We ran into an issue recently where changes were made to a GPO policy at the wrong Organizational Unit (OU) level in the domain.  As part of reverting those changes however we discovered that the Link Enabled and Enforced options were BOTH checked.  It's been a while since we have played with a lot of these settings so I wanted to document them here so I could remember them in the future.

What is Link Enabled?

Link Enabled in its simplest form tells the system to apply the policy to the container(s) both peer and children at the current level of the tree.  If the policy is link enabled essentially it will be applied to the containers below the policy.  For instance if the Default Domain Policy is Link Enabled it gets applied to all objects within the domain.

What is Enforced?

Enforced still applies the settings to the container(s) at the peer and child level, however the difference is that the settings are ALWAYS applied!  In other words if you have two policy files at the same level in the tree an Enforce policy will override any settings in the other policy.  It is always enforced!

Hopefully this helps others as it's one of those things that if you don't work with GPO's too often you can easily forget.

-Brent

If you have ever been to an airport, hotel or other public place that offers Wi-Fi service you may have also noticed that some require you to pay for access and others just require you to register.  Depending on your business this can be a good thing as it provides a source for extra revenue, or maybe just more insight into your visitors and how they access the hotspot.  On the other hand it does provide a little bit more security so you don’t end up with leaches on the network.

There are many vendors of systems and access points to provide this type of service, however I stumbled across a Microsoft document that provides information to setup and configure this type of service using existing Windows based servers.  It specifically targets Windows 2003 and Windows XP, but I am sure that is an updated version for 2008 and Vista.  On the other hand it is important to note that it does not contain any information about supporting Apple or Linux based machines.  Even if this solution does not work for you it may be worth the time to read just to understand some concepts and background on how a system to handle this could be implemented.

So without further ado the document can be found here.  If you have used this system or something similar please post your experience and comment on the system as I would be curious how it worked out for you.

-Brent