Differences

This shows you the differences between two versions of the page.

--- networking:windows:active_directory:group_policy [2015/06/16 11:04]
gcooper
+++ networking:windows:active_directory:group_policy [2021/03/18 09:07] (current)
gcooper
@@ Line 1: / Line 1: @@
 ====== Windows Group Policy ======
-**Loopback Processing**: http://deployhappiness.com/loopback-policy-how-a-computer-gets-a-transgender-operation
+**Loopback**: http://deployhappiness.com/loopback-policy-how-a-computer-gets-a-transgender-operation
-**Policy or Preference**: http://deployhappiness.com/policy-or-preference/
+**Policy or Preference**: http://deployhappiness.com/policy-or-preference
+===== Applying Group Policies =====
+:!: You must create Active Directory Organizational Units (OUs) to apply group policies against.  You can't apply policies to the built-in AD containers.
+:!: Policies apply to either users or computers.  Loopback processing can make user policies apply to certain computers.
+:!: Group policies often seem not to 'take effect' when you think they should.
+:!: Time plays an underestimated role in the activation or roll-out of group policies.  Test it again in the morning!
+  - Make the policy change on the domain controller
+  - Run ''gpupdate /force'' on domain controller
+  - Run ''gpupdate /force'' on workstation computer
+  - Reboot workstation computer
+  - Test the policy
 ===== Tools =====
@@ Line 14: / Line 30: @@
   * **Start -> Run -> gpedit.msc**
+View resultant policies:
+  * **Start -> Run -> rsop.msc**
+Use the CLI:
+https://mashtips.com/how-to-use-the-group-policy-results-gpresult-exe-command-line-tool/
+<file>
+gpupdate /force
+gpresult /R
+gpresult -H GPResult.html
+</file>
+Check computer group membership:
+<file>
+Get-ADComputer "tucson-svr" -Properties MemberOf
+gpresult /scope computer /v
+net localgroup
+</file>
 ===== Multiple AD Sites =====

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools