The administrators may want to enforce some group policy settings on to the child OUs so that if any of the child OU has blocked the group policy inheritance, the important group policies can still be enforced on to them, and the child OUs can be compelled to inherit the mandatory group policy settings whatsoever.
When group policy inheritance is enforced, the child OU on which the group policy inheritance is blocked receives the enforced group policy settings, and also the settings of any other group policy object that has been linked directly with the child OU. In case any configuration conflict occurs between the enforced group policy settings and the directly linked GPO, the group policy settings of the directly linked group policy object take precedence.
Here is what you need to do in order to stop the group policies from getting enforced on to the child OU in Windows Server 2012 Active Directory domain controller:
- Use the Enterprise Admin or Domain Admin account credentials to log on to the Windows Server 2012 Active Directory Domain Controller.
- If not already started, initialize the Server Manager window from the bottom left corner of the screen.
- On the opened Server Manager window, go to Tools from the menu bar.
- From the displayed list, go to Group Policy Management.
![]()
- On the opened Group Policy Management snap-in, from the left pane, expand Forest > Domain > <domain name>. (MYDOMAIN.COM for this demonstration.).
- From the expanded tree, locate and expand the parent OU whose child OU is still inheriting the group policy settings even after blocking the inheritance.
- From the expanded tree, right-click the Group Policy Object (GPO) whose settings are being inherited by the child OU even after the inheritance is blocked.
- From the displayed context menu, click the Enforced option to remove its check mark.
![]()
- Once this is done, close the Group Policy Management snap-in.
- Press Windows + R keys simultaneously to initialize the Run command box.
- In the available field in the opened Run command box, type the GPUPDATE /FORCE command and hit the Enter key to update the changes in the group policy settings.


