In the Previous Post, We saw how Group Policies are Cumulative in Nature... So, If we have applied Group Policies at different levels (Local/Site/Domain/OU) and "IF" these policies are not conflicting, then all the Group Polices will take Effect...
But the question is, what will happen when different policies which "Conflicts" with each take effect, then which Group Policy will "WIN"?
Lets have a look....
We will start with applying a setting in Local Group Policy
In the Local Group Policy, We will Enable the Group Policy Setting to "Remove Run Menu from the Start Menu" which means once this policy setting in enabled, Run option should no longer be available in the Start Menu
Once Enabled, Run will no longer be available in the Start Menu
After Local Group Policy, Lets create another Group Policy to be Enabled at the Site Level
The new Group Policy is now linked at the Site Level
In this Group Policy (Which is applied at the Site Level), We will Disable the Group Policy Setting to "Remove Run Menu from the Start Menu" which means once this policy setting in Disabled, Run option will be available in the Start Menu
As stated, once disabled, Run will be available in the Start Menu... And here we are... Run is now available in the Start Menu
Now, We will create a Group Policy to be linked at the Domain Level
Linked...
In this Group Policy (Which is applied at the Domain Level), We will again Enable the Group Policy Setting to "Remove Run Menu from the Start Menu" which means once this policy setting in Enabled, Run option will no longer be available in the Start Menu
Enabled and Run is not available in the Start Menu...
The Last Test....
In this Group Policy (Which is applied at the OU Level), We will Disable the Group Policy Setting to "Remove Run Menu from the Start Menu" which means once this policy setting in Disabled, Run option will be available in the Start Menu
Linked...
Policy is Disabled and Run is now available in the Start Menu...
GPMC showing the different Level (Site/Domain/OU) at which we have applied the Group Policies
And here is the Final Results....
But the question is, what will happen when different policies which "Conflicts" with each take effect, then which Group Policy will "WIN"?
Lets have a look....
We will start with applying a setting in Local Group Policy
In the Local Group Policy, We will Enable the Group Policy Setting to "Remove Run Menu from the Start Menu" which means once this policy setting in enabled, Run option should no longer be available in the Start Menu
Once Enabled, Run will no longer be available in the Start Menu
After Local Group Policy, Lets create another Group Policy to be Enabled at the Site Level
The new Group Policy is now linked at the Site Level
In this Group Policy (Which is applied at the Site Level), We will Disable the Group Policy Setting to "Remove Run Menu from the Start Menu" which means once this policy setting in Disabled, Run option will be available in the Start Menu
As stated, once disabled, Run will be available in the Start Menu... And here we are... Run is now available in the Start Menu
Now, We will create a Group Policy to be linked at the Domain Level
Linked...
In this Group Policy (Which is applied at the Domain Level), We will again Enable the Group Policy Setting to "Remove Run Menu from the Start Menu" which means once this policy setting in Enabled, Run option will no longer be available in the Start Menu
Enabled and Run is not available in the Start Menu...
The Last Test....
In this Group Policy (Which is applied at the OU Level), We will Disable the Group Policy Setting to "Remove Run Menu from the Start Menu" which means once this policy setting in Disabled, Run option will be available in the Start Menu
Linked...
Policy is Disabled and Run is now available in the Start Menu...
GPMC showing the different Level (Site/Domain/OU) at which we have applied the Group Policies
And here is the Final Results....
So the Final Words....
Group Policies are Cumulativee in Nature... Which means, that if I apply a Group Policy Setting at the Local Group Policy Level, a "Different" Group Policy Setting at the Site Level, a "Different" Group Policy Setting at the Domain Level and then a "Different" Group Policy Setting at the OU Level, then the final Group Policies that will get applied will be "Local + Site + Domain + OU"....
The above rule is applied till the time the settings are "Different"... When same settings are changed at the different levels (As in the above case), then the Precedence will take effect
The Local Group Policies are applied first, then Site Level Group Policies, then Domain Level Group Policies and then finally the OU Level Group Policies.... In this case, in there happens to be a conflict between these, then the policy that is processed at last will take effect
So if there is a conflict between Local and Site Level Group Policy Settings, then the Site Level Group Policy will WIN... Similarly, if there is a conflict between Site Level and Domain Level Group Policy Settings, then the Domain Level Group Policy will WIN as they are Processed at last
If there is a conflict between Domain Level and OU Level Group Policy Settings, then the OU Level Group Policy will WIN as they are Processed at last
Group Policy Precedence :- LSDOU (Local / Site / Domain / OU)
