Skip to main content

Group Policy Inheritance and Override Behavior

Jeff Reed
Updated

Overview

The behavior of override versus inheritance is a bit tricky in CentreStack's Group Policy. Per-tenant policy may override the Default Group Policy, but the Default Group Policy can be used to enforce inheritance for all tenants. Whichever individual policy setting is modified last, wins. This article attempts to demonstrate the behavior of inheritance and override in Group Policy.

Details

Consider this chain of events:

  1. There are two tenants in the self-hosted CentreStack cluster named Default Tenant and Client One.
  2. The Default Group Policy > Retention Policy > Keep last n version(s) of files in versioned folder is left at 0 (which means "let the system decide")mceclip0.png
  3. In the per-tenant Default Tenant > Tenant Dashboard > Group Policy > Retention Policy > Keep last n version(s) of files in versioned folder is set to 10. In the same page, the Keep deleted files in versioned folder and/or Trash Can for n day(s) is set to 120 days. These settings now override the Default Group Policy. Also note that the Group Policies in the Default Tenant are distinct from the Default Group Policies.mceclip1.png
  4. In the per-tenant Client One > Tenant Dashboard > Group Policy > Retention Policy > Keep last n version(s) of files in versioned folder is set to 5. In the same page, the Keep deleted files in versioned folder and/or Trash Can for n day(s) is set to 60 days. This also overrides the Default Group Policy for the same settings as were set in the Default Tenant and with different values than the Default Tenant.mceclip2.png
  5. The Default Group Policy > Retention Policy > Keep last n version(s) of files in versioned folder is set to 20 and only this setting is changed. This essentially overrides the "Keep last n version(s) of files in versioned folder" in all tenants. mceclip3.png
  6. If this setting was examined in each tenant you would find that the value had changed to match the Default Group Policy. However, because this was the only setting that was altered in the Default Group Policy you would find that the Keep deleted files in versioned folder and/or Trash Can for n day(s) had not been altered in either tenant:
    mceclip4.pngmceclip5.png

Notice that there is no visual indication which settings are default, inherited, or overridden. Due to this behavior it is recommended to manage most policies at the tenant level unless you can be sure that a setting is required for all tenants, in which case it can be set in the Default Group Policy enforcing inheritance on all tenants.

Related articles

Comments

1 comment

Date Votes
  • Ali Raza

    Logo pens Consider this chain of events:

    1. There are two tenants in the self-hosted CentreStack cluster named Default Tenant and Client One.
    2. The Default Group Policy > Retention Policy > Keep last n version(s) of files in versioned folder is left at 0 (which means "let the system decide")
    0

Please sign in to leave a comment.