Inheritance Blocking and GPO Enforcement
Methods such as Inheritance Blocking and Enforcement can change the effect of GPOs on containers.
Inheritance Blocking
You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.
Enforcement
An enforced GPO overrides inheritance blocking. Enforcement prevent a lower-level policy from overriding or superceding policy from a parent site, domain, or organizational unit.
Scenario
For example, imagine that you link a GPO to the Sales OU. And the Sales OU had 4 child OUs. If you needed to ensure that one of the child OUs did not get the GPO settings, you could use inheritance blocking. On the other hand, if you need to ensure that GPO settings are applied to all targeted users and computers, you can enforce a GPO link.
Managing inheritance blocking and enforcement is complex, especially in large environments. Therefore, you should first try to achieve your goal without inheritance blocking and enforcement.
|
No comments:
Post a Comment