Re: Group Policies
From: Steven L Umbach (n9rou_at_no-spam.ameritech.net)
Date: 04/30/04
- Next message: pacho baratta: "SAM and objectSID"
- Previous message: Tim: "Re: some small problems"
- In reply to: Skip: "Group Policies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Apr 2004 06:17:50 -0500
Domain Controller Security Policy is just for objects [domain controllers]
in the domain controller container which is essentially an OU though not
called one. Domain Security Policy is the default policy that will apply to
all machines in the domain other than those that have an overriding defined
setting at the OU level. Keep in mind that policy is applied in this order
local>site>domain>OU.
Any setting defined in the domain controller cotainer will override domain
settings which is why you are the setting you define at the domain level
will not allow the user to logon to a dc since Domain Controller Security
Policy has user rights defined.
There are a couple of notable exceptions in that domain password/account
policy for domain users can only be defined at the domain level and the user
right for add workstations to the domain will only be effective at the
domain controller container level. -- Steve
"Skip" <efl713@hotmail.com> wrote in message
news:639701c42e5f$47ec5d20$a601280a@phx.gbl...
> Can someone please tell me the difference between "Domain
> Controller Security Policies" and "Domain Security
> Policies". Also, why do I have to give a user
> permissions to log on locally with both the "Local
> Security Policy" and the "Domain Security Policy" before
> a user can logon to the domain controller? Doesn't the
> domain policy override the local policy?
- Next message: pacho baratta: "SAM and objectSID"
- Previous message: Tim: "Re: some small problems"
- In reply to: Skip: "Group Policies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
