Account policy applied to Sub-Domain

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Dear Al

I am administering a sub-domain in a tree and am trying to change some of the Account Policies within the Default Domain Policy (eg. Maximum Password Age). Unfortunately the changes I make aren't being applied. I believe this is because the higher level domain is over-riding my settings. Could this be the case? If so, how can I stop this from happening

Any help much appreciated.
 
I am administering a sub-domain in a tree and am trying to change some of
the Account Policies within the Default Domain Policy (eg. Maximum Password
Age). Unfortunately the changes I make aren't being applied. I believe
this is because the higher level domain is over-riding my settings. Could
this be the case? If so, how can I stop this from happening?

No, because Group Policy inheritance does NOT flow down domain trees.
Group Policy link to a domain affects ONLY that domain.

Are you linking the Group Policy to the DOMAIN you administer? GPO settings
normally work at ANY level but those specific items in "Security\Account
Policies",
(i.e., Password, Lockout, Kerberos) are DOMAIN specific and cannot be set
effectively on OUs or Sites.

(Setting them on a "machine" affects only local machine accounts.)
 
Verify if the new policy settings is already in effect.
1. On the DC, run 'net accounts'
2. On the client machine, run "gpresult /v" and 'net accounts'


Patrick R said:
Dear All

I am administering a sub-domain in a tree and am trying to change some of
Click to expand...
the Account Policies within the Default Domain Policy (eg. Maximum Password
Age). Unfortunately the changes I make aren't being applied. I believe
this is because the higher level domain is over-riding my settings. Could
this be the case? If so, how can I stop this from happening?
 
This can only be override if a such policy exist or are linked to the site
object. As Herb Martin says "Group Policy inheritance does NOT flow down
domain trees"

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1

Patrick R said:
Dear All

I am administering a sub-domain in a tree and am trying to change some of
Click to expand...
the Account Policies within the Default Domain Policy (eg. Maximum Password
Age). Unfortunately the changes I make aren't being applied. I believe
this is because the higher level domain is over-riding my settings. Could
this be the case? If so, how can I stop this from happening?
 
This can only be override if a such policy exist or are linked to the site
object. As Herb Martin says "Group Policy inheritance does NOT flow down
domain trees"
Click to expand...
Account policies linked to a site would have no effect on AD. They would
affect only local accounts on machines.

Laura
 
Back
Top