We ran into an issue recently where changes were made to a GPO policy at the wrong Organizational Unit (OU) level in the domain.  As part of reverting those changes however we discovered that the Link Enabled and Enforced options were BOTH checked.  It's been a while since we have played with a lot of these settings so I wanted to document them here so I could remember them in the future.

What is Link Enabled?

Link Enabled in its simplest form tells the system to apply the policy to the container(s) both peer and children at the current level of the tree.  If the policy is link enabled essentially it will be applied to the containers below the policy.  For instance if the Default Domain Policy is Link Enabled it gets applied to all objects within the domain.

What is Enforced?

Enforced still applies the settings to the container(s) at the peer and child level, however the difference is that the settings are ALWAYS applied!  In other words if you have two policy files at the same level in the tree an Enforce policy will override any settings in the other policy.  It is always enforced!

Hopefully this helps others as it's one of those things that if you don't work with GPO's too often you can easily forget.

-Brent