GPO policy settings which trumps which?

Posted on 2009-04-30
Last Modified: 2013-11-21
Hey Experts,
Quick question regarding the GPO tree.  If, for example, I have a OU tree with the following policies, which one beats out the other?

   |_domain policy
   |____Users (OU)
                    |__another domain policy

To further the example for clarification, if I set the idle time for a TS session under the "domain policy" to be 10 minutes, and then go to the "another domain policy" and I want that OU group to have a different idle time of 20 minutes, is it safe to say that the policy most closely linked to the OU will win out with the users in that group having 20 minutes?  Or will the "domain policy" trump the "another domain policy"?

I'm assuming that the "another domain policy" is the last and final policy applied after the "domain policy".  Am I correct?
Question by:andlemir
    LVL 2

    Expert Comment

    the policies will work backwards, and apply the parent unless you disable that feature then you can ignore the parent policy
    LVL 3

    Accepted Solution

    Group Policies apply from the top down.  So for example, a policy that has specific settings that is linked to the domain can be overriden by a policy linked to an OU with a different value for that specific setting.
    LVL 57

    Assisted Solution

    by:Mike Kline
    The acronym you will want to remember is LSDOU...I've also heard that term used in tech interviews
    GPOs, once created, are applied in a standard order: LSDOU, which stands for (1) Local, (2) Site, (3) Domain, (4) OU, with the later policies being superior to the earlier applied policies.

    Author Closing Comment

    Thank you experts!  I will keep the LSDOU in mind from now on.  Thanks ISW and MKL

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now