Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Windows Server 2003 / Group Policy / July 2008

Tip: Looking for answers? Try searching our database.

GPO Inheritance

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
RG - 30 Jul 2008 20:39 GMT
My domain controller is win2k3 server r2 with latest sps.  I am using gpmc
sp1.  I have broken up users into 4 ou's, level 1-4.  There are 2 domain
wide group policies.  They are 1.  WSUS  2. Default Domain Policy.  I had
created a new group policy and assigned it to Level 1 ou.  This policy sets
the account lockout rules.   When generating RSOP for Level 1 ou users,  The
account lockout policies chosen are that of Default Domain Policy group
policy.  My goal was to override that which is in Default Domain Policy with
the policy assigned to Level 1 ou.

Can someone tell me where I went wrong her?

Thanks in advance
Reply to this Message
Darren Mar-Elia - 31 Jul 2008 02:01 GMT
yes, you can't apply account policy for domain user accounts at any level
except the domain level. So the changes you are making to account lockout
rules at the OU level are only applying to local user accounts on the
computers in that OU--not to domain user accounts. You can only have one
domain account policy per domain in Win2K3.

Darren

Signature

Darren Mar-Elia
MS-MVP-Windows Server--Group Policy

*******************************
Secure and configure your Windows desktops accurately every time without
having to learn or install new technology.
Find out more about Desktop Policy Manager at
http://www.sdmsoftware.com/desktop_management
*******************************

> My domain controller is win2k3 server r2 with latest sps.  I am using gpmc
> sp1.  I have broken up users into 4 ou's, level 1-4.  There are 2 domain
[quoted text clipped - 11 lines]
>
> Thanks in advance
Reply to this Message
RG - 31 Jul 2008 03:07 GMT
Thanks.  How, then, do I determine which policies could be change on domain
level and which on domain level?

> yes, you can't apply account policy for domain user accounts at any level
> except the domain level. So the changes you are making to account lockout
[quoted text clipped - 20 lines]
>>
>> Thanks in advance
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.