Skip to content

How to Enforce Group Policy Inheritance in Windows Server 2003?

By Codrut Nistor

Posted in How-to, Windows-server-2003

Whenever a group policy is applied on any object in Windows server 2003 active directory domain environment it is by default also applied on all the downline or sub objects of that object. For example if a group policy is applied on the entire domain it will be inherited by all the objects that are part of that domain. Another example can be that if a group policy is applied on an organizational unit then all sub organizational units will inherit the group policy configuration by default. In some cases however administrators may not want a group policy to be inherited on a particular organizational unit or any sub organizational unit and they may block the group policy inheritance which will block all the group policy settings including those which are required to be applicable on them. By enforcing group policy inheritance administrators can enforce the application of group policy settings on all the sub objects even if they are configured to block the inheritance. You can enforce group policy inheritance by following the steps given below:

  1. While logging on to the domain controller with administrator account click on Start button and from the start menu go to Administrative Tools.
  2. From the submenu click on Active Directory Users and Computers.
  3. On Active Directory Users and Computers snap-in right-click on the domain name (which is TESTDOMAIN.COM in this example) and click on Properties.
  4. In Properties box go to Group Policy tab and from Group Policy Object Links list right click on the group policy object for which you want to enforce inheritance.
  5. From the context menu click on No Override. You can verify that the inheritance is enforced with the help of check mark in front of that particular group policy object under No Override column.
  6. Click on Apply button to apply the new settings and click on Close button.
  7. Close Active Directory Users and Computers snap-in an open Command Prompt.
  8. In the command window type gpupdate /force to update the computer with new settings.
  9. Close command prompt.