I needed a refresher for how group policies are actually applied to a computer or user. I decided to add this to my personal KB and share it here.
- GPOs linked at the OU in link order.
- GPOs linked to the Domain in link order.
- GPOs linked to the Site in link order.
- Local Group Policy on the machine.
Multiple GPOs are processed in link order, 1 having the highest precedence. The link order for an OU can be found on the Linked Group Policy Objects tab in Group Policy Management.
Policy Inheritance can be a tricky thing.
- Child OUs inherit GPOs from the parent OUs above it, unless the child OU is set to Block Inheritance.
- GPOs from the domain or parent OUs can be Enforced to ensure they apply to all child OUs even if the child has blocked inheritance.
This can be views on the Group Policy Inheritance tab in Group Policy Management.
How policies are actually applied
- Local GPO is applied.
- GPOs linked to the site is applied.
- GPOs linked at the domain is applied.
- OU GPOs applied starting at the parent and working down thru the child OUs.