A. Group
Policies can be applied at multiple levels (Sites, domains, organizational
Units) and multiple GP's for each level. Obviously it may be that some policy
settings conflict hence the application order of Site - Domain - Organization
Unit and within each layer you set order for all defined policies but you may
want to force some polices to never be overridden (No Override) and you may want
some containers to not inherit settings from a parent container (Block
Inheritance).
A good definition of each is as follows:
No Override - This prevents child containers from overriding policies set at
higher levels
Block Inheritance - Stops containers inheriting policies from parent
containers
No Override takes precedence over Block Inheritance so if a child container
has Block Inheritance set but on the parent a group policy has No Override set
then it will get applied.
Also the highest No Override takes precedence over lower No Override's set.
To block inheritance perform the following:
- Start the Active Directory Users and Computer snap-in (Start - Programs -
Administrative Tools - Active Directory Users and Computers)
- Right click on the container you wish to stop inheriting settings from its
parent and select Properties
- Select the 'Group Policy' tab
- Check the 'Block Policy inheritance' option
Click here to view image
- Click Apply then OK
To set a policy to never be overridden perform the following:
- Start the Active Directory Users and Computer snap-in (Start - Programs -
Administrative Tools - Active Directory Users and Computers)
- Right click on the container you wish to set a Group Policy to not be
overridden and select Properties
- Select the 'Group Policy' tab
- Click Options
- Check the 'No Override' option
- Click OK
- Click Apply then OK