Re: GPO special case user account options and inheritance question
From: djc (noone_at_nowhere.com)
Date: 09/29/04
- Next message: WetBehindEars: "GP for screen saver password..."
- Previous message: alex: "undo folder redirection"
- In reply to: Kevin Sullivan: "Re: GPO special case user account options and inheritance question"
- Next in thread: Ken B: "Re: GPO special case user account options and inheritance question"
- Reply: Ken B: "Re: GPO special case user account options and inheritance question"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 29 Sep 2004 14:58:57 -0400
Thanks Kevin... I'll check out the links you provided as well. I have a
related question though:
When policy is applied to a computer account and effects the machines local
policy when logged on to locally as you stated before in your
clarification... does this local policy still take effect when the machine
is not connected (physically unplugged) to the network?
thanks agian.
"Kevin Sullivan" <ksullivan@autoprof.com> wrote in message
news:Oj$KLBkpEHA.536@TK2MSFTNGP11.phx.gbl...
> 1) you are correct with your first statement. One piece of clarification.
> Account policy configuration applied at any level (OU) below the domain
> level will configure the 'local account policy settings'. This means if a
> computer account is the recipient of the account policy applied at a level
> other than the Default Domain Policy the settings will take affect when
> logging on locally.
>
(http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-u
>
s/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prdp_
> log_csiq.asp)
> 2) Block policy inheritance should not block the domain level account
> policies. I have not tested this but believe this to be true. I am curious
> if anyone finds different information.
> (http://support.microsoft.com/default.aspx?scid=kb;en-us;255550) I think
one
> main point here is that Domain Controllers behave a bit differently than
> other systems on the network. Since they share the NTDS.dit and there
needs
> to be a mechanism to ensure consistency across these replicas.
>
> HTH
>
> Kevin
> AutoProf
> http://www.autoprof.com/policy
>
> "djc" <noone@nowhere.com> wrote in message
> news:ukthXzipEHA.3668@TK2MSFTNGP15.phx.gbl...
> > I understand that account options like password policies, and account
> > lockouts, etc... configured at the domain level are the only user
account
> > policies actually applied... meaning if a lower level container had a
> > conflicting policy configured it would not change the domain level
one...
> >
> > 1) please correct me if I'm wrong with my statement above
> > 2) if a lower level container has the Block Policy Inheritance option
set
> > will the domain level user account policies still be applied? or would
the
> > Block Policy Inheritance actually block them?
> >
> > any info is appreciated... thanks.
> >
> >
>
>
- Next message: WetBehindEars: "GP for screen saver password..."
- Previous message: alex: "undo folder redirection"
- In reply to: Kevin Sullivan: "Re: GPO special case user account options and inheritance question"
- Next in thread: Ken B: "Re: GPO special case user account options and inheritance question"
- Reply: Ken B: "Re: GPO special case user account options and inheritance question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
