Re: GPO's and Security
From: Buz [MSFT] (buzb_at_online.microsoft.com)
Date: 12/29/03
- Next message: Buz [MSFT]: "Re: Help logining in old computer"
- Previous message: Buz [MSFT]: "Re: group policy does not effect"
- In reply to: ExAdmin: "GPO's and Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Dec 2003 16:09:34 -0500
The first question seemed pretty open ended so here is a bunch of Group
Policy info that you may find helpful.
As far as your second question goes:
> What accounts need local admin rights to modify the registry remotely
> through administrative templates?
This is done by the local system account when the computer applies the
security template.
221930 Domain Security Policy in Windows 2000
http://support.microsoft.com/?id=221930
823862 User Policies Are Not Applied When You Log On to a Computer That Is
http://support.microsoft.com/?id=823862
302104 The Logon Script Does Not Run During the Initial Logon Process
http://support.microsoft.com/?id=302104
250842 Troubleshooting Group Policy Application Problems
http://support.microsoft.com/?id=250842
247811 How Domain Controllers Are Located in Windows
http://support.microsoft.com/?id=247811
315418 HOW TO: Optimize Group Policy for Logon Performance in Windows 2000
http://support.microsoft.com/?id=315418
308194 HOW TO: How to Create Organizational Units in a Windows 2000 Domain
http://support.microsoft.com/?id=308194
220019 HOW TO: Set User Rights in Windows 2000
http://support.microsoft.com/?id=220019
307882 HOW TO: Use the Group Policy Editor to Manage Local Computer Policy
in
http://support.microsoft.com/?id=307882
320187 HOW TO: Manage Computer Accounts in Active Directory in Windows 2000
http://support.microsoft.com/?id=320187
322176 HOW TO: Administer GPO Properties in Windows 2000
http://support.microsoft.com/?id=322176
227448 Using Secedit.exe to Force Group Policy to Be Applied Again
http://support.microsoft.com/?id=227448
The interval at which a group policy is refreshed is defined by a refresh
interval value and an offset interval value. The refresh interval is an
amount of time between 0 (zero) and 64800 minutes (45 days), which is used
to determine when the group policy should be applied next. By default, if
the administrator does not modify the default setting, Windows 2000-based
computers use 90-minute intervals. For domain controllers, the default is 5
minutes. This default for domain controllers is used because when a change
to domain policy or rights is made, this reduces the latency in applying the
change to domain controllers as replication occurs. If 0 (zero) is specified
for the refresh interval, the refresh occurs in 7-second intervals.
How to Modify the Default Group Policy Refresh Interval:
http://support.microsoft.com/default.aspx?scid=kb;it;203607
Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
"ExAdmin" <iamspam@abuse.net> wrote in message
news:%23JmukxOwDHA.2540@TK2MSFTNGP10.phx.gbl...
> Are there any good low-level documents out there as far as how GPO's are
> applied?
>
> What accounts need local admin rights to modify the registry remotely
> through administrative templates?
>
> I'm focusing on security aspects & GPO administration.
>
> Thanks,
> Daniel
>
>
- Next message: Buz [MSFT]: "Re: Help logining in old computer"
- Previous message: Buz [MSFT]: "Re: group policy does not effect"
- In reply to: ExAdmin: "GPO's and Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
