In this lesson, we will explain Group Policy Precedence.

Now, precedence means the order or the way things are done. With Group Policy there’s a specific order in which GPO or Group Policy settings are applied. It is important to understand this since from time to time you’ll have multiple GPOs trying to configure the same setting and you need to understand the precedence in order to understand which settings will be applied and which settings will be ignored.

Now, the order in which GPO runs is the following: 

Now we have to consider Computer vs. User. Within a GPO you have a Computer and a User configuration. The Computer Configuration applies first and the configuration of a User applies second. The settings applied last will win.

The Computer configuration is the least important and the User configuration is the most important.

Now let’s take a Wallpaper scenario. Let’s say we have 5 GPOs that are configuring the same Wallpaper settings with different images. Which GPO will win?

Let’s remember the LSDOE acronym (Local, Site, Domain, OU, Enforced).

1. LOCAL

In this scenario, the Local is applied since nothing else is configured.

2. SITE

In a Site scenario, Site Policy takes precedence over Local Policy so the last one will win. 

3. DOMAIN

In a Domain scenario, the Domain Policy takes precedence over Site and Local policies.

4. OU

In an OU scenario, the OU Policy will overwrite the Domain, Site, and Local policies.

5. SUB OU

In a Sub OU scenario when assigning a policy at this level it will take precedence and overwrite all previous ones.

Enforced

In an Enforced scenario when we apply for example to the Domain policy itflee.com at the Domain level, since it is the last item on LSODE, Enforced will take precedence over all the other GPOs.

Blocked Inheritance

This is a term that is used when it comes to OUs. An OU can block its inheritance which means only GPOs inside that OU will apply except for enforced GPOs that are above the OU. To block inheritance you just right-click on the OU and choose Block Inheritance.

Now let’s see another example.

We have the following GPOs. In this particular scenario, we have a Sub OU policy pauliscool.jpg and the last will win.

Now, let’s say we blocked inheritance.

When blocking inheritance with a blue exclamation mark, then just the pauliscool.jpg is applied to the Administrators OU.

Now, what if we enforced the GP itflee.jpg. The icon will change to a GP with a lock icon meaning the GP is enforced. Here itflee.jpg will take precedence because it is enforced.

In conclusion, remember the last GPO to be applied wins and  LSDOE acronym (Local, Site, Domain, OU, Enforced).

Now you understand Group Policy precedence.

Server Academy Members Only

Want to access this lesson? Just sign up for a free Server Academy account and you'll be on your way. Already have an account? Click the Sign Up Free button to get started..

Sign In Sign Up Free