GPO enforce policies

Normally GPOs are process in the link order (see GPO processing order and precedence) and if Block inheritance is enabled high up GPOs are not processedĀ  but when a GPO is set to Enforced then it cannot be blocked and is always processed.

To set a GPO to Enforced, right click it and select EnforcedĀ  or run following powershell:
Set-GPLink -Name WSUS -Target “dc=company,dc=local” -Enfored Yes

When an GPO is set to enforce, it is not blocked by the “Block inheritance” as well as it’s settings take precedence over the link order. In the below image the GPO WSUS has had Enforced set, and in Group Policy Inheritance tab is at the top of the list meaning that it’s setting will take precedance.

Leave a Reply