Group Policy settings are processed in the following order:
1.Local Group Policy object : Each computer has
exactly one Group Policy object that is stored locally. This processes for both
computer and user Group Policy processing.
2.Site : Any
GPOs that have been linked to the site that the computer belongs to are
processed next. Processing is in the order that is specified by the
administrator, on the Linked Group Policy Objects tab for the site in Group
Policy Management Console (GPMC). The GPO with the lowest link order is
processed last, and therefore has the highest precedence.
3.Domain: Processing
of multiple domain-linked GPOs is in the order specified by the administrator,
on the Linked Group Policy Objects tab for the domain in GPMC. The GPO with the
lowest link order is processed last, and therefore has the highest precedence.
4.Organizational
units : GPOs
that are linked to the organizational unit that is highest in the Active
Directory hierarchy are processed first, then POs that are linked to its child
organizational unit, and so on. Finally, the GPOs that are linked to the
organizational unit that contains the user or computer are processed.
At the level of
each organizational unit in the Active Directory hierarchy, one, many, or no
GPOs can be linked. If several GPOs are linked to an organizational unit, their
processing is in the order that is specified by the administrator, on the
Linked Group Policy Objects tab for the organizational unit in GPMC.
The GPO with the lowest link order is processed last, and therefore has the highest precedence.
This order means that the local GPO is processed first, and GPOs that are
linked to the organizational unit of which the computer or user is a direct
member are processed last, which overwrites settings in the earlier GPOs if
there are conflicts. (If there are no conflicts, then the earlier and later
settings are merely aggregated.)
0 Comments