Non-local GPOs are used to CONTROL policies on an Active Directory-based network. A Windows 2000/2003 server needs to be configured as a domain controller on the network to use a non-local GPO. The non-local GPOs must be linked to a site, domain, or organizational unit (OU) to apply group policies to the user or computer objects.

The non-local GPOs are stored in %systemroot%SYSVOLPOLICIESADM, where is the GPO’s globally unique identifier. Two non-local GPOs are created by default when the Active Directory is installed:

1. Default Domain POLICY: This GPO is linked to the domain and it affects all USERS and computers in the domain.

2. Default Domain Controllers Policy: This GPO is linked to the Domain Controllers OU and it affects all domain controllers PLACED in this OU. MULTIPLE GPOs.

Non-local GPOs are used to control policies on an Active Directory-based network. A Windows 2000/2003 server needs to be configured as a domain controller on the network to use a non-local GPO. The non-local GPOs must be linked to a site, domain, or organizational unit (OU) to apply group policies to the user or computer objects.

The non-local GPOs are stored in %systemroot%SYSVOLPOLICIESADM, where is the GPO’s globally unique identifier. Two non-local GPOs are created by default when the Active Directory is installed:

1. Default Domain Policy: This GPO is linked to the domain and it affects all users and computers in the domain.

2. Default Domain Controllers Policy: This GPO is linked to the Domain Controllers OU and it affects all domain controllers placed in this OU. Multiple GPOs.