none
GPO Precedence

    Question

  • I have a requirement to enable 2 different patch windows for the servers.

    One set of servers will re-start at 10 PM and the other set of Servers at 11PM

    I created a new GPO and linked that to the OU which has the Second set of servers. I enabled the setting to Resrt at 11PM in that GPO.

    The main GPO which is linked at higher level has the setting to restart at 10 PM (Default Policy in the image below - Precedence 2 and enforced)

    This is what shows at the OU for Second set of server (which need to restart at 11)


    Will it mean that the Policy 2 in the image will always win even if that is at higher level in OU structure and has lower precedence.

    I want Policy 4 setting to apply to the servers in this OU so that they are restarted at 11PM

    However i am not sure if that will apply since it shows higher number in precedence column (4)

    I cannot block inheritance as the policy 2 has other values we need.

    I dont even know if i can block inheritance for an enforced GPO anyways.

    What do i need for Policy 4 to Win.

    Can we chnage the precedence of this policy and how

     

    Tuesday, December 09, 2014 1:39 PM

Answers

  • > Will it mean that the Policy 2 in the image will always win even if that
    > is at higher level in OU structure and has lower precedence.
     
    That's what "enforced" means, exactly :)
     
    > *I want Policy 4 setting to apply to the servers in this OU so that they
    > are restarted at 11PM*
     
    Then do not enforce on a higher level.
     
    > I dont even know if i can block inheritance for an enforced GPO anyways.
     
    No, you cannot. Do not enforce.
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Tuesday, December 09, 2014 2:26 PM