D
djc
by default the Read and Apply Group Policy permissions are enabled for the
Authenticated Users security principle on new GPOs. And you can filter the
scope by adding/removing users/groups for a GPO using these permissions. My
question is then how do computer-specific GPO settings apply by default?
1) For example, I can set computer-specific settings in the default domain
GPO or a new GPO linked to the domain and they apply to all domain computer
accounts even though nothing is on the Security tab of the GPO properties to
indicate this, right?
2) Whether this is a valid question depends on the answer to number 1 but
I'll ask anyway. I know moving computer accounts into OUs and linking GPOs
to the OUs you can control GPOs. But what about the Read and Apply Group
Policy permissions? Can they be used to further filter scope of GPOs for
computer-specific settings?
any info would be greatly appreciated. Thanks.
Authenticated Users security principle on new GPOs. And you can filter the
scope by adding/removing users/groups for a GPO using these permissions. My
question is then how do computer-specific GPO settings apply by default?
1) For example, I can set computer-specific settings in the default domain
GPO or a new GPO linked to the domain and they apply to all domain computer
accounts even though nothing is on the Security tab of the GPO properties to
indicate this, right?
2) Whether this is a valid question depends on the answer to number 1 but
I'll ask anyway. I know moving computer accounts into OUs and linking GPOs
to the OUs you can control GPOs. But what about the Read and Apply Group
Policy permissions? Can they be used to further filter scope of GPOs for
computer-specific settings?
any info would be greatly appreciated. Thanks.