Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2012 Group Policies and Policy Management : Understanding Group Policy (part 2) - Group Policy Link Enforcement, Group Policy Inheritance, Group Policy Block Inheritance

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
7/5/2013 5:19:22 PM

8. Group Policy Link Enforcement

Microsoft provides administrators with many ways to manage their infrastructure, including forcing configurations down from the top. GPO link “enforcement,” historically known as No Override, is an option of a GPO link that can be set to ensure that the settings in a particular policy will be applied and maintained even if another GPO has the same setting configured with a different value. GPO link enforcement is shown in Figure 2.

Image

Figure 2. Group policy link enforcement.

Because this might result in undesired functionality or a different level of security than what is required to run a particular service or application or manage a system, exercise caution when using this function. Before enabling GPO enforcement on any policy, carefully research and test to ensure that this will not break any functionality or violate an organization’s IT or regulatory policy.

9. Group Policy Inheritance

GPOs can be linked at the site, domain, and multiple OU levels. When an Active Directory infrastructure contains GPOs linked at the domain level, for example, every container and OU beneath the domain root container inherits any linked policies. As a default example, the Domain Controllers OU inherits the default domain policy from the domain.

GPO inheritance enables administrators to set a common base policy across an Active Directory infrastructure while allowing other administrators to apply more granular policies at a lower level that apply to subsets of users or computers. As an example of this, a GPO can be created and linked at the domain level that restricts all users from running Windows Update, while an OU representing a branch office in the domain can have a GPO linked that enables the branch office desktop administrators security group to run Windows Update.

GPO links inherited from parent containers are processed before GPO links at the container itself, and the last applied policy setting value is the resulting value, if multiple GPOs have the same configured setting with different values. This Group Policy inheritance is also known as GPO precedence, and is shown in Figure 3.

Image

Figure 3. Group Policy inheritance.

One important point to note: Group Policy processing will start with the highest number in the precedence order and the policy with the precedence of 1 will be processed last to ensure that the settings in that policy are applied and not overwritten. In the example shown in Figure 3, the enforced policy from the domain is processed last.

10. Group Policy Block Inheritance

Just as GPOs can be inherited, Active Directory also provides the option to block inheritance, as shown in Figure 4, of all GPOs from parent containers. Figure 4 should be compared to Figure 3 to show which policies are no longer blocked, but the parent policy that is enforced is still allowed. So, administrators who are granted the rights to manage group policy links on particular organizational units may decide to block inheritance, but if policies are enforced at a parent organizational unit or the domain, they will still be applied.

Image

Figure 5. Group Policy Block Inheritance.

Block Inheritance is actually an option applied to an Active Directory domain or organizational unit within the Group Policy Management Console and not on an actual policy. The Block Inheritance option can be useful if the container contains users/computer objects that are very security sensitive or business critical. As an example of this option in use, an OU can be created to contain the Remote Desktop Services host systems, which would not function correctly if domain-level GPOs were applied. The OU can be configured to block inheritance to ensure that only the policies linked to the particular OU were applied. If GPOs need to be applied to this container, links would need to be created at that particular container level, or the GPO link from the parent container would need to be enforced, which would override the Block Inheritance setting, as shown in Figure 4.

Other -----------------
- Windows Server 2012 Group Policies and Policy Management : Local Group Policies, Domain-Based Group Policies
- Windows Server 2012 Group Policies and Policy Management - Group Policy Processing: How Does It Work?
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 4) - IDOC Deep Dive, Building a BizTalk application — Sending IDOC
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 3) - IDOC schema generation
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 2) - WCF-SAP Adapter vs WCF Customer Adapter with SAP binding
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 1) - SAP Prerequisite DLLs
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - Getting to Know the Look and Feel of OWA 2007
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - Logging On to OWA 2007
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - What’s New in OWA 2007?
- SQL Server 2012 : Data Architecture (part 2) - Smart Database Design
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server