Hi, need some clarity on group policy. So far, what I've gathered:
1. Things defined in DOMAIN SECURITY POLICY take precedence over any GPOs defined at the OU level. You cannot block any settings defined in DOMAIN SECURITY POLICY
2. OU policy will take precedence over anything defined in DEFAULT DOMAIN POLICY
Now my question:
If you leave a setting undefined at the OU level. But have it defined in the DEFAULT DOMAIN POLICY, which will take precedence?
It seems to me that it is easier to just remove the DEFAULT DOMAIN POLICY ,and add policy to specific GPOs instead. Less troubleshooting.