A PSO is a password policy that is available in a Microsoft Windows Server 2008 Domain Controller. It is more granular than Active Directory group policy because it is applied to a particular user or group. Group Policy Objects (GPO) sre applied to an entire organizational unit (OU). You may try to apply several PSOs to a person, but one will take precedence. The one with the lowest number will be the policy applied. To use the features in this video, you must promote your domain to a Server 2008 level.
t’s important to understand the sequence that group policy uses. I’m creating this video on Server 2008 domain controller, but it could’ve been done on server 2003 or 2000. Group policies affect all Microsoft operating systems. (2000, xp, vista, 7)
ou=organizational unit
gpo=group policy object
requires a domain controller (active directory)
Group Policy Precedence
1. Computer turns on
2. Local GPOs for the computer
3. Site GPOs for the computer
4. Domain GPOs for the computer
5. OU GPOs for the computer
6. Enforced GPOs for the computer
7. User logs in
8. Local GPOs for the user
9. Site GPOs for the user
10. Domain GPOs for the user
11. OU GPOs for the user
12. Enforced GPOs for the user
Rule A
user policies are more important than computer policies
Rule B
If a policy has Blocked Inheritance, it does not apply.
Rule C
Unless it is enforced. Then it does apply. (More than all others.
Rule D
Unless you deny read permissions to a user/computer for that GPO.
Rule E
You should never give a deny permission.
Rule F
Group policy loopback can make computer GPOs over rule User GPOs
(computer configuration\policies\admin templates\system\group policy\user group policy loopback processing mode)
Rule G
Computer policies are updated every 90-120 minutes after the computer is turned on. User policies are updated every 90-120 minutes after the user logs in.
Greate group policy on server 2008 domain controller
How to create a GPO (group policy object) on a server 2008 domain controller. I create them, link them to an OU (organizational unit) and show how to find what settings are affected by it. It’s one of the many features of active directory that controls your user’s environment.