no override and block inheritance

  • Thread starter Thread starter Jay
  • Start date Start date
J

Jay

ok..im reading about this options,but not sure what there meaning
containers, is that OU's..... and when they say parent containers...can
someone put this in better terms

jay
 
OU is a kind of container. It contains computers or users
or other objects. Parent container is the upper level
container containing the current object.
 
Jay, Group Policies are applied using Group Policy Objects
(GPOs). GPOs may be linked to Sites, Domains and
Organizational Units (OUs), also there is always a GPO
linked by default to every Win2k PC. When you have a PC
that belongs to an OU and you have GPOs linked at all
those levels, they are applied in this order: Local, Site,
Domain and OU (there may be several levels of OUs and
several GPOs linked to any of those levels). The first
applied policies are overriden by the policies aplied
later in the chain, so the policies contained in the GPO
linked to the OU closest to the computer (or User)
override any other policies aplied before.
Sometimes, in an environment with a distributed
administration, the top level administrators may want to
set a policy and make sure it´s no overriden down the
chain, that´s when you use "No overide".
On the other hand, if there is a particular OU with it´s
own GPO, and you don´t want the policies on this OU to
be "contaminated" with higher level policies, you use
Block Policy Inheritance to make sure that only the GPOs
at this level (or downwards) are applied to the computers
(or users) Be aware though, that No Override takes
precedence over Block policy Inheritance.

Hope this helps,
Robert

Roberto Ruiz
Brainbench MVP for WinNT Workstation
http://www.brainbench.com
 
Jay, Group Policies are applied using Group Policy Objects
(GPOs). GPOs may be linked to Sites, Domains and
Organizational Units (OUs), also there is always a GPO
linked by default to every Win2k PC. When you have a PC
that belongs to an OU and you have GPOs linked at all
those levels, they are applied in this order: Local, Site,
Domain and OU (there may be several levels of OUs and
several GPOs linked to any of those levels). The first
applied policies are overriden by the policies aplied
later in the chain, so the policies contained in the GPO
linked to the OU closest to the computer (or User)
override any other policies aplied before.
Sometimes, in an environment with a distributed
administration, the top level administrators may want to
set a policy and make sure it´s no overriden down the
chain, that´s when you use "No overide".
On the other hand, if there is a particular OU with it´s
own GPO, and you don´t want the policies on this OU to
be "contaminated" with higher level policies, you use
Block Policy Inheritance to make sure that only the GPOs
at this level (or downwards) are applied to the computers
(or users) Be aware though, that No Override takes
precedence over Block policy Inheritance.

Hope this helps,
Robert

Roberto Ruiz
Brainbench MVP for WinNT Workstation
http://www.brainbench.com
 
Back
Top