Policy Inheritance

Policy precedence follows the Group Policy model. Group policy is applied hierarchically from the least restrictive object (site) to the most restrictive object (OU). For more information about Active Directory and Group Policy, see chapters under the "Active Directory" and "Desktop Configuration Management" parts in the Windows 2000 Distributed Systems Guide.

Things to keep in mind when assigning an IPSec policy:

• IPSec policies assigned to domain policy override any local IPSec policy when that computer account is a domain member.
• Precedence of Group Policy. An IPSec policy assigned to an OU overrides domain IPSec policy for that computer account. IPSec policy assigned to a child OU might override the IPSec policy assigned at the parent OU, depending on how Group Policy security permissions are configured.

© 1985-2000 Microsoft Corporation. All rights reserved.