Re: Domain Security Policy
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Mon, 5 Jun 2006 08:49:21 -0700
AD Users and Computers (dsa.msc) is a user interface to manage some
aspects of some AD objects. It has a way to get at the GPOs (group
policy objects). If you intstall (and you should if you are using XP or
W2k3 to run dsa.msc) the GPMC and then access to GPOs in dsa.msc
is changed, with the GPMC being the newer, better way.
see www.microsoft.com/gp
and along with all the other infro look for link to download GPMC
(Group Policy Management Console).
Now, briefly, your other question deal with the difference between
the two pre-defined GPOs, Default Domain and Default Domain
Controller GPOs. The first is applied to the entire domain, the second
is only linked to the Domain Controllers OU and hence only applies to
objects within that OU. As such, the DD GPO impacts all that is subject
to an applied policy defined within it, whereas the DDC GPO only applies
additional settings, beyond those of the DD GPO, to objects in the DC OU
(i.e. the DCs in a default domain setup).
There is much reading at the link provided above, and based on the
questions you have asked I would strongly encourage you to CHANGE
NOTHING in the GPOs until you have done some study.
"George Schneider" <georgedschneider@xxxxxxxxxxxxxx> wrote in message
news:86F31CDA-9F74-4225-B6C0-C5CF399E613C@xxxxxxxxxxxxxxxx
What is the difference betwen using the domain security policy, domian
controller security policy, or active directoy users and computers(Group
Policy)? I found different audit settings in domain controller security
policy than what was in active directory users & computers.
.
- Follow-Ups:
- Re: Domain Security Policy
- From: Vincent Xu [MSFT]
- Re: Domain Security Policy
- Prev by Date: Re: Loca Administrator "locked out"
- Next by Date: Re: krbtgt Account
- Previous by thread: Re: Move 2000 Certificate server to 2003 on new hardware
- Next by thread: Re: Domain Security Policy
- Index(es):
Relevant Pages
|
|
