Why Default Domain GPO..Why…Why…Why

You might have few questions to yourself:

1. Why domain GPO will still apply to local admin account of client computer.

2. Why domain GPO will still apply in safe mode and safe mode with networking modes.

Interesting when you see domain GPO will still apply to a computer not connected to network.

This behaviour is by design. This is just to maintain the security of computer.

The reason and Logic behind this

Its all about the Computer Account and relationship of client computer with domain. Windows OS and Winlogon service still assumes that a PC logged on to local computer or safe mode/with networking is the member of domain as long as Computer account of this local computer exist in domain or a secure channel exists between computer and Domain Controller.

Windows OS assumes that the security of this computer should be maintained by a domain controller as long as it is the member of the domain. So GPOs will be applied when you log in Safe Mode or any other mode.

Leave a Reply

Your email address will not be published. Required fields are marked *