Is it possible to enforce local GPO over the domain?
I want to enforce local GPO settings on specific servers so that the domain GPO does not overwrite them. These systems were hardened specifically, but due to way too many issues to list, we cannot change the OU they are in, and cannot change the domain GPO at this time.
Is there any way to ensure that the changes made to the local GPO are not overwritten?
Yes, you can set the policies in a Domain GPO and make it enforced. Then use GPO masking - add all the servers in question to a group & only allow that group read access to the new GPO.
This assumes they are all Computer settings, if you need User settings to get applied you may want to look at using a loopback.