Group Policy: No Override Vs Block Policy Inheritance
No Override can be set on a particular Group Policy Object (GPO) to ensure the GPO is not overridden by a GPO applied later in the group policy application order.
Block Policy Inheritance can be used to block higher level group policies from being applied to a particular OU.
If No Override and Block Policy Inheritance are both used, No Override takes precedence. Let's look at an example:
Block Policy Inheritance can be used to block higher level group policies from being applied to a particular OU.
If No Override and Block Policy Inheritance are both used, No Override takes precedence. Let's look at an example:
- GPO1 - Set IE Homepage to www.google.com - Linked to Domain - No Override is set
- GPO2 - Set Desktop Wallpaper to bliss.jpg - Linked to Domain
- Finance OU - Block Policy Inheritance
- GPO3 - Set IE Homepage www.msn.com - Linked to Finance OU
- GPO4 - Set Desktop Wallpaper to autumn.jpg - Linked to Finance OU
Client computers in the Finance OU would have their homepage set to www.google.com and their wallpaper set to autumn.jpg.
Reason:
No Override defeats Block Policy Inheritance in an epic battle and www.google.com is set as the IE homepage.
Block Policy Inhertiance returns (X Men 3 style) and blocks GPO 2. GPO 4 sets the desktop wallaper to autumn.jpg