Well, it won't be the first time I've heard something about GP called "stupid" :).
 
I suspect it depends upon how you think about this. Certain CSEs are more resilient than others. I honestly haven't come across your scenario but in a lot of cases, if a CSE fails to do something, GP processing will simply continue along. I will try to take a deeper look at this and see if I can understand why that is happening.
 
One thing I usually recommend is to stay away from using registry and/or file security policy to set perms. First of all, I find it kind of a klunky way to manage permissions. Secondly, if you do a lot of it in policy, it can really slow down processing. I think its just better to manage security permissions on files and registry keys with a different, and more deterministic method.
 
 
 
 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar
Sent: Wednesday, February 22, 2006 11:48 PM
To: [email protected]
Subject: [ActiveDir] Stupid Group Policy CSE behavior

I had high hopes for group policy, but now it has started waning...
 
Simply stated, what happens is ... you have different policies applying to machine.
And say all policies contain different registry or security related settings.
Now, when at workstation registry or security CSE tries to process these settings...
It will just stop processing at first error it encountered and never process settings from remaining policies.
 
so if registry CSE found that it has 10 values in registry to set and if it encountered error at 5th, it will never go ahead and process 6 to 10.
 
here is my case:
 
I had set deny permission on one registry key in one policy and I was trying to change that setting from another policy.
One would guess that, 2nd policy would simply fail and CSE would continue processing other polices which are no way related to this setting. But it doesn't.
 
I have seen this for Registry and Security CSE.
 
Thanks for listening :-)
--
Kamlesh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Reply via email to