Information Technology Reference
In-Depth Information
Controlling Inheritance and Filtering Group Policy
Controlling inheritance is an important function when you are managing GPOs. Earlier in
this chapter, you learned that, by default, GPO settings flow from higher-level Active Direc-
tory objects to lower-level ones. For example, the effective set of Group Policy settings for a
user might be based on GPOs assigned at the site level, at the domain level, and in the OU
hierarchy. In general, this is probably the behavior you would want.
In some cases, however, you might want to block Group Policy inheritance. You can
accomplish this easily by selecting the object to which a GPO has been linked. Right-click
the object and choose Block Inheritance (see Figure 6.4). By enabling this option, you are
effectively specifying that this object starts with a clean slate; that is, no other Group Policy
settings will apply to the contents of this Active Directory site, domain, or OU.
fiGure 6.4
Blocking GPO inheritance
System administrators can also force inheritance. By setting the Enforced option, they
can prevent other system administrators from making changes to default policies. You can
set the Enforced option by right-clicking the GPO and choosing the Enforced item (see
Figure 6.5).
Search WWH ::
Custom Search