组策略三部曲之二:
Understanding Which GPOs to Apply
了解应用哪些组策略
下面的文章将揭开组策略的神秘面纱
注:这里我只摘录了部分内容,更详细内容请点击以下链接:
http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/15/understanding-the-structure-of-a-group-policy-object-part-2.aspx
In the previous post, I talked about the structure of a GPO. Now, I'll turn to the question of what a client does in order to apply the settings that we've configured in our GPOs.
The processing of GPOs is initiated from the client side rather than being pushed from your Domain Controllers. As such, your client have to understand several things to process the correct GPOs in the correct way. 组策略的过程是从客户端启动(从客户端发起),而非从域控制进行推送。例如,您的客户端必须了解这些,以便以正确的方式去处理正确的GPOS(组策略)。
In order to properly understand this, we need to look at a few additional concepts.
How Does a Client Know Which GPOs to Apply?
There are two types of GPOs. There are GPOs that are configured locally on the client machine and are always processed, and there are GPOs linked within the Active Directory structure itself. While the client knows that is needs to process its local GPO, it's not as clear which GPOs in the directory structure apply to it. Within the directory, GPOs can be linked to the following levels:
Site
Domain
Organizational Unit
Depending on where the client object is located determines which GPOs it applies. For example, consider the following scenario:
