|
Posted by =?Utf-8?B?djJ3aW4=?= on November 29, 2007, 12:25 am
If you were Registered and logged in, you could reply and use other advanced thread options
Not sure if I understand what exactly you are trying to implement, but your
question appears to be related to Group Policy settings.
GPOs are processed in this order: local machine -> AD Site -> AD Domain ->
AD OU; within each of those, the machine policy processes before user policy.
The last policy to process determines the final setting for a parameter,
with certain exceptions. For example, a Domain Admin may need to ensure
critical policies are not overruled by an OU policy, so the domina policy may
be set to no-override, or enforced. However, if a setting is undefined in a
higher level policy, with enforced enabled, later policies may define that
setting. This is one useful reason for the undefined value, and I believe it
also permits policy processing to occur at a faster pace, because not all
parameters are actually being applied - evidence of this can be seen in the
GUI display results of RSoP.msc. Only applied policy settings appear in the
console, unlike when setting policy with Gpedit.msc.
Does this address your issue?
--
V2
"a_monk" wrote:
>
> There are <not defined> for some security settings in the Benchmark,
> e.g., Shutdown: Clear Virtual Memory Pagefile, instead of disabled or
> enabled.
>
> What does <not defined> mean? What happens if this "<not defined>"
> value is implemented?
> Does it mean that the setting is neither enabled nor disabled? So what
> is the "net outcome"?
> What is/are the consequences of having a <not defined> in the setting?
>
> Any information/ pointers will be much appreciated.
>
> Thanks,
>
> DFox
>
| 
XML site map