none
Domain Member Server Group Policies

    Question

  • This is a two-part question. I'm trying to understand why you would configure a Member Server Group Polices when the Domain Controller governs all (Group) policies for Member Servers in the domain? This sounds redundant though there may be good reason for this though it is not clear to me. Second question is similar - Why configure Local Policies of a Member Server if the DC governs all member policies? Is this done as a backup measure if the DC were to become unavailable?

    Thanks

    Wednesday, August 12, 2015 6:29 PM

Answers

  • Hi Steve,

    Thanks for your post.

    Based on my knowledge, there's precedence about the group policy. Domain controller could control the domain computers with the group policy. But you could also set group policy in member server that only apply for the member server and not afffect other computer. The Group Policy objects (GPOs) that apply to a user (or computer) do not all have the same precedence. Settings that are applied later can override settings that are applied earlier.

    The order of  group policy processing is Local group policy, site, domain and OU. This order means that the local GPO is processed first, and GPOs that are linked to the organizational unit of which the computer or user is a direct member are processed last, which overwrites settings in the earlier GPOs if there are conflicts. (If there are no conflicts, then the earlier and later settings are merely aggregated.)

    https://technet.microsoft.com/en-us/library/Cc785665(v=WS.10).aspx

    Best Regards,

    Mary Dong


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 13, 2015 2:18 AM
    Moderator