Re: local vs domain security policy settings

From: JK[MS] (
Date: 05/23/02

From: "JK[MS]" <>
Date: Thu, 23 May 2002 13:34:53 -0700

If your local policies do not conflict with the domain policy then you
should be ok. You can just set the local policy setting to audit and leave
the domain policy setting undefined.
However if you want to set the domain policy setting explicitly such that it
is set to not audit and you want the audit turned on in just one machine
then you should put the machine in a different OU and set policy at the OU

[This posting is provided "AS IS" with no warranties, and confers no
"tin can" <> wrote in message
> Is there anyway to get the local security policy to supercede the
> domain security policy ?
> I have a sensitive app server that can only be logged on to by support
> staff at the server console itself, and I want to record who and when
> someone logs in and/or out at the server,  but I don't want to set the
> security policy for the entire domain to capture all logon/logoff
> events (to much info).