Is it possible to enforce local GPO over the domain?

group-policy

I want to enforce local GPO settings on specific servers so that the domain GPO does not overwrite them. These systems were hardened specifically, but due to way too many issues to list, we cannot change the OU they are in, and cannot change the domain GPO at this time.

Is there any way to ensure that the changes made to the local GPO are not overwritten?


Yes, you can set the policies in a Domain GPO and make it enforced. Then use GPO masking - add all the servers in question to a group & only allow that group read access to the new GPO.

This assumes they are all Computer settings, if you need User settings to get applied you may want to look at using a loopback.

Related

How to test which version of TLS my .NET client is using?
Git add a worktree from existing remote branch
How to Log Full Stack Trace with Winston 3?
Spread vs MPI vs zeromq?
Why is ++i considered an l-value, but i++ is not?
What's better, ANTLR or JavaCC? [closed]
reinterpret_cast cast cost
Cannot compile solution in VS due "Attempted to access an unloaded AppDomain" -- how to pin it down?
PropertyInfo : is the property an indexer?
CSS3 Box Shadow on Top, Left, and Right Only
I have got this warning: non-varargs call of varargs method with inexact argument type for last parameter;
Getting keys from a Lookup