Active Directory: group policy precedence

It's important to understand the sequence that group policy uses. I'm creating this video on Server 2008 domain controller, but it could've been done on server 2003 or 2000. Group policies affect all Microsoft operating systems. (2000, xp, vista, 7)
ou=organizational unit
gpo=group policy object
requires a domain controller (active directory)

Group Policy Precedence
1. Computer turns on
2. Local GPOs for the computer
3. Site GPOs for the computer
4. Domain GPOs for the computer
5. OU GPOs for the computer
6. Enforced GPOs for the computer
7. User logs in
8. Local GPOs for the user
9. Site GPOs for the user
10. Domain GPOs for the user
11. OU GPOs for the user
12. Enforced GPOs for the user

Rule A
user policies are more important than computer policies

Rule B
If a policy has Blocked Inheritance, it does not apply.

Rule C
Unless it is enforced. Then it does apply. (More than all others.

Rule D
Unless you deny read permissions to a user/computer for that GPO.

Rule E
You should never give a deny permission.

Rule F
Group policy loopback can make computer GPOs over rule User GPOs
(computer configuration\policies\admin templates\system\group policy\user group policy loopback processing mode)

Rule G
Computer policies are updated every 90-120 minutes after the computer is turned on. User policies are updated every 90-120 minutes after the user logs in.

Rule H
Never get involved in a LAN war in Asia

Providing training videos since last Tuesday.
http://technoblogical.com
Thanks for watching.

Category:

Science & Technology

Tags:

• gpo
• group
• policy
• object
• Microsoft
• windows
• server
• 2008
• 2003
• 2000
• vista
• xp
• active
• directory
• domain
• controller
• ou
• organizational
• unit
• user
• computer
• local
• Blocked
• Inheritance
• Enforced
• GPO
• training
• electronics
• computers
• desktop
• software
• technology
• using
• tutorial

License:

Standard YouTube License