官术网_书友最值得收藏!

Domain-level policies

Some policies and settings are going to be things that you want to apply to all of the machines or users in the entire domain, and the appropriate place for those settings are domain-level GPOs. It's important to point out that the GPOs themselves are not different as we talk about all of these different policy levels—a GPO is a GPO. The level at which the GPO is linked is what we are talking about when we discuss these hierarchical levels. So far, we haven't discussed GPO links, and that is because we will spend a lot of time discussing links and linking when we start to cover the bases on filtering these GPO settings, in upcoming chapters. For now, we simply need to understand that some GPOs will contain settings that need to apply to everything in the domain, and these GPOs will be linked at the domain level.

In the following screenshot, the Default Domain Policy has been linked at the top level, or root, of the domain:

When you link a policy at the top of the domain, that GPO will filter down to each user account and device account that is present inside the domain to where it is linked, theoretically applying to all workstations, servers, and users. I say theoretically because there are a couple of reasons why a domain-level GPO might not actually apply to everything inside the domain. One of those reasons would be that the GPO was filtered to only apply to certain machines or groups (we will discuss this much more in chapter 4, Advanced Filtering of Group Policy Objects). Another reason is that some locations inside Active Directory may have inherency blocking enabled, which would stop GPOs from applying to any objects contained inside those locations. These locations that I am talking about are called OUs, and they are our next level of GPO processing.

主站蜘蛛池模板: 武威市| 铜梁县| 白城市| 庄浪县| 阿鲁科尔沁旗| 东丽区| 安溪县| 古丈县| 鄂托克前旗| 博白县| 紫阳县| 方山县| 讷河市| 盘锦市| 原平市| 洛阳市| 陆良县| 洛扎县| 西乌| 吐鲁番市| 冀州市| 左权县| 家居| 且末县| 绥德县| 浏阳市| 安顺市| 潮州市| 陕西省| 腾冲县| 滁州市| 屏东县| 汉川市| 灵璧县| 江口县| 高邮市| 介休市| 禹城市| 特克斯县| 华坪县| 武强县|