Site policy through to child domain

[J]

Can anyone tell me where site policies get applied from?

We have a remote site, with its own subnet and gc setup.
There is a firewall between the main office and the remote site.
Everything appears to be finctioning correctly, apart from site
policies.
As as soon as we setup one up and associate it with the remote site,
all of the clients in that site try to connect to one of the root
domain controllers.

Surely we are not going to have to allow those clients access to the
root DCs for site gpos to be applied???

If anyone can let me know, I would really appreciate it

TIA
J

 

[Mike Aubert]

A GPO is made up of objects in the domain partition and files/folders in
SYSVOL. A GPO linked to a site has to be stored in one of the forest's
domains. Now, if you mean that your remote site is its own domain, you can
create the GPO in the remote site's domain and then link it to the site. By
creating the GPO in the remote site's domain, clients will pull the GPO from
the remote site's domain controllers.



One way to explicitly create the GPO in the remote site's domain is to open
up AD Sites and Services, navigate to the Group Policy tab of the site's
properties, click Add, click the All tab, select the domain in the "Look in"
dropdown list box (this is the domain where the GPO will be stored), click
the new GPO icon (looks like two users with a star at the top), name the
GPO, and with the new GPO selected click OK. This will store the GPO in the
remote site's domain and then link it to the remote site.

Mike

 

[J]

Mike,

Thanks for the update.
Yes the remote site is its own domain.
I will try creating the gpo in the remote site and see what happens.

cheers again

J