Group Policy in Forest and Multiforest Scenarios
Group Policy is primarily a domain-centric process. That is, Group Policy Objects (GPOs) are created to control users and computers that have accounts in specific domains. The GPOs are linked to the domain or the domain's OUs. The exception to this is the Site GPO, a rare beast that can impact users in multiple domains depending on the location of domain users and computer accounts and where they log on. However, site policies only affect computers and users whose accounts reside in that site. The site GPO is limited to a single forest. There is no Group Policy mechanism for managing users forest-wide, and there is no mechanism for implementing a single GPO that can impact multiple forests.
However, ...
Get Windows Server 2003 Security: A Technical Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.