Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Active directory GPO inheritance

Posted on 2016-10-12
8
Medium Priority
?
84 Views
Last Modified: 2016-10-17
Dear All,

I have a GPO on domain level for setting default home page ,which is applied to all OU's,i want to change the default home page for some OU's, even after i apply a new GPO on the child OU the default domian level GPO i getting applied,how do i stop this and apply only the GPO which is applied on child OU.

Regards
0
Comment
Question by:Sysguys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 1000 total points
ID: 41840370
Did you change the Link Order in the OU? Otherwise the GPO on domain level will win.
0
 

Author Comment

by:Sysguys
ID: 41840374
link order means ? i didn't get you.
0
 
LVL 10

Expert Comment

by:Muhammad Mulla
ID: 41840377
You will need to check the precedence of the GPOs under the inheritance tab in GPMC if they are at the same level.

Normally GPOs apply in this order: site, domain, OU and child OU. As a result, your GPO applied at the child OU level should overwrite the settings. From what you are saying, however, it sounds like this isn't happening.

Have you tried to enforce the GPO at the child OU?

If you don't want any of the settings from the default domain GPO, you could block inheritance from GPMC.

This might give you a better idea: https://technet.microsoft.com/en-gb/library/hh147307(v=ws.10).aspx
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:Sysguys
ID: 41840381
There are lot of other GPO's that are needed which are also applied on domian level ,if i block inheritance i will not get the other policies.
0
 
LVL 10

Expert Comment

by:Muhammad Mulla
ID: 41840385
There are two ways you can go about this.

1. Block inheritance and link all the GPOs that are required directly to the child OU. Take care of the precedence order.

2. Enforce the GPO containing your default homepage settings.

Try both methods on a test OU with a test user and see which one works better for you.
0
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 1000 total points
ID: 41840419
@Muhammad Mulla
Blocking and Enforcing is not best practice.

@Sysguys
have a look under Group Policy Inheritance:
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
0
 
LVL 43

Accepted Solution

by:
Adam Brown earned 1000 total points
ID: 41840509
Unless the GPO that is linked to the domain is configured as "Enforced", GPOs linked directly to OUs will take precedence by default. Setting a GPO to be "Enforced" causes it to take precedence on the OUs it is linked to and all child OUs. Using the Enforced setting is not a best practice because it complicates troubleshooting efforts. Right click the GPO that is linked to the Domain and make sure the Enforced option doesn't have a Checkmark next to it. If it does, click on it to remove the checkmark so it isn't enforced anymore. Once you do that, your GPOs linked to the child OUs you want should then take precedence. Enforced GPOs will *always* win when the settings in other GPOs are different. You can't keep this from happening by changing link order in GPMC, so make sure that Domain level GPO setting the home page isn't enforced.
1
 

Author Closing Comment

by:Sysguys
ID: 41846844
thanks for helping i blocked inheritance and applied all the required GPO's except the home page and create a new GPO for the home page
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question