The difference between GPOs and GPO links

We have already inferred this information based on other items that we have talked about, but it is critically important to understand the difference between GPOs and GPO links. GPOs are the objects stored inside Active Directory that contain all of the settings that you want to apply. By themselves, GPOs do nothing at all. They are simply objects sitting around inside the Group Policy Objects folder inside GPMC. You could spend years creating 1,000 different GPOs and still never have a single one of them applying to anything in your environment.

GPO links are where the rubber meets the road. You link GPOs to places inside Active Directory. Sometimes GPOs get linked to a site, and that GPO setting is then applied to everything inside that site. More commonly, GPOs might be linked to a domain, in which case it filters down from that level, again creating a pretty wide path as it spreads that setting around. Most often, GPOs are linked to individual OUs. This provides very minute and focused attention of the GPO settings only to those machines and users to which you desire them to be applied. One GPO can be linked to numerous places, and a single OU could also have many different GPOs linked to it. Each link is unique and treated individually when Group Policy processes.