How frequently is the client policy refreshed ? 90 minutes give or take.
Where is secedit ? It’s now gpupdate.
What is Group Policy Modeling ?
This is a simulation of what would happen under circumstances specified by an administrator. Group Policy Modeling requires that you have at least one domain controller running Windows Server 2003 because this simulation is performed by a service running on a domain controller that is running Windows Server 2003. With Group Policy Modeling, you can either simulate the RSoP data that would be applied for an existing configuration, or you can perform "what-if" analyses by simulating hypothetical changes to your directory environment and then calculating the RSoP for that hypothetical configuration.
For example, you can simulate changes to security group membership, or changes to the location of the user or computer object in Active Directory. Outside of GPMC, Group Policy Modeling is referred to as RSoP - planning mode. Note that although Windows 2000 does not provide the RSoP infrastructure, Group Policy Modeling can be used as an effective way to simulate the affect of Group Policy on Windows 2000 computers.
What is Group Policy Results ?
This represents the actual policy data that is applied to a given computer and user. It is obtained by querying the target computer and retrieving the RSoP data that was applied to that computer. The Group Policy Results capability is provided by the client operating system and requires Windows XP, Windows Server 2003 or later. Outside of GPMC, Group Policy Results is referred to as RSoP - logging mode.
What can be restricted on Windows Server 2003 that wasn’t there in previous products ? Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP properties. Users may be selectively restricted from modifying their IP address and other network configuration parameters.
You want to create a new group policy but do not wish to inherit. Make sure you check Block inheritance among the options when creating the policy.
How does the Group Policy 'No Override' and 'Block Inheritance' work ?
Group Policies can be applied at multiple levels (Sites, domains, organizational Units) and multiple GP's for each level. Obviously it may be that some policy settings conflict hence the application order of Site - Domain - Organization Unit and within each layer you set order for all defined policies but you may want to force some polices to never be overridden (No Override) and you may want some containers to not inherit settings from a parent container (Block Inheritance).
A good definition of each is as follows:
No Override - This prevents child containers from overriding policies set at higher levels
Block Inheritance - Stops containers inheriting policies from parent containers
No Override takes precedence over Block Inheritance so if a child container has Block Inheritance set but on the parent a group policy has No Override set then it will get applied.
Also the highest No Override takes precedence over lower No Override's set.
To block inheritance perform the following:
Start the Active Directory Users and Computer snap-in (Start - Programs - Administrative Tools - Active Directory Users and Computers)
Right click on the container you wish to stop inheriting settings from its parent and select
Select the 'Group Policy' tab
Check the 'Block Policy inheritance' option
Click Apply then OK
To set a policy to never be overridden perform the following:
Start the Active Directory Users and Computer snap-in (Start - - Administrative Tools - Active Directory Users and Computers)
Right click on the container you wish to set a Group Policy to not be overridden and select Properties