cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Group Policy Priority

SOLVED
Highlighted
Getting noticed

Group Policy Priority

Our company has two AD accounts for IT staff. A regular user log in and an administrator account we use for credentials for elevation prompts.  I wanted to apply a "Lock Down" Group policy in Meraki to our admin accounts in the case one gets compromised and someone logs in with it. And that "Lock Down" GP will block all internet connectivity. But we obviously need these to log onto servers which need to be online. So if I would add a GP to the servers on a device level that copies our current firewall and traffic shaping rules, and apply the "locked down" GP to our admin accounts, which one would take priority and be followed? Would the user GP block internet connectivity or would the devices GP override what policies the user has and allow it? I can try building a test network but was hoping someone might have some more insight or maybe a backup plan if this wouldn't work.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Group Policy Priority

There isn't really a user group policy.  It is only ever applied to a device.

 

A user logs into device "x" and the group policy gets applied to that device.

 

So the admin would take priority because it would replace any other group policy that was previsouly applied to that device.

View solution in original post

1 REPLY 1
Highlighted
Kind of a big deal

Re: Group Policy Priority

There isn't really a user group policy.  It is only ever applied to a device.

 

A user logs into device "x" and the group policy gets applied to that device.

 

So the admin would take priority because it would replace any other group policy that was previsouly applied to that device.

View solution in original post

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.