Re: Domain Security Policy Versus Domain Controller Security Policy
- From: Brandon McCombs <bmccombs@xxxxxxxxx>
- Date: Fri, 24 Jun 2005 04:05:45 GMT
Shane wrote:
> Can someone please give me a clear definition of the difference between
> Domain Security Policy Versus Domain Controller Security Policy. I'm setting
> up Audit Policy's and I've set up the same Audit Policy's in Domain Security
> Policy and Domain Controller Security Policy. Do I need to setup Audit
> Policy's in both the Domain Security Policy and Domain Controller Security
> Policy? Am I duplicating event id's?
>
> Thanks,
Domain policies are applied before individual OU policies. An OU policy is the
last one to be applied (but you can have multiple OUs and multiple policies per
OU). You aren't duplicating events messages because (among other reasons) the
policy settings are additive and the last policy that modifies a setting is the
one that sticks so defining a setting to have a certain value more than once just
means it takes longer to process the settings.
The Domain Controller policy exists to allow you to give special policy settings
to your domain controllers that are independent of the rest of your servers and
workstations. If you don't really need anythign special defined for your domain
controllers then the domain policy will suffice however most people at least want
certain services not needed on th domain controllers to be turned off but the
same ones left on for workstations so the settings for those services in teh
domain policy would need to be overridden by settings in the domain controller
policy.
hope that helps
.
- References:
- Prev by Date: Re: computer secure channel
- Next by Date: Re: User's desktop & Remote Control
- Previous by thread: Domain Security Policy Versus Domain Controller Security Policy
- Next by thread: Re: Domain Security Policy Versus Domain Controller Security Pol
- Index(es):
Relevant Pages
|
