MCSA 19 Group Policy Loopback Processing Mode

MSFT WebCast
17 Sept 201513:20

Summary

TLDRIn this tutorial, we explore Group Policy Processing Modes, focusing on how to configure and apply them. We cover two key modes: Replace Mode and Merge Mode. Replace Mode forces user settings from a computer’s GPO to override any conflicting settings from the user’s GPO, while Merge Mode combines user and computer GPOs, with computer settings taking precedence. The video demonstrates these modes using a practical scenario, helping viewers understand how to configure and troubleshoot Group Policy effectively for user and computer configurations in a domain environment.

Takeaways

  • 😀 Group Policy Processing Mode applies alternate user policies when a user logs onto a computer, directing the system to apply computer-related Group Policy Objects (GPOs) to any user on that machine.
  • 😀 Group Policy has two main configurations: User Configuration and Computer Configuration, which apply differently based on whether the policy is tied to the computer or the user.
  • 😀 Group Policy Processing Mode is particularly useful in special-use environments like public or insecure computers where user policies must be modified based on the computer in use.
  • 😀 The script demonstrates a scenario in which HR users and HR computers are organized in distinct Organizational Units (OUs) within a domain, each with specific GPOs applied to users and computers.
  • 😀 If Group Policy Processing Mode is not enabled, the computer configuration applies to the machine, and the user configuration applies to the user, even when they log onto the same computer.
  • 😀 In the default scenario, a user from the HR User OU logging into a computer from the HR Computer OU will have policies applied from both GPO1 and GPO2 (user and computer configurations).
  • 😀 Group Policy Lookback Processing Mode offers two modes: Replace Mode and Merge Mode. Replace Mode forces the computer GPO settings to replace any user-specific settings, while Merge Mode combines both computer and user configurations.
  • 😀 In Replace Mode, user-specific settings from their assigned GPO are overridden by the settings defined in the computer GPO, resulting in the application of computer-level policies to the user.
  • 😀 In Merge Mode, both the computer and user GPOs are applied together, with computer configurations taking precedence over user configurations in case of conflicts.
  • 😀 The script walks through enabling Group Policy Processing Mode on HR Computer OU, first with Replace Mode and then with Merge Mode, showing how each mode affects the applied policies and their priorities.
  • 😀 The demonstration concludes by highlighting how to check which policies are applied using tools like RSOP (Resultant Set of Policy), with GPO2 typically having higher precedence when conflicts occur due to the order of processing.

Q & A

  • What is Group Policy processing mode?

    -Group Policy processing mode applies alternate user policy when a user logs onto a computer affected by this type of policy. It directs the system to apply the set of Group Policy Objects (GPOs) for the computer to any user logging on to the computer.

  • What are the two main configurations of Group Policy?

    -The two main configurations of Group Policy are User Configuration and Computer Configuration. The Computer Configuration applies to the computer regardless of which user logs in, and the User Configuration applies to the user regardless of the computer they log into.

  • Why is Group Policy processing mode important in certain scenarios?

    -It is important in special-use scenarios such as public or unsecure computers, where the user policy needs to be modified based on the computer being used, rather than the user itself.

  • What happens when a user from the HR user OU logs on to a computer from the HR computer OU without Group Policy processing mode enabled?

    -Without Group Policy processing mode enabled, the user’s HR User OU GPO is applied for user configuration, while the HR Computer OU GPO is applied for computer configuration.

  • What is the difference between Replace Mode and Merge Mode in Group Policy processing?

    -In Replace Mode, the user configuration from the computer’s GPO replaces the user configuration normally applied to the user. In Merge Mode, the computer GPO and user GPO are both applied, with computer configuration coming from the computer OU and user configuration coming from the user OU.

  • How do you enable Replace Mode in Group Policy?

    -To enable Replace Mode, navigate to Group Policy Management, go to Computer Configuration > Administrative Templates > System, and configure the 'User Group Policy Lookback Processing Mode' to 'Replace.'

  • What is the effect of enabling Replace Mode on user configuration?

    -Enabling Replace Mode means that the user settings defined in the computer’s GPO will replace the user settings that are normally applied from the user's GPO, ensuring only the computer’s settings are applied for the user.

  • What does enabling Merge Mode do in Group Policy processing?

    -Enabling Merge Mode ensures that both the computer GPO and user GPO are applied when a user logs onto a computer. The computer configuration comes from the computer’s GPO, while the user configuration comes from the user’s GPO, and both are merged.

  • How can you verify which Group Policy is applied to a user or computer?

    -You can use the Resultant Set of Policy (RSOP) tool to check the applied GPOs. This tool shows the policies applied to a user or computer, including their origin and any conflicts.

  • What are some examples of settings configured in the GPOs in the script?

    -Examples of settings configured include security policies like 'Do not display the last username' in the computer configuration, and user configuration settings such as 'Lock the taskbar' and 'Remove the clock from the notification area.'

Outlines

plate

Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.

Améliorer maintenant

Mindmap

plate

Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.

Améliorer maintenant

Keywords

plate

Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.

Améliorer maintenant

Highlights

plate

Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.

Améliorer maintenant

Transcripts

plate

Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.

Améliorer maintenant
Rate This

5.0 / 5 (0 votes)

Étiquettes Connexes
Group PolicyWindowsReplace ModeMerge ModeUser ConfigurationComputer ConfigurationIT AdministrationSecurity PolicyDomain ManagementGPO SettingsIT Tutorial
Besoin d'un résumé en anglais ?