Well, it won't be the first time I've heard something about
GP called "stupid" :).
I suspect it depends upon how you think about
this. Certain CSEs are more resilient than others. I honestly haven't come
across your scenario but in a lot of cases, if a CSE fails to do something,
GP processing will simply continue along. I will try to take a
deeper look at this and see if I can understand why that is happening.
One thing I usually recommend is to stay away from using
registry and/or file security policy to set perms. First of all, I find it kind
of a klunky way to manage permissions. Secondly, if you do a lot of it in
policy, it can really slow down processing. I think its just better to
manage security permissions on files and registry keys with a different, and
more deterministic method.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar
Sent: Wednesday, February 22, 2006 11:48 PM
To: [email protected]
Subject: [ActiveDir] Stupid Group Policy CSE behavior
I had high hopes for group policy, but now it has started waning...
Simply stated, what happens is ... you have different policies applying to
machine.
And say all policies contain different registry or security related
settings.
Now, when at workstation registry or security CSE tries to process
these settings...
It will just stop processing at first error
it encountered and never process settings from remaining policies.
so if registry CSE found that it has 10 values in registry to set and if it
encountered error at 5th, it will never go ahead and process 6 to 10.
here is my case:
I had set deny permission on one registry key in one policy and I was
trying to change that setting from another policy.
One would guess that, 2nd policy would simply fail and CSE would continue
processing other polices which are no way related to this setting. But it
doesn't.
I have seen this for Registry and Security CSE.
Thanks for listening :-)
--
--
Kamlesh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
