A
A.J. Fried
Some of the security settings that can be set via a GPO have values that
are lists of users or groups EG - Computer Configuration | Windows Settings
| Security Settings | Local Policies | User Rights Assignments | Deny
access to this computer from the network.
Imagine a computer in OU1 \ OU2 (OU2 is a child of OU1) where OU1 has a GPO
that says "deny access to this computer from the network for group A and
group B" and then OU2 says ""deny access to this computer from the network
for group C and group D". I would expect the effective setting show all
four groups. However, it seems that as with regular on\off settings, one
GPO overrides the other. This makes sense for on\off settings - it can
only be on or off, but for a list, this is causing me problems. I would
expect there to be some sort of inheritance as with, say, NTFS permissions.
Has anyone had any experience with this topic? Am I missing something?
Thanks.
--> A.J. Fried
are lists of users or groups EG - Computer Configuration | Windows Settings
| Security Settings | Local Policies | User Rights Assignments | Deny
access to this computer from the network.
Imagine a computer in OU1 \ OU2 (OU2 is a child of OU1) where OU1 has a GPO
that says "deny access to this computer from the network for group A and
group B" and then OU2 says ""deny access to this computer from the network
for group C and group D". I would expect the effective setting show all
four groups. However, it seems that as with regular on\off settings, one
GPO overrides the other. This makes sense for on\off settings - it can
only be on or off, but for a list, this is causing me problems. I would
expect there to be some sort of inheritance as with, say, NTFS permissions.
Has anyone had any experience with this topic? Am I missing something?
Thanks.
--> A.J. Fried