Re: local vs domain security policy settings

From: JK[MS] (
Date: 05/23/02

From: "JK[MS]" <>
Date: Thu, 23 May 2002 13:34:53 -0700

If your local policies do not conflict with the domain policy then you
should be ok. You can just set the local policy setting to audit and leave
the domain policy setting undefined.
However if you want to set the domain policy setting explicitly such that it
is set to not audit and you want the audit turned on in just one machine
then you should put the machine in a different OU and set policy at the OU

[This posting is provided "AS IS" with no warranties, and confers no
"tin can" <> wrote in message
> Is there anyway to get the local security policy to supercede the
> domain security policy ?
> I have a sensitive app server that can only be logged on to by support
> staff at the server console itself, and I want to record who and when
> someone logs in and/or out at the server,  but I don't want to set the
> security policy for the entire domain to capture all logon/logoff
> events (to much info).

Relevant Pages

  • RE: Auditing Workstation logons from DC
    ... You have already configured Domain Security Settings for Audit account ... the both Default Domain Controllers Policy and Default Domain Security ... GPO may be overriding the audit policy setting that you configured. ...
  • Re: Audit Deleting of files
    ... To configure an audit policy setting for a domain controller, ...
  • Re: How do I log Failed Logon attempts
    ... You can configure auditing of account logon events using Group Policy. ... Click the Group Policy tab, click Default Domain Controller Policy, ... double-click Audit Policy. ... setting take effect only when the policy setting is propagated or applied to ...
  • Re: Audit Deleting of files
    ... you can't just do an audit on the machine. ... >audit policy for your domain: ... >then click Security. ... >setting take effect only when the policy setting is ...
    ... What exactly do you mean with "the policy file only appear in the primary DC"? ... domain policy are applied, that's by design. ... GPO: Default Domain Policy ... Computer Setting: 3 ...