[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 756
  • Last Modified:

Enforced GPO

We have an enforced site level group policy and we trying to over ride one perticular settings in this enforced site policy with an enforced OU level GPO and it doesn't work.

As per the order Child OU level policy should have precedence over site level policy since both are enfoced. But in our case always the enforced site level policy wins over enforced child ou level policy. Do any one knows how is the order of enforced policies ...
0
Hemachandran
Asked:
Hemachandran
  • 3
  • 3
1 Solution
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Enforced policies higher up the OU structure take effect over lower OU policies.

You should rarely use enforce though
0
 
jrhelgesonCommented:
What does it show when you run Group Policy Modeling, or Group Policy Results?

Within the Group policy console, if you click on Group Policy Modeling, you can select the individual user, or container, and the individual computer, and container, and have it run the tests.

Then you can see which policies are being applied, and which policies are winning, and which are being denied.

Make sure that you are not trying to apply user settings to a computer container, or computer settings to a user... while that works when trying to apply settings to a higher level object (say Default Domain Policy) that has within its containers both users and computers - if you are trying to target GPO settings, you must be specific.

You can also "Block Inheritance" on that container, to see if your policies will then take effect.

Regards,
Joel
0
 
HemachandranAuthor Commented:
Hi Jmoody10,

So the Enforced policy doesn't work the same order Site->Domain->Ou->Child OU. I couldnt find any document on how it works when we have a site enforced policy and a ou enforced policy. But in practical we have seen site enforced policy taking presedence over ou while in non enforced policies it would be other way.

We are trying our best to limit enfoced policy  this is only for a test in whihc we have to over ride the Site level enforced policy on a specific ou. On the site level we have enfoced the policy to avoid getting some policies from our remote head office related to SUS.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Joseph MoodyBlogger and wearer of all hats.Commented:
You are right. Enforced policies work the opposite way of a normal RSOP. The reason is to have some settings that can' be overwritten by lower level administrators.
0
 
HemachandranAuthor Commented:
do you have any MS link on the same, That's what i see in our case but just to make sure...
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
0
 
HemachandranAuthor Commented:
May be I am not reading it properly, but I cannot see any where MS celarly explained this scenario in the document. Any way I can see few other had the same experience so its an expected behaviour thanks for the answers.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now