Logo

Group Policy Processing Order

In your domain you are more than likely going to have multiple Group Policies applied at different levels throughout your domain. This videos looks at which order the Group Polices will be applied in when multiple Group Policies are in use.

Show lesson content
Processing Order
The order that Group Policy is applied in is: Local, Site, Domain, and OU. A Group Policy has the ability to overwrite any settings that were applied before. For this reason, the local Group Policy is the weakest of the Group Policies since all Group Policies at the site, domain and OU are free to overwrite any settings configured by the local Group Policy. You could also say that the OU’s Group Policy is the highest priority or strongest Group Policy as it can over write local, site and domain Group Policy settings. Sub OU’s are applied after the parent OU so the child OU has priority over the parent OU.

Demonstration
To edit the local Group Policy on a computer, run “Edit Group Policy” from the start menu.
To edit Group Policy at the domain level run “Group Policy Management”. If you are using a client operating system the GPMC will need to be download and installed. It is available from the Microsoft web site.

Using the GPMC you can configured a Group Policy by right clicking on an OU and selecting “Create a GPO in this domain, and link it here”. A Group Policy Object can also be created in Group Policy Objects, however it will be essentially inactive until it is linked to an OU.

If want to link a Group Policy Object at the site level, the Group Policy first needs to be created under Group Policy Objects. Once it is created you next need to right click “sites” and select the option “show sites”. This will allow you to choose which sites will be visible in the GPMC. Once the site is visible, right click it and select the option “Link an Existing GPO”.

Settings used in this video

User Configuration\Polices\Administrative Templates\Desktop\Desktop\Desktop Wallpaper

User Configuration\ Polices\Administrative Templates\Desktop\Remove Recycle Bin icon from desktop

Computer Configuration\Polices\Windows Settings\Internet Explorer Maintenance\connection\Proxy Settings

User Configuration\ Polices\Administrative Templates\Control Panel\Prohibit access to the Control Panel

References
“MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition” pg 280-282
“Group Policy Management Console with Service Pack 1” http://www.microsoft.com/en-us/download/details.aspx?id=21895

Credits

Lesson tags: 70-640-active-directory
Back to: 70-640 Introduction to Active Directory > Group Policy

Active Directory is a system which offers centralized control of your computers.

Modules

Active Directory Infrastructure

Lessons

Group Policy

Lessons