Highlighted
Absent Member.
Absent Member.
1858 views

Overwrite existing Windows Group Policy

Hi folks......
I am wondering if anyone can share some insight on this one. I inherited maintaining the policies for our company using ZCM 10.3.1. Currently they are applied at the users container or group level or explicit to the user. No GPO's are applied at the machine level and the policies contain both the "Computer" and "User" configuration.

I have since recreated the policies, made some changes to them, and broken them down into device and user and trying to assign them to either the device or user. My understanding is that policies assigned directly to the user and/or device takes precedence from the top level ones. But the one's I assigned explicitly to the device and test user are not working. They show as being applied but the policy being applied at the container level is still showing up when I do a secpol or gpedit on the device.

Even moving the device and user to separate OU's and it still does not work. What must I do to get rid of these previously built policies and replace them with the newly created ones.

Any help would be greatly appreciated.
Labels (2)
0 Likes
1 Reply
Highlighted
Absent Member.
Absent Member.

Re: Overwrite existing Windows Group Policy

Hi,

I was busy with the same things last week. (ZCM11)
I have made 1 global device policy (computer settings) on "workstations" level
Then i created addon device policy (computer settings) on "dynamic workstation group" or "specific devices" level. (only for some small changes to the global)
But it will merge the settings topdown. So if you have a setting on "workstations" level as enabled, you have to make it reverse on the device or group setting. So disable it if you want it other than the global policy.
If in the global policy the setting is not configured, then the setting for the group or device will become effective.

For the users i made 2 policies. 1 for admins, 1 for users. and assigned it to a Usergroup (in my case a edirectory group)

As far is i know you can not say. "Don't inherit anything from the top!". That why you made the settings that you want to change in reverse!



kdshort67;2092254 wrote:
Hi folks......
I am wondering if anyone can share some insight on this one. I inherited maintaining the policies for our company using ZCM 10.3.1. Currently they are applied at the users container or group level or explicit to the user. No GPO's are applied at the machine level and the policies contain both the "Computer" and "User" configuration.

I have since recreated the policies, made some changes to them, and broken them down into device and user and trying to assign them to either the device or user. My understanding is that policies assigned directly to the user and/or device takes precedence from the top level ones. But the one's I assigned explicitly to the device and test user are not working. They show as being applied but the policy being applied at the container level is still showing up when I do a secpol or gpedit on the device.

Even moving the device and user to separate OU's and it still does not work. What must I do to get rid of these previously built policies and replace them with the newly created ones.

Any help would be greatly appreciated.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.