[gptalk] "Log on as a service" configured twice

  • From: "Hendrikus Terwint \(SEDIRSI-Prestataire\)" <terwint.hendrikus.prestataire@xxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 3 Apr 2008 18:54:18 +0200

Hi,

 

Anyone knows whether the "Log on as a service" policy is cumulative or
if it replaces previous values if it's been configured twice (on a
parent OU as well as on a child OU) ?

 

Case:

 

      OU=Administration

            GPO=Logon_as_service1

         OU=Site A

               GPO=Logon_as_service2

         OU=Site B

               GPO=Logon_as_service3

 

 

GPO=Logon_as_service1

Log on as a service

Value: GROUP1

Computer Configuration\Windows Settings\Local Policies\User Rights
Assignment

 

GPO=Logon_as_service2

Log on as a service

Value: GROUP2

Computer Configuration\Windows Settings\Local Policies\User Rights
Assignment

 

GPO=Logon_as_service3

Log on as a service

Value: GROUP3

Computer Configuration\Windows Settings\Local Policies\User Rights
Assignment

 

Objects in Site A require GROUP2 as well as GROUP1 for registering a
process as a service.

Objects in Site B require GROUP3 as well as GROUP1 for registering a
process as a service.

 

Could GPO=Logon_as_service1 provide GROUP1 (through inheritance) to Site
A and Site B objects, or do we have to add the value "GROUP1" to both
GPOs Logon_as_service2 + Logon_as_service3 ?

 

Thanks in advance!

 

Hendrikus

Other related posts: