Block policy inheritance
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To block policy inheritance
To block policy inheritance in a domain or organizational unit, open Active Directory Users and Computers.
In the console tree, right-click the domain, or organizational unit in which you want to block Group Policy inheritance, and then click Properties.
Click the Group Policy tab, select the Block Policy inheritance check box, and then click OK. This option is recommended, and it is selected by default.
To complete this procedure, you must be logged on as a member of the Domain Administrators security group, the Enterprise Administrators security group, or the Group Policy Creator Owners security group.
To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
The Block Policy inheritance option blocks Group Policy objects that apply higher in the Active Directory hierarchy of domains, and organizational units. It does not block Group Policy objects if they have No Override enabled.
The Block Policy inheritance option is set only on domains, and organizational units, but not on individual Group Policy objects.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.