RE: Domain vs. Local security policy

• Previous message: Moser, Scott: "RE: GPO for one machine"
• Maybe in reply to: Brad Renfro: "Domain vs. Local security policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 10 Sep 2003 16:54:32 +0100
To: <focus-ms@securityfocus.com>

the only problem with that scenario is that if you wanted to change the policies of the local machines without affecting other PCs on the network, or having to stick them into a separate OU.
 
But i suppose you could change the policies on one of the machines and the write a script that copies the
%windir%\system32\GroupPolicy folder from the fixed machine to all other machines you would like changed...

        -----Original Message-----
        From: Streeter, Joseph (WI) [mailto:Joseph.Streeter@wi.ngb.army.mil]
        Sent: Tue 9/9/2003 7:36 PM
        To: 'focus-ms@securityfocus.com'
        Cc:
        Subject: RE: Domain vs. Local security policy
        
        

        It might be best to have the local GPO good and tight. That way there are
        fewer polices that have to be applied across the network at start up and
        logon. It's also the only policy to apply to local accounts on that machine.
        
        
        If you want to back off any of the local policies you can override them with
        the Domain or OU polcy.
        
        -----Original Message-----
        From: simonis [mailto:simonis@myself.com]
        Sent: Monday, September 08, 2003 1:26 PM
        To: Brad Renfro
        Cc: focus-ms@securityfocus.com
        Subject: Re: Domain vs. Local security policy
        
        Brad Renfro wrote:
>
> What is the residual risk of applying fairly strict domain wide security
> policies on a LAN but leaving local security policy pretty much the
        default?
>
        
        
        As far as I understand it, this would allow someone to remove the box
        from the domain and operate under the looser local policy. A larger
        question is of what benefit it is to you?
        
        -Ds
        
        ---------------------------------------------------------------------------
        KaVaDo provides the first and only integrated Web application scanner and
        firewall security suite that prevent Web applications attacks, the most
        common form of online exploitation. Download a FREE whitepaper on Security
        Policy Automation for Web Applications.
        http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
        ---------------------------------------------------------------------------
        
        ---------------------------------------------------------------------------
        KaVaDo provides the first and only integrated Web application scanner and
        firewall security suite that prevent Web applications attacks, the most
        common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
        http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
        ---------------------------------------------------------------------------
        
        

• Previous message: Moser, Scott: "RE: GPO for one machine"
• Maybe in reply to: Brad Renfro: "Domain vs. Local security policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]