Re: Default Domain Controllers Policy
- From: "Mark Heitbrink [MVP]" <spam-only@xxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 28 Jun 2006 09:16:58 +0200
Hi,
Steven Hutchinson schrieb:
It would seem that our Default Domain Controllers Policy is being applied to
all computers in our domain.
No good idea.
As far as I know this should not be the case and should only be applied to
Domain Controllers.
Absolutly right.
Can anyone confirm this to me as it is causing a few problems?
For sure. Because a domain controller is much more restrictiv configured
like "logon locally" and other permissions it is not recommended to
apply the DefDomConPol to the clients, becaus ea "user" needs to work
on a client.
If you want to allow a user logon on that client and you edit the
DefDomConPol, then he is able to logon locally on a DC aswell.
In most cases you don´t wnat that.
Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
extend GPO: www.desktopstandard.com
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
.
- Follow-Ups:
- Re: Default Domain Controllers Policy
- From: Steven Hutchinson
- Re: Default Domain Controllers Policy
- References:
- Default Domain Controllers Policy
- From: Steven Hutchinson
- Default Domain Controllers Policy
- Prev by Date: Re: distribute .reg file with Group Policy
- Next by Date: Re: Default Domain Controllers Policy
- Previous by thread: Default Domain Controllers Policy
- Next by thread: Re: Default Domain Controllers Policy
- Index(es):
Relevant Pages
|
Loading
