Domain GPO v DC

  • Thread starter Thread starter Peter
  • Start date Start date
P

Peter

Hello

Anyone knows why GPOs which are defined in the domain
security strategy do not apply ? on all my machines in
the domain it's the domain controller security strategy
which apply to all my machines in the domain.

TIA
 
By default the Domain Controller Security Policy applies only to computers in
the domain controller container which should be only domain controllers. Either
you have your computers in the domain controllers container or you have the
default domain controller GPO linked to the domain container which you can check
in AD Users and Computers. Select the domain container/properties/Group Policy
to view what GPO's are linked to the domain. You can also use the gpresult free
support tool to view what Group Policy's are applied to a computer and the
logged on user. --- Steve
 
Thanks for your reply.

Sorry, I didn't quite get it. I am a little bit thick !

Could you please re-explain ?

Peter.
-----Original Message-----
By default the Domain Controller Security Policy applies only to computers in
the domain controller container which should be only domain controllers. Either
you have your computers in the domain controllers container or you have the
default domain controller GPO linked to the domain container which you can check
in AD Users and Computers. Select the domain
Click to expand...
container/properties/Group Policy
 
By default the Domain Controller Security Policy applies only to computers
which means that this policy should and only affect DC in the DC container.

what he is trying to say is checked the OU's properties and see what policy
is linked to them.
 
Think of it this way. Group Policies [GPO] apply to computers or users in the
container they are applied to. The container is either the domain container, the
domain controller container, or an Organizational Unit that you create. Policy is
processed in this order with any defined settings in the last applied policy
"winning" - local>site>domain>Organizational Unit [which always would be a
subcontainer of the domain]. In your case, either your computers are in the domain
controller container OR you have the domain controller Group Policy "linked" to the
domain container. A Group Policy after being created, can be "linked" which means it
will apply to any container in the domain. See the link below on learning more about
Group Policy. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/management/groupsteps.asp
http://www.microsoft.com/resources/...erver/reskit/en-us/distsys/part4/dsgch22.mspx
 
Back
Top