Re: Group policy - another newbie question

From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 10/22/04 

Date: Fri, 22 Oct 2004 14:25:37 +1000

Hi Anna

1. Domain Controller Security Policy is exactly that. The security settings
which apply to the Domain Controllers. This is a subset of the settings
(just the security settings) you see if you open Active Directory Users and
Computers, select the properties of the Domain Controllers Organisational
Unit, navigate to the Group Policy tab and edit the Default Domain
Controller Policy.

2. Domain Security Policy is the set of security settings which apply to the
entire Domain (not just the DC's). Like the Domain Controller Security
Policy, this is a subset of the policy settings found in the Default Domain
Policy. This links to the domain in Active Directory Users and Computers.

3. GPEdit.msc edits the local policy. This is stored locally on the machine
and is not pushed down by Active Directory. It's best not to mess around
with this unless you're in a workgroup environment and even then it has
limitations.

4. Local Security settings is the security subset of what you see in
GPEdit.msc. Again, best to just leave it alone and manage things from AD.

HTH 

-- 
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email 
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Anna Colton" <annac@abc.com> wrote in message 
news:4178789f$0$23035$5a62ac22@per-qv1-newsreader-01.iinet.net.au...
> I've found at least four different ways to start a policy editor. Can 
> anyone explain the difference?
>
> (1) in Control Panel, we have "Domain Controller Security Policy";
> (2) also in Control Panel, we have "Domain Secury Policy";
> (3) Documents say type "gpedit.msc" in a Command Prompt.
> (4) Win2k3 online help has this link to start what it call "Local Security 
> Settings":
> ms-its:C:\WINDOWS\Help\audit.chm::/EXEC=,secpol.msc CHM-UAShared.chm 
> FILE=alt_url_windows_component.htm. This is I think the same as type 
> "secpol.msc" in Command Prompt.
>
> Thanks!!
>

Relevant Pages

  • Re: Big networking problems
    ... The Group Policy security settings that apply to this machine could not be ... find my computer on the network, hit OK, then hit Apply. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Microsoft Security & Configuration Tool (MSCT)
    ... > install into the server become problem. ... How to undo the security configuration that I had already applied ... basicsv.inf is the Domain Controller Security Policy, ...
    (microsoft.public.security)
  • Re: Group policy - another newbie question
    ... Domain Controller Security Policy is exactly that. ... > settings you see if you open Active Directory ...
    (microsoft.public.win2000.group_policy)
  • Re: Security - Compromised!
    ... policy, no auditing/intrusion detection, etc. So I would say top things are ... to have properly configured firewall (test with external security scanner) ... Changes could have been made at domain or domain controller ... clean it would be time to run dcpromo on your new server. ...
    (microsoft.public.win2000.security)
  • Re: display last login and unsuccessful login attempts
    ... and /or logon events is enabled for success and failure in Local Security ... Policy as explained in the first link below. ... domain controllers you need to enable auditing in Domain Controller Security ...
    (microsoft.public.win2000.security)