Search

Group Policy Inheritance

The Group Policy settings are inherited from top-level containers by lower-level containers, unless inheritance is blocked or overridden. Because of this, a setting in a top-level GPO can affect every user and computer throughout the enterprise. The end result of Group Policy is known as the Resultant Set of Policy (RSoP).

As we discussed in the previous lesson, the order of Group Policy processing and applied determines which policy settings take effect if multiple policies modify the same settings. When multiple policies are in place, the policies are applied in the following order:

Local Policy > Site Policy > Domain Policy > Organizational Unit (OU) Policy

Group Policy is inherited in the following ways:

• If a policy setting is configured for a parent Organizational Unit (OU), and the same policy setting is not already configured for its child Organizational Units (OUs) the child Organizational Units (OUs) inherit the parent's policy setting.

• If a policy setting is configured for a parent Organizational Unit (OU), and the same policy setting is configured for a child OU, the child OU's Group Policy setting overrides the setting inherited from the parent Organizational Unit (OU).

• If any of the policy settings of a parent Organizational Unit (OU) are set to Not Configured, the child Organizational Unit (OU) does not inherit them.

• If a policy setting configured for a parent OU and a policy setting configured for a child OU are compatible, the child OU inherits the parent's policy setting, and the child's policy setting is also applied.

• If a policy setting configured for a parent OU is incompatible with the same policy setting configured for a child OU, the child OU does not inherit the policy setting from the parent OU. The settings configured for the child OU are applied.

Related Tutorials