Limited access filters and enforcement order

When multiple group policies apply to a user, the Use more restrictive blocking setting (see Enforcement order) determines which one is used to respond to the user's requests. By default, this setting is off.

When Use more restrictive blocking is OFF:

If the Block All category filter and a limited access filter could apply, the limited access filter is always considered less restrictive.

When Use more restrictive blocking is ON, a limited access filter is considered more restrictive than any category filter except Block All.

The table below summarizes how the Use more restrictive blocking setting affects policy enforcement when multiple policies could apply:


	Use more restrictive blocking OFF	Use more restrictive blocking ON
limited access filter + Block All category filter	limited access filter (request permitted)	Block All (request blocked)
limited access filter + permitted category	category filter (request permitted)	limited access filter (request permitted)
limited access filter + blocked category	category filter (request blocked)	limited access filter (request permitted)
limited access filter + Quota/Confirm category	category filter (request limited by quota/confirm)	limited access filter (request permitted)