I
Ihab Abedrabbo
Hi
General Knowlwdge/Basic Question
I get confused between:
1: BLOCK POLICY INHERITANCE
2: NO OVERRIDE option of a GPO
3: PRIORITY (When 2 or more GPOs are applied on the same
OU)
I have a domain called AQ. This AQ domain has an
Organizational Unit OU called ClientsOU where specific
client computer accounts and user accounts reside.
I configured my DEFAULT DOMAIN POLICY GPO linked to the
whole domain with a simple GPO for testing. I only changed
the settings found on:
COMPUTER CONFIGURATION
ADMINISTRATIVE TEMPLATES
WINDOWS COMPONENTS
WINDOWS INSTALLER
ALWAYS INSTALL WITH ELEVATED PRIVILAGES to (ENABLED)
The rest of the GPO is left untouched (NOT CONFIGURED)
On the ClientsOU instead, I added another GPO called
ClientsOUGPO, where I configured only the following item:
COMPUTER CONFIGURATION
ADMINISTRATIVE TEMPLATES
WINDOWS COMPONENTS
WINDOWS INSTALLER
ENABLE USER CONTROL OVER INSTALLS to (ENABLED).
Question(s):
1: Does that mean that the resultant configuration on
computers in the ClientsOU get BOTH settings enabled?
In other words, the
ENABLE USER CONTROL OVER INSTALLS (NOT CONFIGURED) of the
domain becomes (ENABLED) on the client PCs, and also
ALWAYS INSTALL WITH ELEVATED PRIVILAGES becomes (ENABLED)
too?
2: If I check the BLOCK POLICY ENHERITANCE on the
properties of ClientsOU, does that mean that I won't get
ANY configuration from the DEFAULT DOMAIN POLICY settings?
Meaning, will I only get :
ENABLE USER CONTROL OVER INSTALLS set to (ENABLED) while
the rest remain set to (NOT CONFIGURED)?
3: The priority I believe is connected to two ore more
conflicting settings, and that the highest GPO set on an
OU wins the battle, right?
4: And finally, If I have 2 or more GPOs linked to the
same OU, the resultant Computer/User settings would be the
SUM of all GPOs' settings, but of course, with exception
to conflicting settings of the same items where the
highest GPO gets applied! RIGHT?
Thanks a lot.
Ihab
General Knowlwdge/Basic Question
I get confused between:
1: BLOCK POLICY INHERITANCE
2: NO OVERRIDE option of a GPO
3: PRIORITY (When 2 or more GPOs are applied on the same
OU)
I have a domain called AQ. This AQ domain has an
Organizational Unit OU called ClientsOU where specific
client computer accounts and user accounts reside.
I configured my DEFAULT DOMAIN POLICY GPO linked to the
whole domain with a simple GPO for testing. I only changed
the settings found on:
COMPUTER CONFIGURATION
ADMINISTRATIVE TEMPLATES
WINDOWS COMPONENTS
WINDOWS INSTALLER
ALWAYS INSTALL WITH ELEVATED PRIVILAGES to (ENABLED)
The rest of the GPO is left untouched (NOT CONFIGURED)
On the ClientsOU instead, I added another GPO called
ClientsOUGPO, where I configured only the following item:
COMPUTER CONFIGURATION
ADMINISTRATIVE TEMPLATES
WINDOWS COMPONENTS
WINDOWS INSTALLER
ENABLE USER CONTROL OVER INSTALLS to (ENABLED).
Question(s):
1: Does that mean that the resultant configuration on
computers in the ClientsOU get BOTH settings enabled?
In other words, the
ENABLE USER CONTROL OVER INSTALLS (NOT CONFIGURED) of the
domain becomes (ENABLED) on the client PCs, and also
ALWAYS INSTALL WITH ELEVATED PRIVILAGES becomes (ENABLED)
too?
2: If I check the BLOCK POLICY ENHERITANCE on the
properties of ClientsOU, does that mean that I won't get
ANY configuration from the DEFAULT DOMAIN POLICY settings?
Meaning, will I only get :
ENABLE USER CONTROL OVER INSTALLS set to (ENABLED) while
the rest remain set to (NOT CONFIGURED)?
3: The priority I believe is connected to two ore more
conflicting settings, and that the highest GPO set on an
OU wins the battle, right?
4: And finally, If I have 2 or more GPOs linked to the
same OU, the resultant Computer/User settings would be the
SUM of all GPOs' settings, but of course, with exception
to conflicting settings of the same items where the
highest GPO gets applied! RIGHT?
Thanks a lot.
Ihab