Re: GPO Processing (Block Inheritance and No Override)
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/29/04
- Next message: inxsiny: "Re: Is 216 really a monster?"
- Previous message: Roger Abell: "Re: GPO Processing (Block Inheritance and No Override)"
- In reply to: Bhargav Shukla: "GPO Processing (Block Inheritance and No Override)"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 29 Mar 2004 00:16:46 -0700
In addition to Neil's good comments, it may help you to
think in terms of account databases. There is only one
for the domain. A policy that controls what can be stored
in it (characteristics of passwords for example) can only
affect all domain accounts.
Per your example, it will not be overwritten, not blocked
by a GPO that is not linked to the domain object.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Bhargav Shukla" <contanoctme_sp@ambhargavs.com> wrote in message news:%23z6iPJBFEHA.2640@TK2MSFTNGP09.phx.gbl... > I would like to know what happens to the password policy defined in Default > Domain Policy when a given OU in AD is set to "Block Policy Inheritance" and > Default Domain Policy is NOT set to "No Override". > > It is confusing to know that a password policy applied in Default Domain > Policy applies to entire domain and to have seperate password policies you > must setup another child domain (as you can't override DDP password > policies). > > Can someone please share their wisdom and clear many doubts around this? > > -- > Thanks, > Bhargav Shukla > MCSE Windows 2000, MCSA Messaging, CCEA, RSA SecureID CSE > >
- Next message: inxsiny: "Re: Is 216 really a monster?"
- Previous message: Roger Abell: "Re: GPO Processing (Block Inheritance and No Override)"
- In reply to: Bhargav Shukla: "GPO Processing (Block Inheritance and No Override)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
