Wednesday, May 15, 2019

How are GPOs processed

Here’s just a quick, and very high-level, review about how group policies processing works.

Computer Policies

1.Network Services Start

2.Client performs DNS request for LDAP SRV record of DC(s) in its site

3.Client binds to DC using normal DC Locator process

4.Client performs ICMP slow link detection to DC to determine link speed

5.Client uses LDAP to build GPO list at OU, domain and then site containers - determines whether it has permission to process GPO

6.The client then connects to SYSVOL using SMB’s, locates the required GPT folder , then commences download

7.The computer then applies the policy

8.CSE’s may be required to implement some settings

9.The startup scripts are then processed and executed

10.The logon Screen is then displayed



User Policies

1.The user presses Ctrl-Alt-Del to logon

2.Check RAS settings

3.After domain validation, the client loads the profile controlled by the Group Policy settings that are in effect

4.Check the loopback processing mode value

5.Client binds to DC using normal DC Locator process

6.Obtain a list of GPO’s that need to be applied to the user

7.Connects to SYSVOL using SMB’s

8.Check for any changes to the GPO’s and downloads the changed policies

9.Applies the GPOs in the correct order

10.CSE’s will be required to process the various configurations

11.Runs the logon script

12.User gets their desktop

No comments:

Post a Comment