Workstations check with Active Directory every 60 to 120 minutes to see if there are any new policies. If there are, then the workstations apply them - both user and machine policies.
If you are using group policies, local policy is always processed before site, domain, or OU group policies
Policies are reapplied every 90 minutes, with a 30-minute "randomization" to keep the domain controller from getting hit by many computers at once
Policies on DCs are refreshed every 5 minutes
Order in which policies are applied: local > site > domain > OU
If multiple GPOs attempt to set a setting to conflicting values, the GPO with the highest precedence sets the setting
GPO-links that are enforced cannot be blocked from the parent container
---------------------------------------------------
Managing inheritence of Group Policy:
http://technet2.microsoft.com/windowsserver/en/library/212eb1fd-11f4-465f-b243-73e542d06b2c1033.mspx?mfr=true
Referenced from "Mastering Windows Server 2003" by Mark Minasi
No comments:
Post a Comment