none
Active directory GPO inheritance

    Question

  • Dear All,

    Dear All,

    I have a GPO on domain level for setting default home page ,which is applied to all OU's,i want to change the default home page for some OU's, even after i apply a new GPO on the child OU the default domian level GPO i getting applied,how do i stop this and apply only the GPO which is applied on child OU.

    Regards

    Jack


    TechGUy,System Administrator.

    Wednesday, October 12, 2016 2:53 PM

Answers

All replies

  • Hi,
     
    Am 12.10.2016 um 16:53 schrieb ITSysGuy:
    > [...] how do i stop this and apply only the GPO
    > which is applied on child OU.
     
    Remove the ENFORCE from the domain level GPO.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    • Proposed as answer by Todd Heron Wednesday, October 12, 2016 3:30 PM
    • Marked as answer by ITSysGuy Sunday, October 16, 2016 11:10 AM
    Wednesday, October 12, 2016 3:16 PM
  • Hi Jack,
    Have you tried to block Inheritance? It could prevent an OU or domain from inheriting GPOs from any of its parent container. The detail steps could be followed from: http://www.tomshardware.com/faq/id-1943743/dont-child-inherit-policies-parent-windows-server-2012.html
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Bhavesh Khare Thursday, October 13, 2016 10:05 AM
    • Marked as answer by ITSysGuy Sunday, October 16, 2016 11:10 AM
    Thursday, October 13, 2016 8:07 AM
    Moderator
  • Am 13.10.2016 um 10:07 schrieb Wendy Jiang:
    > Have you tried to block Inheritance?
     
    If you block inheritance the GPO with the higher hirarchy will apply
    anyway. Thats, why the DomainPolicy always wins in his case.
     
    The DefDomPol is already linked to the domain, he linked a new one to
    this level, additionally linked GPOs will always be 2nd Place or more,
    so existing ones win.
    If both GPOs would be enforced the DefDomPol has the highest level and
    will win again. As long as the sort order is not changed.
     
    The order of the GPOs is mostly confusing, because everyone watches the
    list from top to bottom.
     
    Here is my mnemonic for this: It´s SPORT. Think of Olympic Games. Who
    will get the Gold medal? Who is the winner? The one on Place 1.
    2nd place is 1st looser.
     
    The concept is based on "last writer wins". The GPO on place 1 runs at
    last, thats, why it wins the settings, when conflicts appear.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Thursday, October 13, 2016 9:47 AM
  • Hi Mark,

    Appreciate for your explanation, and it is greatly helpful to me.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by ITSysGuy Sunday, October 16, 2016 11:10 AM
    • Unmarked as answer by ITSysGuy Sunday, October 16, 2016 11:10 AM
    Friday, October 14, 2016 6:13 AM
    Moderator
  • Am 14.10.2016 um 08:13 schrieb Wendy Jiang:
    > Appreciate for your explanation, and it is greatly helpful to me.
     
    Your welcome.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Friday, October 14, 2016 3:09 PM