SecurityNguyen
Posts Tags About Categories
SecurityNguyen

Contents

Group Policy Processing Order

Nguyen Nguyen included in Homelabs
   194 words   One minute 

Note: If you need to zoom in, you can click on the image.

Learning the Group Policy Processing order is very helpful. It will allow you to determine which policy can override the other and how each policy is layered on top of each other.

Here is the order: From strongest to weakest

  1. Organizational Unit GPOs
  2. Domain-Level GPOs
  3. Site-level GPOs
  4. Local GPOs
Let's go over what each GPOs mean.

Organizational Unit GPOs

Apply to Users & Computers in a specific OU. The Strongest.

Domain-Level GPOs

Apply to Apply to all Users, Computers, Servers, and Domain Controllers.

Site-level GPOs

Associated with Active Directory Site - Fancy way of saying “Physical Location”

Local GPOs

Local GPOs only affect the device or the account that is on the computer. Remember there a difference between Domain users and Local Users (On the computer). If you want to configure the local group policy on your own machine, you can type gpedit.msc. The weakness.

Easy way to figure out the order

One way to quickly figure out the order of the Group Policy Processing is using the “Group Policy Inheritance Tab”.

The lower the precedence number, the stronger it is.
Updated on 2023-07-24
 Windows ServerActive DirectoryGroup Policy Object
Back | Home