RE: Filter GPO by group
- From: "lforbes" <lforbes@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 12 Aug 2005 14:31:01 -0700
Hi,
Technet recommends not altering the Default Policy but that is a little over
the top in reality. What I set in the Default Domain policy is the Account
Policies and one or two settings that I am sure need to apply to the entire
Domain.
Actually the Default Domain policy doesn't contain much. In fact I had a
corrupted Sysvol which killed my Default Domain Policy as well as my Default
Domain Controllers Policy. I just got it back by installing a new domain on a
test machine and copying the GUID folders over. In Actual truth the Default
Domain Controllers policy is where all the domain specific info is set. The
Default Domain Policy is pretty much empty except for the settings you make.
Cheers,
Lara
"Wildflower" wrote:
> Technet recommends to not alter the default Domain policy, instead to create
> a new GPO, link it to the domain and enforce it. You are saying this is not
> the case. Is it true that account password policies can only be set in the
> default Domain policy? From there, can you still stop those settings from
> applying to administrators? Thanks for your help with this one.
> --
> Wildflower
> MCSE 2004
>
>
> "lforbes" wrote:
>
> > Hi,
> >
> > You cannot set account policies more than once in a Domain. Account Policies
> > like Password Age etc are set in the Default Domain Policy and no where else.
> > This is why it isn't working.
> >
> > Cheers,
> >
> > Lara
> >
> > "Wildflower" wrote:
> >
> > > We want to set account policies, at the domain, for a certain group of users.
> > > We have created a new GPO, set the settings, linked it to the domain and
> > > enforced the GPO. in the Security filtering area, we have added the target
> > > group. That is the only group in the filter. The users do not ever get the
> > > account settings, but do get all other settings we have configured in the new
> > > GPO.
> > >
> > > If I add the authorized users group to the filter, then everyone gets the
> > > new policy, including administrators. We would like to exclude
> > > administrators from this policy. I have set all the proper settings in the
> > > Delegation tab/ Advanced button area for administrators, etc, to read but not
> > > apply the GPO.
> > >
> > > What am I missing?
> > > --
> > > Wildflower
> > > MCSE 2004
.
- References:
- Filter GPO by group
- From: Wildflower
- RE: Filter GPO by group
- From: lforbes
- RE: Filter GPO by group
- From: Wildflower
- Filter GPO by group
- Prev by Date: RE: Roaming profiles Documentaion for Printer and Folder Mounts
- Next by Date: How to query AD domain for user accounts not used in over 60 days?
- Previous by thread: Re: Filter GPO by group
- Next by thread: Can't Read Blank CD's
- Index(es):
