Hi there.
I am having trouble understanding the order of application of two GPOs, in this article https://learn.microsoft.com/it-it/archive/blogs/musings_of_a_technical_tam/group-policy-basics-part-2-understanding-which-gpos-to-apply I found different way to change the order of application of GPOs, "The simple rule to remember is that the last GPO applied will overwrite any settings applied earlier".
The request should be simple:
I have a list of sites in Control Panel/Internet Properties/Security under both Local Intranet and Trusted Sites and I need to delete all these sites and then add a new list because I have found many sites that I want to remove.
To do this, I created two GPOs, one for the deletion of existing sites and one for the addition of new lists of sites.
GPO (A) to delete existing sites:
GPO path: User Configuration>Preferences>Windows Settings>Registry
Action: Delete HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
GPO (B) to add new sites:
GPO path: User Configuration>Policies>Administrative Templates>Windows Components/Internet Explorer/Internet Control Panel/Security Page/Site to Zone Assignment List (Sites are listed here)
I have linked the two GPOs to a specific OU containing a test computer (yes, there is a third policy to enable loopback processing mode).
When I apply just one of the two GPOs, it works. However, I want to apply both GPOs together to avoid forcing the user to log on multiple times, but when I enable both policies, when the user logs on to their computer, all locations in the ZoneMapKey are deleted.
The GPOs seem to be different, one deletes a registry key while the other configures a control panel item, so I am not sure if it is the "Linked Order" in "Linked Group Policy Objects", I tried changing the order but without sueccess. Also, I do not see this as a 'more restrictive GPO' problem, as the two GPOs work in two different ways, as I wrote above.
In addition to changing the order in 'Linked Order' to 'Linked Objects of Group Policy', I tried changing where I apply the GPOs, GPO (A) linked to the domain and GPO (B) linked to the computer OU, but still it did not work.
Thanks
Marco
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)