Answered by:
GPO Applied but User Can Change The Settings

-
I have a 2008 R2 domain. I have a GPO with computer configuration settings linked to OU containing computers only. Users are placed in a separate OU with no GPO is linked.
Now at the clients I see the GPO policies (such as wsus, snmp settings) getting applied normally but when I log-in to these systems as domain admin I can change these settings. How can I prevent these settings from getting changed at local level?
Question
Answers
-
Domain Admins by definition have full rights to everything, it should not be surprising that they can change settings locally. Even then Group Policy re-applies itself several times each day so any local changes made will be overwritten the next time Group Policy is applied, usually within 8 hours.
The people using the server will be a normal users so they will not be able to change these settings.
- Proposed as answer by Elaine JingModerator Friday, February 06, 2015 9:00 AM
- Marked as answer by AnnaWYModerator Thursday, March 05, 2015 5:35 AM
All replies
-
Domain Admins by definition have full rights to everything, it should not be surprising that they can change settings locally. Even then Group Policy re-applies itself several times each day so any local changes made will be overwritten the next time Group Policy is applied, usually within 8 hours.
The people using the server will be a normal users so they will not be able to change these settings.
- Proposed as answer by Elaine JingModerator Friday, February 06, 2015 9:00 AM
- Marked as answer by AnnaWYModerator Thursday, March 05, 2015 5:35 AM
-
-
Hi,
Yes, you are right. When you log in as the domain admin, the group policy settings pushed from Domain GPO is visible on the local system, if you configure them correctly.
If you have any other questions, feel free to post us.
Best Regards,
Elaine
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.