Saturday, January 25, 2020

Windows Server - Inheritance Blocking and Enforcement

Inheritance Blocking and GPO Enforcement

Methods such as Inheritance Blocking and Enforcement can change the effect of GPOs on containers.
Inheritance Blocking
You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.
Screenshot of the Development OU and the Block Inheritance menu selection.
Enforcement
An enforced GPO overrides inheritance blocking. Enforcement prevent a lower-level policy from overriding or superceding policy from a parent site, domain, or organizational unit.
Screenshot of the Default Domain Policy and the Enforced menu selection.
Scenario
For example, imagine that you link a GPO to the Sales OU. And the Sales OU had 4 child OUs. If you needed to ensure that one of the child OUs did not get the GPO settings, you could use inheritance blocking. On the other hand, if you need to ensure that GPO settings are applied to all targeted users and computers, you can enforce a GPO link.


Managing inheritance blocking and enforcement is complex, especially in large environments. Therefore, you should first try to achieve your goal without inheritance blocking and enforcement.
The launchpad to a career in IT. This program is designed to take beginner learners to job readiness in about eight months.
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)