Sign in
 

none
GPO Applied but User Can Change The Settings

 > 

    Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I have a 2008 R2 domain. I have a GPO with computer configuration settings linked to OU containing computers only. Users are placed in a separate OU with no GPO is linked.

    Now at the clients I see the GPO policies (such as wsus, snmp settings) getting applied normally but when I log-in to these systems as domain admin I can change these settings. How can I prevent these settings from getting changed at local level?

    Thursday, February 5, 2015 4:31 PM
    |

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Domain Admins by definition have full rights to everything, it should not be surprising that they can change settings locally. Even then Group Policy re-applies itself several times each day so any local changes made will be overwritten the next time Group Policy is applied, usually within 8 hours.

    The people using the server will be a normal users so they will not be able to change these settings.

    Thursday, February 5, 2015 4:45 PM
    |

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Domain Admins by definition have full rights to everything, it should not be surprising that they can change settings locally. Even then Group Policy re-applies itself several times each day so any local changes made will be overwritten the next time Group Policy is applied, usually within 8 hours.

    The people using the server will be a normal users so they will not be able to change these settings.

    Thursday, February 5, 2015 4:45 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks, but even if I login as domain admin to local system, the settings should be visible on the local policy that are pushed from domain GPO right?
    Friday, February 6, 2015 3:51 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Yes, you are right. When you log in as the domain admin, the group policy settings pushed from Domain GPO is visible on the local system, if you configure them correctly.

    If you have any other questions, feel free to post us.

    Best Regards,

    Elaine

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 9, 2015 2:22 AM
    |
    Moderator