You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.
To block inheritance |
-
In the Group Policy Management Console (GPMC) console tree, double-click the forest containing the domain or organizational unit (OU) for which you want to block inheritance for GPO links, and then do one of the following:
- To block inheritance of the GPO links of an
entire domain, double-click Domains, and then right-click
the domain.
- To block inheritance for an OU, double-click
Domains, double-click the domain containing the OU, and then
right-click the OU.
- To block inheritance of the GPO links of an
entire domain, double-click Domains, and then right-click
the domain.
-
Click Block Inheritance.
Additional considerations
- To complete this procedure, you must have
Link GPOs permission for the domain or OU.
- If a domain or OU is set to block
inheritance, it will appear with a blue exclamation mark in the
console tree.
- GPO links that are enforced cannot be blocked
from the parent container.