Differences

This shows you the differences between two versions of the page.

--- networking:windows:active_directory:group_policy [2015/06/16 11:07]
gcooper
+++ networking:windows:active_directory:group_policy [2021/03/18 09:07] (current)
gcooper
@@ Line 7: / Line 7: @@
 ===== Applying Group Policies =====
-FIXME Still learning this stuff...
+:!: You must create Active Directory Organizational Units (OUs) to apply group policies against.  You can't apply policies to the built-in AD containers.
-  - Make the policy change
+:!: Policies apply to either users or computers.  Loopback processing can make user policies apply to certain computers.
+:!: Group policies often seem not to 'take effect' when you think they should.
+:!: Time plays an underestimated role in the activation or roll-out of group policies.  Test it again in the morning!
+  - Make the policy change on the domain controller
   - Run ''gpupdate /force'' on domain controller
   - Run ''gpupdate /force'' on workstation computer
   - Reboot workstation computer
+  - Test the policy
 ===== Tools =====
@@ Line 23: / Line 30: @@
   * **Start -> Run -> gpedit.msc**
+View resultant policies:
+  * **Start -> Run -> rsop.msc**
+Use the CLI:
+https://mashtips.com/how-to-use-the-group-policy-results-gpresult-exe-command-line-tool/
+<file>
+gpupdate /force
+gpresult /R
+gpresult -H GPResult.html
+</file>
+Check computer group membership:
+<file>
+Get-ADComputer "tucson-svr" -Properties MemberOf
+gpresult /scope computer /v
+net localgroup
+</file>
 ===== Multiple AD Sites =====

Virtual Architects Support Wiki