Share via

Group Policy Precedence

Anonymous
2023-09-29T09:48:03+00:00

Hi All,

I am just about to deploy a GPO which is responsible for administering Security Hardening settings for legacy servers.

Currently in the OU where the new GPO is applied we already have a security Hardening GPO and have been told that is should not be amended. I have noticed that at least one of the policies in our new GPO is different to the current one applied. I have been told that our GPO should prevail. For example the settings for Account Policies/Password Policy is set to 60 days on current and 30 days on the new GPO.

My question is how do I apply the new GPO to take precedence over the current GPO applied to that OU.

Any help or guidance would be greatly appreciated.

Also is there a way of testing this using the GPO Policy Modeling?

Regards.

Windows Server Identity and access Deploy group policy objects

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-10-05T02:58:58+00:00

    Hello czql5v,

    Thank you for posting in Microsoft Community forum.

    Q1: how do I apply the new GPO to take precedence over the current GPO applied to that OU.

    A1: You can try to adjust the order of the linked GPOs to ensure that the higher priority GPOs are processed last. Select a GPO and click the up or down arrows to move it. The GPOs are processed by the client device from the highest link order number to the lowest.

    Image

    Link the GPO to the Domain - Windows Security | Microsoft Learn

    Q2: Also is there a way of testing this using the GPO Policy Modeling?
    A2: You can export gpresult to check the GPO apply result.
    For checking Computer Configuration within gpresult, we can follow steps below.

    Logon this machine using administrator account.

    Open CMD (run as Administrator).

    Type gpresult /h C:\gpo.html and click Enter.

    Open gpo.html and check gpo setting under "Computer Details".

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2023-10-05T06:47:43+00:00

    hi Daisy,

    thanks for the information.

    One more question.

    We have two security policies that need to be applied there are various policies that are identical. Both these policies have to be applied in the same OU. However, one of the policies is different for example one of the policies for password change is set to 60 the other 34 days.

    If both these policies are applied and the 60 day policy is the highest link order would that overrite the 34 day policy?

    Regards.

    0 comments
  3. Anonymous
    2023-10-06T08:27:20+00:00

    Hello czql5v,

    Thank you for your reply.

    If both these policies are applied and the 60 day policy is the highest link order would that overrite the 34 day policy?
    A: Theoretically, it should be. I suggest you can test in lab.

    Best Regards,
    Daisy Zhou

    1 person found this answer helpful.
    0 comments
  4. Anonymous
    2023-10-06T19:42:13+00:00

    Thanks for the reply Daisy I will test in lab.

    0 comments
  5. Anonymous
    2023-10-09T08:30:22+00:00

    Hello czql5v,

    No problem.

    Please share the result here if you are willing to share it. Thank you in advance.

    Or if you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments