Re: Default Domain GPO

From: Chriss3 [MVP] (noSpamHere_at_chrisse.se)
Date: 08/02/04 

Date: Mon, 2 Aug 2004 19:33:37 +0200

Yes 

-- 
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"ITLush" <ITLush@discussions.microsoft.com> skrev i meddelandet
news:0E839B1E-461C-414C-8EAE-3FA0EC597032@microsoft.com...
> Thanks Chris
>
> So if I make the test domain policy the highest priortiy this should work?
>
> "Chriss3 [MVP]" wrote:
>
> > You are right about the password policy only applies to domain users
when
> > they are linked to the domain, how ever only the first listed policy
linked
> > to the domain applies the password policy for domain users, there can't
be
> > multiple policies.
> >
> > -- 
> > Regards
> > Christoffer Andersson
> > Microsoft MVP - Directory Services
> >
> > No email replies please - reply in the newsgroup
> > ------------------------------------------------
> > http://www.chrisse.se - Active Directory Tips
> >
> > "ITLush" <ITLush@discussions.microsoft.com> skrev i meddelandet
> > news:94DA842D-029D-4AEB-8CD0-3C3A93CE50F7@microsoft.com...
> > > Hi
> > >
> > > I hope someone can help me.  I am re-structuring the AD within a small
> > company.  The Default Domain GPO has been active for approx 12 months
with
> > only a couple of setting, password length and lockout duration.  I have
> > decided on new new policy and have created a Test Domain GPO.  I have
> > removed authenticated users and applied a DSG with a couple of users.
Some
> > of the policies work, i.e. the password protected screen saver, items
> > removed from desktop etc, but things like the Warning Message, prompt to
> > change password and account lockout are not.
> > >
> > > I understand that passwords can only be set at the domain level, so
> > thought by applying a second Domain GPO I would be able to test this
without
> > affecting all the authenticated users.
> > >
> > > Could someone please let me know what I am doing wrong?
> >
> >
> >

Relevant Pages

  • Re: Managing Domain workstations
    ... If you have problem users have HR set down a policy of computer use and if it is violated there will be terms of punishment up to and including termination. ... SMS will help you monitor what is being used if you so desire to waste countless hours snooping on others. ... MVP - Directory Services ... migrated onto it through active directory. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Permissions management
    ... We will assume Active Directory in this newsgroup because that is what this newsgroup is for. ... Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • Re: Managing Domain workstations
    ... Ideally if we had suspicions of people breaching policy we would like to ... b- "do not allow anonymous enumeraation of SAM accounts and shares" it should ... MVP - Directory Services ... migrated onto it through active directory. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Run queries on user accounts?
    ... Microsoft MVP - Directory Services ... No email replies please - reply in the newsgroup ... http://www.chrisse.se - Active Directory Tips ...
    (microsoft.public.windows.server.active_directory)
  • Re: Run queries on user accounts?
    ... You can use dsquery user -inactive if you are in Windows Server 2003 ... http://www.chrisse.se - Active Directory Tips ... >> Microsoft MVP - Directory Services ... >> No email replies please - reply in the newsgroup ...
    (microsoft.public.windows.server.active_directory)
Loading