Group policy precedence and inheritance in Active Directory

Applying group policies on users makes our task easier. There is the order of how these policies get applied on a user. Group policies on OU (organizational units) have more precedence than domain GPOs which have higher priority than site GPOs and Local GPOs.Policies are applied in

Policies are applied in following order:

  1.   Local GPOs
  2.   Site GPOs
  3.   Domain GPOs
  4.   OU GPOs
  5.   Enforced GPOs

When new GPO is applied, it overrides the previous one. So, the last one has highest precedence and first one has least. To make it clearer, I’ll explain it with an example.

1 . In the picture below, you can see my Group policy management console, where my site is my Forest and my domain is college.local. In my domain, I have one OU as “nocontrolpannelaccess”. and I have linked it to “nocontrolpannelacessGPO”. I have edited nocontrolpannelaccessGPO in such a way that it will prohibit users to access control panel and other GPO “controlpannelaccess” allows users to use control panel.

This GPO for the OU overrides other GPOs linked to Domain (Default Domain Policy and controlpannelaccess). Thus, the users in OU “nocontrolpannelacessGPO” will not be able to access control panel.


2. If you block inheritance on any OU, then any group policy above this OU doesn’t get applied. As you can see, the container “nocontrolpannelaccess” just has now only one policy on it.


3. If on the other hand, I enforce “controlpannelaccess” policy on domain, then no matter what policy is applied on any OU, enforced policy (controlpannelaccess) will have more precedence. So even users in “nocontrolpannelaccess” OU will now be able to access their control panel.


Upgrade Cisco Router IOS via TFTP Server

Upgrading IOS in routers is quite easy. For this, we need to install TFTP server. There are many free TFTP servers available on the internet and you can download one from   Before doing the upgrade, make sure that you either have backed up your IOS image or you have a newer one.

  • Okay, now first things first. Disable other networks and set up a static IP address on your computer on which TFTP server is installed. I am giving my computer a static IP address of with subnet mask
  • Open your TFTP server, browse it to the folder where your IOS image is kept.


  • Now, open your hyper terminal. Before upgrading the IOS, make sure that you have deleted the older one by typing the command:
    Router# delete flash:


It will then ask you for the file name, type  correctly the name of your file. You can look for the file name with command “show version”.

  • Now type in the following commands in rommon mode: (make sure you connected a cable to your g0/0 port of your router.)






Type ‘yes’ when it asks if you want to continue and then type reset to restart.

So  you just upgraded your IOS. Enjoy!