Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012
You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.
To block inheritance
- In the Group Policy Management Console (GPMC) console tree, double-click the forest containing the domain or organizational unit (OU) for which you want to block inheritance for GPO links, and then do one of the following:
- To block inheritance of the GPO links of an entire domain, double-click Domains , and then right-click the domain.
- To block inheritance for an OU, double-click Domains , double-click the domain containing the OU, and then right-click the OU.
- To block inheritance of the GPO links of an entire domain, double-click Domains , and then right-click the domain.
- Click Block Inheritance .
Additional considerations
- To complete this procedure, you must have Link GPOs permission for the domain or OU.
- If a domain or OU is set to block inheritance, it will appear with a blue exclamation mark in the console tree.
- GPO links that are enforced cannot be blocked from the parent container.
No comments:
Post a Comment