Should I link GPOs to the domain level if I have OUs that block inheritance?
Although an OU using Block Inheritance can prevent higher level GPOs from applying settings to the user or computer accounts it contains, if cannot stop an Enforced GPO. If you dont want to stop the flow of a domain level GPO, the GPO should be enforced. Jeremy discusses Block Inheritance and Enforcement in Chapter 2 of his book.
The GPanswers.com forum is closed now (thanks, spammers!)
But we encourage you to join us at LinkedIn in the “GPO Stuff” group.
Jeremy is regular there, and there is a reasonable system to prevent junk posts.
In all, we think it’s the right place to go for Group Policy-specific questions.
It’s a private group, but just JOIN it, and the owner should approve your request.
See you there !
-Jeremy Moskowitz, Group Policy MVP