Re: Default Domain Security Settings and DC Security Settings

From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 11/07/04 

Date: Mon, 8 Nov 2004 09:25:07 +1100

Hi Frank

The Default Domain Policy applies to everything in the domain.

The Default Domain Controller Policy applies to the Domain Controllers
(because it's linked to the Domain Controllers OU).

Account lockout settings should only apply at the domain level.

Does that answer your question? I'm a little unclear what you're after.

Kind regards 

-- 
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email 
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"frankcvc" <frankcvc@discussions.microsoft.com> wrote in message 
news:58BA98D4-B0A8-4CEF-98B0-FBCD48D2AEF7@microsoft.com...
> On any AD domain controller, I see two Default Security Settings:
> Default Domain Security Settings and Default Domain Controller  Security
> Settings.
>
> I assume the default domain security settings would apply to all members 
> of
> the domain, member servers, DCs, and member client machines. The Default 
> DC
> security settings is just like the Local Security Settings on other 
> machines.
>
> Looked at their structures, pretty much the same except that different
> options are set up in each of them.   I wonder if these two settings set 
> up
> different security options, say, Account Password and lockout, what would
> that mean? The DC's would only affect the AD Domain users and the Domain's
> would only affect other users created on member servers and client 
> machines?
>
> Appreciate it if anyone could provide some insight on this matter.
> -- 
> Frank

Relevant Pages

  • Help with Domain Controller Security Policy
    ... Now whenever I go into "Domain Controller Security ... Policy" the only thing I have access to in "Security Settings" is Public Key ... the "Local Polices" which contains User Rights Assignment nor does it shows ... (Server1 or Server2) ...
    (microsoft.public.win2000.active_directory)
  • Domain Controller Policy problem in details
    ... Now whenever I go into "Domain Controller Security ... Policy" the only thing I have access to in "Security Settings" is Public Key ... the "Local Polices" which contains User Rights Assignment nor does it shows ... (Server1 or Server2) ...
    (microsoft.public.windows.server.general)
  • Help with Domain Controller Security Policy
    ... Now whenever I go into "Domain Controller Security ... Policy" the only thing I have access to in "Security Settings" is Public Key ... the "Local Polices" which contains User Rights Assignment nor does it shows ... (Server1 or Server2) ...
    (microsoft.public.windows.server.setup)
  • Domain Controller Policy problem in details
    ... Now whenever I go into "Domain Controller Security ... Policy" the only thing I have access to in "Security Settings" is Public Key ... the "Local Polices" which contains User Rights Assignment nor does it shows ... (Server1 or Server2) ...
    (microsoft.public.win2000.dns)
  • Domain Controller Security Policy problem in detail
    ... Now whenever I go into "Domain Controller Security ... Policy" the only thing I have access to in "Security Settings" is Public Key ... the "Local Polices" which contains User Rights Assignment nor does it shows ... (Server1 or Server2) ...
    (microsoft.public.windows.server.networking)