Re: Problem with Group Policies
From: Derek Melber [MVP] (derekm_at_braincore.net)
Date: 03/11/04
- Next message: David Everett [MSFT]: "Re: folder redirection dilemna"
- Previous message: DavidM: "MTS Component Problems - HELP!"
- In reply to: Tony F: "Re: Problem with Group Policies"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 11 Mar 2004 12:01:55 -0700
Tony,
you are right in saying that the Account POlicies are the key portion of the
GPO that can't be done at the site level, and only can be done at the domain
level. Most of the other computer configuration settings will propagate from
the site level with no problem.
As long as you have only set up the Account Policies in the GPO linked to
the site, you can just unlink the GPO from the site and you are done with
that step. As for setting up the Account Policies at each domain, I highly
recommend just configuring the Default Domain Policy in each domain.
hope this helps
-- Derek Melber BrainCore.Net derekm@braincore.net "Tony F" <anonymous@discussions.microsoft.com> wrote in message news:2631993F-0EBB-4A04-B200-5953A0929232@microsoft.com... > Hi Derek, > > Would i be right in saying that some parts of the site policy will propogate, but Account policies do not travel as they should be set on a per domain basis?. I think we will resort to having 1 seperate GPO for each domain and remove the Site GPO. Is there any set way i should go about doing this or is it as simple as removing the link in the Ad Sites and Services tool and then setting the policy settings on each of the 4 Domains separately. > > Thanks once again for your help. > > Regards. > > T > ----- Derek Melber [MVP] wrote: ----- > > You can not configure Account Policies from a Site linked GPO and have them > apply to ALL domains in the forest. The ONLY location to configure Domain > Account Policies is at the GPO linked to the domain, in each domain. > > Also, it is usually not recommended to configure Site GPOs, except for rare > and unique instances. > > -- > Derek Melber > BrainCore.Net > derekm@braincore.net > "Tony F" <anonymous@discussions.microsoft.com> wrote in message > news:12D92D13-D449-4B32-8DF3-0528028CF249@microsoft.com... > > Hi There, > >> I was wondering if anybody out there could help me. I am having a problem > with some settings not being applied from a Default Domain Policy. I have 4 > sites and 4 Domains in my Active Directory that are seperated by a WAN link. > I have created a Default Domain Policy at the root Domain and have applied > this policy via the AD Sites and Services to the other 3 Domains 1 level > down the tree. I have clicked the "No Overide" option to prevent the policy > from being overwritten further down the tree. Whats happening is that some > of the settings in the Policy like the Warning message before logging on to > a domain is being applied but the Account Policies like Password settings > are not. Instead the computers on the domains are picking up the default > settings for the domain they are on. They are not picking up the settings > set in the root domain. Can anyone suggest what i need to do to get these to > work from the top level. > >> Kind Regards.. > >> T > > >
- Next message: David Everett [MSFT]: "Re: folder redirection dilemna"
- Previous message: DavidM: "MTS Component Problems - HELP!"
- In reply to: Tony F: "Re: Problem with Group Policies"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
