Wednesday, January 16, 2013

GPO Precendence and GPO testing

 

Group Policy processing and precedence

The Group Policy objects (GPOs) that apply to a user (or computer) do not all have the same precedence. Settings that are applied later can override settings that are applied earlier.

Order of processing settings

This section provides details about the order in which Group Policy settings for users and computers are processed. For information about where the processing of policy settings fits into the framework of computer startup and user logon, see steps 3 and 8 in Startup and logon, in this topic.

Group Policy settings are processed in the following order:

  1. Local Group Policy object—Each computer has exactly one Group Policy object that is stored locally. This processes for both computer and user Group Policy processing.
  2. Site—Any GPOs that have been linked to the site that the computer belongs to are processed next. Processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the site in Group Policy Management Console (GPMC). The GPO with the lowest link order is processed last, and therefore has the highest precedence.
  3. Domain—Processing of multiple domain-linked GPOs is in the order specified by the administrator, on the Linked Group Policy Objects tab for the domain in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence.
  4. Organizational units—GPOs that are linked to the organisational unit that is highest in the Active Directory hierarchy are processed first, then GPOs that are linked to its child organisational unit, and so on. Finally, the GPOs that are linked to the organisational unit that contains the user or computer are processed.
  5. At the level of each organisational unit in the Active Directory hierarchy, one, many, or no GPOs can be linked. If several GPOs are linked to an organisational unit, their processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the organizational unit in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence.

 

Using Gpresult

Displays the Resultant Set of Policy (RSoP) information for a remote user and computer. For examples of how this command can be used, see Examples.

gpresult [/s <COMPUTER> [/u <USERNAME> [/p [<PASSWORD>]]]] [/user [<TARGETDOMAIN>\]<TARGETUSER>] [/scope {user | computer}] {/r | /v | /z | [/x | /h] <FILENAME> [/f] | /?}


Parameters



/s <COMPUTER> Specifies the name or IP address of a remote computer. Do not use backslashes. The default is the local computer.



/u <USERNAME> Uses the credentials of the specified user to run the command. The default user is the user who is logged on to the computer that issues the command.



/p [<PASSWORD>] Specifies the password of the user account that is provided in the /u parameter. If /p is omitted, gpresult prompts for the password. /p cannot be used with /x or /h.



/user [<TARGETDOMAIN>\]<TARGETUSER> Specifies the remote user whose RSoP data is to be displayed.



/scope {user | computer} Displays RSoP data for either the user or the computer. If /scope is omitted, gpresult displays RSoP data for both the user and the computer.



[/x | /h] <FILENAME>  Saves the report in either XML (/x) or HTML (/h) format at the location and with the file name that is specified by the FILENAME parameter. Cannot be used with /u, /p, /r, /v, or /z.



/f Forces gpresult to overwrite the file name that is specified in the /x or /h option.



/r Displays RSoP summary data.



/v Displays verbose policy information. This includes detailed settings that were applied with a precedence of 1.



/z Displays all available information about Group Policy. This includes detailed settings that were applied with a precedence of 1 and higher.



/? Displays Help at the command prompt.



Examples



The following example displays RSoP data for the computer srvmain and the logged-on user. Data is included about both the user and the computer. The command is run with the credentials of the user maindom\hiropln, and p@ssW23 is entered as the password for that user.



gpresult /s servername/u domainname\username /p password/r



These two links comr from http://microsoft.com

Sluggish mouse on w2k8r2 and w7

(Poor mouse performance on Windows 2008 R2 virtual machine or a Windows 7 virtual machine)

Cause

The virtual machine is using the SVGA video driver supplied by VMware Tools not the WDDM video driver.

Resolution

Update the driver for the video card to use the WDDM driver that is available after VMware Tools is installed. The virtual machine must be at hardware version 7 or 8 to use the WDDM driver. For additional information, see WDDM and XPDM graphics driver support with ESX 4.x,5.x, (1016770).

To update the driver for the video card to use the WDDM driver:

Right-click the desktop and click Screen resolution.
Click Advanced Settings.
Click Properties.
Click the Driver tab.
Click Update Driver.
Click Browse my computer for driver software.
Enter this location or click Browse and navigate to it:
C:\Program Files\Common Files\VMware\Drivers\wddm_video
Click Next. The driver is installed and you see a screen confirming that Windows has finished installing the driver for VMware SVGA 3D.
Reboot the virtual machine to enable the new video driver.

 

This is from http://VMware.com (sorry I don't have the exact link handy)

Blog Archive