Group Policy: No Override Vs Block Policy Inheritance

No Override can be set on a particular Group Policy Object (GPO) to ensure the GPO is not overridden by a GPO applied later in the group policy application order.

Block Policy Inheritance can be used to block higher level group policies from being applied to a particular OU.

If No Override and Block Policy Inheritance are both used, No Override takes precedence. Let's look at an example:
  • GPO1 - Set IE Homepage to - Linked to Domain - No Override is set
  • GPO2 - Set Desktop Wallpaper to bliss.jpg - Linked to Domain
  • Finance OU - Block Policy Inheritance
  • GPO3 - Set IE Homepage - Linked to Finance OU
  • GPO4 - Set Desktop Wallpaper to autumn.jpg - Linked to Finance OU
Client computers in the Finance OU would have their homepage set to and their wallpaper set to autumn.jpg.
No Override defeats Block Policy Inheritance in an epic battle and is set as the IE homepage.
Block Policy Inhertiance returns (X Men 3 style) and blocks GPO 2. GPO 4 sets the desktop wallaper to autumn.jpg

Popular posts from this blog

Get local computer UUID/GUID using Windows Powershell

gPLink and gPOptions

PSLoggedOn Getting Started on Windows Server 2008 R2