A user or a computer in an OU can have multiple GPOs applied to it. For example, Local Group Policy, GPOs linked to the site, GPOs linked to the domain and GPOs linked to the OU. Also, multiple GPOs can be linked to any of these containers. The following is the order in which the Group Policy settings take effect.
The final configuration of policy settings applied to a user or computer is a combination of all the policy settings defined in each GPO. In case of any conflicts, the policy settings configured for the GPO with a higher precedence override the GPO with lower precedence. However, this behavior can be altered using the block inheritance option.
To block inheritance and apply only the policy settings configured in GPOs linked to a particular OU, right-click the OU and select Block Inheritance. This will block all the policy settings from GPOs linked at the domain level, site level and parent OUs.
GPOs can be enforced so that the GPOs linked to a higher level container like domain or a parent OU takes precedence over the GPOs linked to a lower level container. To enforce a GPO, select the GPO liked to a container. Right-click that GPO and select Enforced.
GPOs that are enforced will be applied to a lower level container even when the ‘Block Inheritance’ option is enabled for that container.
By default, both Computer Configuration and User Configuration policy settings of a GPO are enabled and applied to all users and computers present in the container in which the GPO is linked. But, situations may arise in which the GPO has to be disabled for a particular period of time. To disable a GPO, follow these steps: