Information Technology Reference
In-Depth Information
3. Link
StMenuDomainGPO
to the domain object. In the left pane, click the domain object. In
the right pane, click the
Linked Group Policy Objects
tab, if necessary. The GPO with link
order 1 has the stronger precedence—in this case, the Default Domain Policy.
4. In the right pane, click
StMenuDomainGPO
. To change the link order, click the up arrow to
the left of the Link Order column. Click the down arrow so that StMenuDomainGPO again
has link order 2.
5. Right-click
StMenuDomainGPO
and click
Enforced
. Click
OK
. Notice the padlock icon
next to StMenuDomainGPO indicating that GPO inheritance is enforced.
6. Click the
Sales
OU. In the right pane, click the
Group Policy Inheritance
tab, if necessary.
Even though the Sales OU has the Block Inheritance option set, it's forced to inherit settings
from StMenuDomainGPO.
7. On your Vista computer, log on as
salesperson1
, if necessary, and open a command prompt
window. Type
gpupdate
and press
Enter
.
8. Verify that the two settings from the Starter GPO are now in effect: The taskbar should be
locked, and the Network link is no longer on the Start menu. Log off Vista.
9. On your server, right-click
StMenuDomainGPO
under the domain object and click
Delete
.
Click
OK
. This action unlinks the GPO from the domain but doesn't delete the GPO. Repeat
for
StMenuMktGPO
.
10. Right-click the
Sales
OU and click
Block Inheritance
.
11. Close all open windows, and stay logged on to your server for the next activity.
Activity 7-8 has quite a bit going on with group policy processing, so examine the final set-
tings to review. Table 7-5 lists the relevant GPOs, OUs, and policy settings from Activity 7-8.
Both Default Domain Policy and StMenuDomainGPO are linked to the domain.
StMenuDomainGPO is enforced so that the two enabled policies apply to all users in the
domain. The Sales OU blocks inheritance so that objects in this OU aren't affected by Default
Domain Policy or StMenuMktGPO. However, objects in the Sales OU are affected by the two
enabled policies in StMenuDomainGPO because this GPO has the Enforced option set, which
takes precedence over the Block Inheritance option.
Table 7-5
Blocking and enforcing GPO inheritance
GPO
Linked to
Policy
Setting
Default Domain Policy
Domain
Lock the Taskbar
Not configured
Remove Music icon from Start Menu
Not configured
Remove Network icon from Start Menu
Not configured
Remove Pictures icon from Start Menu
Not configured
StMenuDomainGPO
Domain
Lock the Taskbar
Enabled
(
Enforced
)
Remove Music icon from Start Menu
Not configured
Remove Network icon from Start Menu
Enabled
Remove Pictures icon from Start Menu
Not configured
StMenuMktGPO
Marketing OU
Lock the Taskbar
Enabled
Remove Music icon from Start Menu
Enabled
Remove Network icon from Start Menu
Enabled
Remove Pictures icon from Start Menu
Enabled
None
Sales OU
(
Block Inheritance
)
GPO Filtering
You have seen how to exclude all objects in an OU from inheriting GPO set-
tings, but what if you want to exclude only some objects in the OU? This is where GPO filtering
Search WWH ::
Custom Search