Domain Security Policy Versus Domain Controller Security Policy

[Guest]

Can someone please give me a clear definition of the difference between
Domain Security Policy Versus Domain Controller Security Policy. I'm setting
up Audit Policy's and I've set up the same Audit Policy's in Domain Security
Policy and Domain Controller Security Policy. Do I need to setup Audit
Policy's in both the Domain Security Policy and Domain Controller Security
Policy? Am I duplicating event id's?

Thanks,

 

[Brandon McCombs]

Can someone please give me a clear definition of the difference between
Domain Security Policy Versus Domain Controller Security Policy. I'm setting
up Audit Policy's and I've set up the same Audit Policy's in Domain Security
Policy and Domain Controller Security Policy. Do I need to setup Audit
Policy's in both the Domain Security Policy and Domain Controller Security
Policy? Am I duplicating event id's?

Thanks,

Domain policies are applied before individual OU policies. An OU policy is the
last one to be applied (but you can have multiple OUs and multiple policies per
OU). You aren't duplicating events messages because (among other reasons) the
policy settings are additive and the last policy that modifies a setting is the
one that sticks so defining a setting to have a certain value more than once just
means it takes longer to process the settings.

The Domain Controller policy exists to allow you to give special policy settings
to your domain controllers that are independent of the rest of your servers and
workstations. If you don't really need anythign special defined for your domain
controllers then the domain policy will suffice however most people at least want
certain services not needed on th domain controllers to be turned off but the
same ones left on for workstations so the settings for those services in teh
domain policy would need to be overridden by settings in the domain controller
policy.


hope that helps

 

[Jorge_de_Almeida_Pinto]

Can someone please give me a clear definition of the
difference between
Domain Security Policy Versus Domain Controller Security
Policy. I'm setting
up Audit Policy's and I've set up the same Audit Policy's in
Domain Security
Policy and Domain Controller Security Policy. Do I need to
setup Audit
Policy's in both the Domain Security Policy and Domain
Controller Security
Policy? Am I duplicating event id's?

Thanks,

what do you want to audit specifically?

Cheers,