Question About User Versus Machine Portion Of A GPO

  • Thread starter Thread starter Richard Huelbig
  • Start date Start date
R

Richard Huelbig

I'm just getting my feet wet with GPOs so forgive me if this seems too
obvious.

Here's my understanding of the user versus machine portions of a GPO:

1) The settings that are under the user portion are applied when a user log
in.
2) The settings that are under the machine portion are applied when a
computer is powered on.

So, now come the scenarios and associated questions.

Scenario: I create an OU and for that OU I create a GPO that has some policy
settings under the machine portion.
Question: Will the GPO that I link to the OU only affect computers that I
place in the OU?
Question: Will there be any affect on the users that I place in this OU?

Scenario: I create an OU and for that OU I create a GPO that has some policy
settings under the user portion.
Question: Will the GPO that I link to the OU only affect users that I place
in the OU?
Question: Will there be any affect on the computers that I place in this OU?

Thanks for any input.

Regards,

Richard Huelbig
 
Richard Huelbig said:
I'm just getting my feet wet with GPOs so forgive me if this seems too
obvious.

Here's my understanding of the user versus machine portions of a GPO:

1) The settings that are under the user portion are applied when a user log
in.
2) The settings that are under the machine portion are applied when a
computer is powered on.
Policies also refresh every 90 minutes plus and offset of I think 30 minutes
(this can be changed) so changes to the GPO will take effect on the user and
computer even without them logging in again or rebooting the PC. Note that
not all types of policies refresh - Software Distribution doesn't for
instance.
So, now come the scenarios and associated questions.

Scenario: I create an OU and for that OU I create a GPO that has some policy
settings under the machine portion.
Question: Will the GPO that I link to the OU only affect computers that I
place in the OU?

Yes, and OU's beneath the OU where the policy is applied. Order of
application is LSDOU - Local, Site Domain, OU, OU. The last policy to be
applied wins.
Question: Will there be any affect on the users that I place in this OU?

No, and for performance sake you can disable the user-portion of the policy.
Scenario: I create an OU and for that OU I create a GPO that has some policy
settings under the user portion.
Question: Will the GPO that I link to the OU only affect users that I place
in the OU?

Yes, and OU's beneath the OU where the policy is applied. Order of
application is LSDOU - Local, Site Domain, OU, OU. The last policy to be
applied wins.
Question: Will there be any affect on the computers that I place in this
OU?

No, and for performance sake you can disable the machine-portion of the
policy.
 
Back
Top