Tag Archive: Group Policy

May 24 2011

RSOP (Resultant Set of Policy)

RSOP

If you are logged into a windows machine and you want to find out what Gr0up Policy settings are applied to your current user and computer session, you can run the RSOP.MSC mmc snap-in.

This snap-in loads all the settings that are applied to your current user  and the computer account and displays them in a single MMC (Microsoft Management Console) window.

When the window loads, it looks very similar to the Group Policy window however the settings are not modifiable and only a subset (those actually applied) are shown.

May 20 2011

Group Policy Loopback Processing

Until recently I hadn’t ever played with loopback processing in group policies. I was having problems with group policies not being applied and found that this setting was enabled. When I looked into it this is what I found.

There are two settings for the Loopback Processing settings (detailed below).

  • Merge Mode
    In this mode, when the user logs on, the user’s list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer’s location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer’s GPOs to have higher precedence than the user’s GPOs. In this example, the list of GPOs for the computer is added to the user’s list.
  • Replace Mode
    In this mode, the user’s list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.

More information can be found at Microsoft support (http://support.microsoft.com/kb/231287).

May 13 2011

Group Policy Order

Group Policy (GP) ordering is not that difficult, but is could be a little confusing to understand when you first look at it.

Group Policies are applied in order from the root of the tree down. This way, a preference setting at a lower layer in the true can override a setting applied at a more “generic” level.

The order of a Policy can be altered, but only within the Organisational Unit for which the GP’s exist. This can be achieved by selecting the Organisational Unit (OU) in question, and then choosing the “Linked Group Policy Objects” tab on the right hand side of the window.

Group Policy Settings

Once this has been selected, you should see the list of Group Policies enabled at this level. You can move these order of application by clicking the arrows on the left hand side of this pane. The application order of policies is from the bottom up. Meaning that an Policy with a link order of 5 will get applied before one with a link order of 1. This can be seen by selecting the “Group Policy Inheritance” button

Group Policy InheritanceHere you will see a total list of all group policies that apply to the respective level in the order of there application.

Official Link: http://technet.microsoft.com/en-us/library/cc778890(WS.10).aspx