Planning Administrative Control Of Gpos
When you plan the Group Policy settings and GPOs to be used in your Network+ certification organization, you should also plan who will manage them. The appropriate level of administrative control can be delegated by using a centralized, decentralized, or task-based administrative control design.
You are a domain administrator for Contoso Pharmaceuticals. One of the desktop administrators calls to report some peculiar results with four user accounts. Users are not supposed to have the Run command in their Start menus, but three out of four have it. The desktop administrator is puzzled. You investigate the issue and document your results, as shown in Table 10-5.
You learn that the GPO that doesn't seem to be working is named GPLabRemoveRun. You discover that someone has explicitly denied GPLabGroup2 the permission to Apply Group Policy for the GPLabRemoveRun policy. You also determined that GPLabRemoveRun is linked to the GPLab OU.
When you create the user accounts in this lab, set their passwords to comptia network. Clear the User Must Change Password At Next Logon box. Check the Password Never Expires box. (In a real-world environment, of course, you should make sure users follow proper password procedures, such as creating complex passwords with a combination of uppercase and lowercase letters, numbers, and symbols.)
Group Policy is applied to Active Directory components in the following order: local computer, site, domain, and then OU.
Group Policy is passed down from parent to child containers within a domain. If you have assigned a separate Group Policy setting to a parent container, shat Group Policy setting applies to all containers beneath the parent container, including the user and computer objects in the container. However, if you specify a Group Policy setting for a child container, the child container's Group Policy setting overrides the setting inherited from the parent container.
The default order for the application of Group Policy settings is subject to the following exceptions: No Override, Block Policy Inheritance, the Loopback setting, and a computer that is a member of a workgroup.
There are three parts to planning Group Policy: plan the Group Policy settings, plan GPOs, and plan administrative control of GPOs.
Computer Configuration node A node in the Group Policy Object Editor which contains the settings used to set group policies applied to computers, regardless of who logs on to them. Computer configuration settings free test questions are applied when the operating system initializes.