6.7.3 Group Policy Inheritance
Group Policy inheritance refers to the order in which Windows Server 2003 applies GPOs. This order
determines which settings ultimately affect users and computers.
You can modify Group Policy inheritance and control how Group Policy settings are applied to specific
computers and users. This allows you to block, force, or filter the inheritance of Group Policy settings. You
can thus prevent a child container from inheriting any GPOs from parent containers by enabling Block
Policy Inheritance on the child container. However, you cannot choose which GPOs are blocked as Block
Inheritance affects all GPOs from all parent containers.
If a link is configured with the No Override setting then Block Policy Inheritance cannot stop the
inheritance of a GPO linked to a parent container as the No Override setting takes precedence over the Block
Policy Inheritance setting. The No Override setting causes all Group Policy settings to apply, even if they
conflict with settings in a GPO that is linked to a child container.
You can also modify Group Policy inheritance by using filtering. This allows you to prevent a GPO and its
settings from applying to specific computers, users, and security groups in a container. This method is
preferred over Block Policy Inheritance and No Override. For Group Policy to apply to a user or computer
account, the account must have Allow Read and Allow Apply Group Policy permissions for the GPO.