官术网_书友最值得收藏!

Domain-level policies

Some policies and settings are going to be things that you want to apply to all of the machines or users in the entire domain, and the appropriate place for those settings are domain-level GPOs. It's important to point out that the GPOs themselves are not different as we talk about all of these different policy levels—a GPO is a GPO. The level at which the GPO is linked is what we are talking about when we discuss these hierarchical levels. So far, we haven't discussed GPO links, and that is because we will spend a lot of time discussing links and linking when we start to cover the bases on filtering these GPO settings, in upcoming chapters. For now, we simply need to understand that some GPOs will contain settings that need to apply to everything in the domain, and these GPOs will be linked at the domain level.

In the following screenshot, the Default Domain Policy has been linked at the top level, or root, of the domain:

When you link a policy at the top of the domain, that GPO will filter down to each user account and device account that is present inside the domain to where it is linked, theoretically applying to all workstations, servers, and users. I say theoretically because there are a couple of reasons why a domain-level GPO might not actually apply to everything inside the domain. One of those reasons would be that the GPO was filtered to only apply to certain machines or groups (we will discuss this much more in chapter 4, Advanced Filtering of Group Policy Objects). Another reason is that some locations inside Active Directory may have inherency blocking enabled, which would stop GPOs from applying to any objects contained inside those locations. These locations that I am talking about are called OUs, and they are our next level of GPO processing.

主站蜘蛛池模板: 石泉县| 玉屏| 嘉鱼县| 西贡区| 甘德县| 博白县| 阳原县| 锡林郭勒盟| 陇川县| 卓资县| 鱼台县| 鲁山县| 任丘市| 长宁县| 射阳县| 罗源县| 南宫市| 察雅县| 浏阳市| 万年县| 沾化县| 达尔| 阿拉尔市| 青川县| 东乌珠穆沁旗| 衡水市| 泾川县| 甘泉县| 盖州市| 海伦市| 南江县| 宁武县| 嵩明县| 论坛| 阿尔山市| 武鸣县| 邵东县| 绥宁县| 淄博市| 海安县| 宝坻区|