Group Policy Processing Order
Note: If you need to zoom in, you can click on the image.
Learning the Group Policy Processing order is very helpful. It will allow you to determine which policy can override the other and how each policy is layered on top of each other.
Here is the order: From strongest to weakest
- Organizational Unit GPOs
- Domain-Level GPOs
- Site-level GPOs
- Local GPOs
Organizational Unit GPOs
Apply to Users & Computers in a specific OU. The Strongest.
Domain-Level GPOs
Apply to Apply to all Users, Computers, Servers, and Domain Controllers.
Site-level GPOs
Associated with Active Directory Site - Fancy way of saying “Physical Location”
Local GPOs
Local GPOs only affect the device or the account that is on the computer. Remember there a difference between Domain users and Local Users (On the computer). If you want to configure the local group policy on your own machine, you can type gpedit.msc. The weakness.
Easy way to figure out the order
One way to quickly figure out the order of the Group Policy Processing is using the “Group Policy Inheritance Tab”.