tailieunhanh - The Best Damn Windows Server 2003 Book Period- P61

The Best Damn Windows Server 2003 Book Period- P61:The latest incarnation of Microsoft’s server product,Windows Server 2003, brings many new features and improvements that make the network administrator’s job chapter will briefly summarize what’s new in 2003 and introduce you to the four members of the Windows Server 2003 family: the Web Edition, the Standard Edition, the Enterprise Edition, and the Datacenter Edition. | 566 Chapter 17 Working with Group Policy in an Active Directory Environment Figure details the order in which multiple policies are applied when a user object logs on to the domain. In the diagram the user object exists in the OU 4 OU which is in the OU 3 OU of Domain 1 of Site. When the user logs on the local policy of the computer is applied followed by any GPOs attached to Site then Domain 1 then OU 3 and finally OU 4. Figure Processing Policy Settings at User Logon Site Computer Local Policy Site Policy Domain 1 OU 3 Policy OU 4 OU 4 Policy User Understanding Policy Inheritance We saw in Figure that when the user logged on policies from the Site Domain and OUs were applied to the user object. The example indicated that any policies associated with OU 3 would be applied before the policies in OU policy inheritance the policies in OU 3 will apply to all objects in OU 3 OU 4 OU 5 and OU 6 even if no specific policies are assigned to OU4 OU5 or OU6. Objects in child containers generally inherit policies from the parent containers within a domain. If a policy setting is enabled in OU 3 and that same policy setting is not configured in OU 4 then objects in OU 4 inherit the policy setting from OU 3. If a policy setting is disabled in OU 3 but that same policy setting is enabled in OU 4 then the policy setting is enabled in OU 4 as the GPO for OU 4 overrides policy settings from OU is the way it works by default. However administrators can block inheritance on group policy settings at the OU level. If you want to start with a clean slate at a particular OU you can use the Block Policy Inheritance setting at that OU and only the settings in the GPO for that OU will apply to objects in the OU. Blocking policy inheritance does not impact local computer policy settings only Active Directory group policy settings. In addition policies set at a higher container can be marked as No Override which prevents any lower container settings from .