用户配置的 GPO 不会被覆盖
我的域上有两个 GPO -> “默认域策略”和“GPO - Diretoria”。 默认域策略配置为在客户端的所有 IE 浏览器上设置代理设置(用户配置 > 策略 > Windows 设置 > Internet Explorer 维护 > 连接 > 代理设置)。以下是使用的详细配置:
Internet Explorer Connection
----------------------------
HTTP Proxy Server: 192.168.100.1:3128
Secure Proxy Server: 192.168.100.1:3128
FTP Proxy Server: 192.168.100.1:3128
Gopher Proxy Server: 192.168.100.1:3128
Socks Proxy Server: 192.168.100.1:3128
Auto Config Enable: No
Enable Proxy: Yes
Use same Proxy: Yes
在其他 GPO(GPO - Diretoria)中,代理设置未配置。 “代理设置”窗口中的“启用代理设置”复选框已禁用。该 GPO 链接到一个名为 Diretoria 的 OU。该 OU 内有 3 台计算机。当我在 3 台计算机中的任何一台中执行 gpupdate(甚至 gpupdate /force)时,代理设置仍然按照默认域策略中的配置进行设置!
然后,我仅使用用户配置设置执行了各种测试,并且我注意到(通过运行gpresult /z)在默认域策略上设置了任何用户配置设置GPO 不能被“GPO - Diretoria”用户配置设置替换!但是,计算机配置设置已被完美替换!
COMPUTER SETTINGS
------------------
CN=MARCOS-SUPVM,OU=Diretoria,DC=internal,DC=domain,DC=com,DC=br
Last time Group Policy was applied: 5/16/2011 at 5:31:36 PM
Group Policy was applied from: DC4.internal.domain.com.br
Group Policy slow link threshold: 500 kbps
Domain Name: internal
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
GPO - Diretoria
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
.
.
.
.
USER SETTINGS
--------------
CN=Administrador,CN=Users,DC=internal,DC=domain,DC=com,DC=br
Last time Group Policy was applied: 5/16/2011 at 5:31:39 PM
Group Policy was applied from: DC4.internal.domain.com.br
Group Policy slow link threshold: 500 kbps
Domain Name: INTERNAL
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Policy <-- SEE HERE??? "GPO - Diretoria" ARE NOT PROCESSED!
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
为什么?
I've a two GPOs on my domain -> "Default Domain Policy" and "GPO - Diretoria". Default Domain Policy is configured to set proxy settings on all IE browser of the clients (User Config > Policies > Windows Settings > Internet Explorer Maintenance > Connection > Proxy Settings). Here are the detailed config used:
Internet Explorer Connection
----------------------------
HTTP Proxy Server: 192.168.100.1:3128
Secure Proxy Server: 192.168.100.1:3128
FTP Proxy Server: 192.168.100.1:3128
Gopher Proxy Server: 192.168.100.1:3128
Socks Proxy Server: 192.168.100.1:3128
Auto Config Enable: No
Enable Proxy: Yes
Use same Proxy: Yes
In the other GPO (GPO - Diretoria) the proxy settings are not configured. The "Enable proxy settings" check box are disabled in Proxy Settings window. This GPO are linked to an OU called Diretoria. Inside this OU, there are 3 computers. When I exec a gpupdate (even gpupdate /force) in any of the 3 computers, the proxy settings still setted as configured in Default Domain Policy!
Then, I´ve performed various tests only with User Configuration Settings and, I´ve noticed (by running gpresult /z) that any User Configuration Setting setted on Default Domain Policy GPO cannot be replaced by the "GPO - Diretoria" User Configuration Settings! BUT, the Computer Configuration Settings are replaced perfectly!
COMPUTER SETTINGS
------------------
CN=MARCOS-SUPVM,OU=Diretoria,DC=internal,DC=domain,DC=com,DC=br
Last time Group Policy was applied: 5/16/2011 at 5:31:36 PM
Group Policy was applied from: DC4.internal.domain.com.br
Group Policy slow link threshold: 500 kbps
Domain Name: internal
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
GPO - Diretoria
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
.
.
.
.
USER SETTINGS
--------------
CN=Administrador,CN=Users,DC=internal,DC=domain,DC=com,DC=br
Last time Group Policy was applied: 5/16/2011 at 5:31:39 PM
Group Policy was applied from: DC4.internal.domain.com.br
Group Policy slow link threshold: 500 kbps
Domain Name: INTERNAL
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Policy <-- SEE HERE??? "GPO - Diretoria" ARE NOT PROCESSED!
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
Why?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为您混淆了用户策略和计算机策略,您设置的策略适用于 OU 中的用户而不是计算机。我错了吗?
I think you are confusing user policy and computer policy, the policy you setup is applicable to users in an OU not to computer. Am I wrong ?
不会应用
GPO - Diretoria中的用户配置,因为您的用户对象CN=Administrador,CN=Users,DC=internal,DC=domain,DC=com,DC=br< /code> 不在“Diretoria”OU 下。应用
GPO - Diretora中的计算机配置,因为您的计算机对象CN=MARCOS-SUPVM,OU=Diretoria,DC=internal,DC=domain,DC=com,DC=br位于“Directoria”OU 内尝试将管理员用户对象移至 OU=Diretoria。然后,您将看到用户配置也被应用。
The user configuration from
GPO - Diretoriawon't be applied because your user objectCN=Administrador,CN=Users,DC=internal,DC=domain,DC=com,DC=bris not under "Diretoria" OU.The computer configuration from
GPO - Diretorais applied because your computer objectCN=MARCOS-SUPVM,OU=Diretoria,DC=internal,DC=domain,DC=com,DC=bris inside "Directoria" OUTry moving your administrator user object to OU=Diretoria. Then, you will see user configuration being applied as well.