Access Denied--Addressing Group Policy Conflicts

I understand that enabling Disable background refresh of Group Policy for one policy will turn off refreshes for all policies. Where can I find a list of all the settings available for individual group policies that affect all group policies? I've seen identical settings enabled in different Group Policy Objects (GPOs) that have different effects: They might override the previous GPO, mesh with the previous GPO (e.g., Microsoft Internet Explorer—IE—Favorites), or affect all GPOs. Please let me know about any articles or utilities that can help me identify key aspects of Group Policy.

The only settings in Group Policy that affect all other group policies are those listed under \computer configuration\administrative templates\system\group policy and \user configuration\administrative templates\ system\group policy. These settings control the Group Policy engine that processes GPOs at system startup, user logon, and at refresh intervals thereafter. I agree that the task of understanding how group policies will be applied and diagnosing conflicts between group policies is complex. I've found FullArmor's FAZAM, available in the Microsoft Windows 2000 Server Resource Kit Supplement One, to be extremely helpful with this problem. FAZAM lets you trace how Group Policy is applied and run "what-if" scenarios that simulate Group Policy application with users, computers, and organizational units (OUs) of your choosing.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.