A
Anwar Mahmood
Hi all,
My network has both Active Directory and NDS, and NDS is the "primary"
directory. From what I understand, the default settings in "default
domain policy" relate only to security, and need to be applied to
domain controllers only (there are no local accounts on client PCs
apart from built in ones). All my PCs are identical, and need the same
policy settings, so I've made policy settings in local computer
policy. This means that PCs don't pull down the same settings each
session, but I can still overrule the settings from the network if
necessary. Can I use the "block policy inheritance" feature on the OU
that holds the PC objects to effectively make no "external" policies
apply to the client PCs, primarily to speed things up? If I ever need
to change these policy settings, I can simply create a custom group
policy and assign it to this OU.
Am I correct? What are the implications of blocking the default domain
policy?
Kind regards,
Anwar
My network has both Active Directory and NDS, and NDS is the "primary"
directory. From what I understand, the default settings in "default
domain policy" relate only to security, and need to be applied to
domain controllers only (there are no local accounts on client PCs
apart from built in ones). All my PCs are identical, and need the same
policy settings, so I've made policy settings in local computer
policy. This means that PCs don't pull down the same settings each
session, but I can still overrule the settings from the network if
necessary. Can I use the "block policy inheritance" feature on the OU
that holds the PC objects to effectively make no "external" policies
apply to the client PCs, primarily to speed things up? If I ever need
to change these policy settings, I can simply create a custom group
policy and assign it to this OU.
Am I correct? What are the implications of blocking the default domain
policy?
Kind regards,
Anwar