn't the OU policy win out?

It goes Local, site, domain, and OU correct?

 

Firstly, it's not permitted to post actual content from study guides due to copyright limitations, so thanks for taking the time to formulate your own question.

Yes the OU policy is senior in the hierachy and processed after the local policies and therefore the local policies will inherit the settings. I don't believe you can set a local policy as no overide, because there isn't anything 'lower' in the hierachry (chain) to inherit the settings.

yes L-S-D-OU OU OU

 

Thanks Blurinse
So if you had a marketing OU within a domain test.com. And you placed that domain within a site called corporate. Then the site would be the top level?

 

I think you are confusing the terms site and domain.

A site, once defined in AD Sites and services, is a collection of computers and servers (domain controllers etc) and other devices connected by a fast network, typically a building with a local area network (LAN).

A domain is a security boundary, all account policies are set at the domain level. The domain is the top of the tree.

A domain can be split across many different sites, such as London, Birmingham, Leeds for example.

 

Hrm, This book says a site is a collection of domains. It didn't make sense to me either. The question is what's confusing me... I think, or maybe I just don't know lol.
Alright let me ask another question.
Alright You have an AD structure that consists of a domain test.com, which is part of a site called corporate.
Within it there's an OU, lets call it marketing, each computer withing marketing has a local policy. All gpos were configured with no override. Based on this which policy would win?

Does the question I just asked even make sense? Because as you said a site is a collection of servers etc within a domain correct?

So what would happen to the domain GP if you applied a GP to a site that contained All of your domain controllers?

 

Damn it's hard to explain in a couple of paragraphs, which probably explains why people write *books* on this stuff

 

One of the books that helped me to understand GPOs when I studying MS stuff was the one below. I had an early edition of this book that only covered Win2K, but if this release is anywhere nearly as good as the first one was I'd highly recommend this for anyone struggling with GPOs. It was far and away the best resource I found for understanding them.

http://www.amazon.com/Profiles-Inte...4470/ref=pd_sim_b_title_3/102-0406682-2069708

 

You can also find the book "windows server 2003 pocket administrator" very helpful in this regards. It would give you a concise picture and definition of GPO's, sites, domain and domain controllers etc. Cheerio and best wishes

 

Thanks everyone, well my 270 is on tuesday so no time to order another book. But I think I understand now.
It all depends on the situation.
I'll have to be extra careful on the scenario for the GPO questions.
So if the question states that you have a domain, and that domain is completely contained within a site, the GPO configured at that site would be in control based on the question's scenario.