Re: GPO questions
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Jul 2005 13:49:59 -0500
That is not entirely true. You must make the distinction between "domain"
users and "local" computer users on domain computers. You can define
password/account policy at the OU level but it will apply ONLY to local
users on domain computer within the scope of management of that OU. In such
case block inheritance at the OU would mean that the password/account policy
settings defined in Local Security Policy of the domain computers in that OU
would apply to the local users on those domain computers - not what is
configured at the domain level.
Why does this all matter? Well maybe you would want to have different
password/account policy for the local computer accounts in the domain many
of which may only contain the built in administrator account and the guest
account which would be disabled by default. The local administrator account
on a domain computer while not all powerful in the domain certainly is an
important account on sensitive domain computers such as the Enterprise
Certificate Authority or any other important computers. --- Steve
"Wayne" <Wayne@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:290AAF2D-26B8-47E0-AF67-BFEA23ED8A7E@xxxxxxxxxxxxxxxx
> Hi,
> I am going through a Transcender for 70-217, and it states "When a
> password
> policy is set at the domain level and the Block Policy Inheritance option
> is
> enabled at the OU level, the password policy overrides the enabled block
> policy inheritance option." I though you would have to set the no
> override
> option at the higher lever GPO for this action to take place. Any other
> got-ya's ?
> Thanks - Wayne
.
- Follow-Ups:
- Re: GPO questions
- From: Steven L Umbach
- Re: GPO questions
- References:
- GPO questions
- From: Wayne
- GPO questions
- Prev by Date: Re: GPO questions
- Next by Date: OT: Thursday Thinker
- Previous by thread: Re: GPO questions
- Next by thread: Re: GPO questions
- Index(es):
Relevant Pages
|
