Blocking inheritance in GPO is worthless if the GPO links are not enforced.
Block Policy Inheritance
GPO Filtering
GPO Inheritance
GPO inheritance
GPO inheritance
c ZXvA
The object link links the GPO and the enforced GPO.
Local GPO
Local GPO
Overrides the assignment of child GPO's.
According to the H&R Block web site the Federal Gov. has no inheritance tax.
Microsoft released the Group Policy Management Console (GPMC) years ago, which is an amazing innovation in Group Policy management. The tool provides control over Group Policy in the following manner: * Easy administration of all GPOs across the entire Active Directory Forest * View of all GPOs in one single list * Reporting of GPO settings, security, filters, delegation, etc. * Control of GPO inheritance with Block Inheritance, Enforce, and Security Filtering * Delegation model * Backup and restore of GPOs * Migration of GPOs across different domains and forests With all of these benefits, there are still negatives in using the GPMC alone. Granted, the GPMC is needed and should be used by everyone for what it is ideal for. However, it does fall a bit short when you want to protect the GPOs from the following: * Role based delegation of GPO management * Being edited in production, potentially causing damage to desktops and servers * Forgetting to back up a GPO after it has been modified * Change management of each modification to every GPO