Group Policy Precedences
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
Instructions
Q&A (0)
Notes (0)
Resources (0)
Saving Progress...
Resources
There are no resources for this lesson.
Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.
In this lesson, we will explain Group Policy Precedence.
Now, precedence means the order or the way things are done. With Group Policy there’s a specific order in which GPO or Group Policy settings are applied. It is important to understand this since from time to time you’ll have multiple GPOs trying to configure the same setting and you need to understand the precedence in order to understand which settings will be applied and which settings will be ignored.
Now, the order in which GPO runs is the following:
Now we have to consider Computer vs. User. Within a GPO you have a Computer and a User configuration. The Computer Configuration applies first and the configuration of a User applies second. The settings applied last will win.
The Computer configuration is the least important and the User configuration is the most important.
Now let’s take a Wallpaper scenario. Let’s say we have 5 GPOs that are configuring the same Wallpaper settings with different images. Which GPO will win?
Let’s remember the LSDOE acronym (Local, Site, Domain, OU, Enforced).
- LOCAL
In this scenario, the Local is applied since nothing else is configured.
- SITE
In a Site scenario, Site Policy takes precedence over Local Policy so the last one will win.
- DOMAIN
In a Domain scenario, the Domain Policy takes precedence over Site and Local policies.
- OU
In an OU scenario, the OU Policy will overwrite the Domain, Site, and Local policies.
- SUB OU
In a Sub OU scenario when assigning a policy at this level it will take precedence and overwrite all previous ones.
Enforced
In an Enforced scenario when we apply for example to the Domain policy itflee.com at the Domain level, since it is the last item on LSODE, Enforced will take precedence over all the other GPOs.
Blocked Inheritance
This is a term that is used when it comes to OUs. An OU can block its inheritance which means only GPOs inside that OU will apply except for enforced GPOs that are above the OU. To block inheritance you just right-click on the OU and choose Block Inheritance.
Now let’s see another example.
We have the following GPOs. In this particular scenario, we have a Sub OU policy pauliscool.jpg and the last will win.
Now, let’s say we blocked inheritance.
When blocking inheritance with a blue exclamation mark, then just the pauliscool.jpg is applied to the Administrators OU.
Now, what if we enforced the GP itflee.jpg. The icon will change to a GP with a lock icon meaning the GP is enforced. Here itflee.jpg will take precedence because it is enforced.
In conclusion, remember the last GPO to be applied wins and LSDOE acronym (Local, Site, Domain, OU, Enforced).
Now you understand Group Policy precedence.
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.
