More on GPO links

There are a few more items to understand when it comes to GPO links. You already know about the Group Policy processing order and how GPOs filter down to client computers in the order of sites, then domains, then OUs, and then nested OUs. This is important to remember any time that you are working within Group Policy. The question still remaining is: how or where do you determine when a GPO needs to apply at one of those tiers? How do you take a GPO and apply it somewhere? To a particular site, domain, or OU? The answer to this question is GPO links. You use links to associate GPOs with places inside Active Directory. Sometimes, this means that each GPO is linked to only a single location, like a very specific OU because that GPO is for a very specific purpose. Other times, you may find GPOs that need to be linked to many different places. Perhaps you have a GPO setting that you want to roll out to many of your workstations, but it's not quite appropriate to link it all the way at the top of your domain because you don't want or need everything in the domain to receive that setting. In this case, your GPO might be linked to dozens of different OUs that contain the computer accounts where you do want the GPO to apply. Linking GPOs to many different places is a very normal practice.