G
Guest
We have the following setup
5 account domains. 4 are in W2K mixed-mode . One i W2K native.
1 domain . native 2000. empty. servers role of schema master
New computer accounts are created in the Ous in one of these domains (based
on geographcal location)
Account and password policy defined via default domain policy in all domains.
Several hundred resource domains. NT4 based.
Many of these have one-way trust with the account domains.
Many don't have. I'll call these untrusted RDs.
Majorty of clients in the resource domains are W2K Pro or XP.
Now my Qs:
#1 If the account policy is defined in the default domain group policy,
does it reach the clients in trusted and/or untrusted RDs?
#2 How are the account policies affective? these are implemented when the
machine starts up? OR when a user logs in?
#3 If I want to add a global administrative group to the local
dministrator's group in each workstation, how can I accomplish this?
I have already seen the scenarios where I can define it via startup script
in the machine config part of a group policy OR via loon script in the user
config part of group policy.
But my Q to this is login script is not effective because it runs in user
context.
startup script will not be effective for workstations in the resource domain.
Can someone please clear my doubts regarding group policy fundamentals?
Thanks
5 account domains. 4 are in W2K mixed-mode . One i W2K native.
1 domain . native 2000. empty. servers role of schema master
New computer accounts are created in the Ous in one of these domains (based
on geographcal location)
Account and password policy defined via default domain policy in all domains.
Several hundred resource domains. NT4 based.
Many of these have one-way trust with the account domains.
Many don't have. I'll call these untrusted RDs.
Majorty of clients in the resource domains are W2K Pro or XP.
Now my Qs:
#1 If the account policy is defined in the default domain group policy,
does it reach the clients in trusted and/or untrusted RDs?
#2 How are the account policies affective? these are implemented when the
machine starts up? OR when a user logs in?
#3 If I want to add a global administrative group to the local
dministrator's group in each workstation, how can I accomplish this?
I have already seen the scenarios where I can define it via startup script
in the machine config part of a group policy OR via loon script in the user
config part of group policy.
But my Q to this is login script is not effective because it runs in user
context.
startup script will not be effective for workstations in the resource domain.
Can someone please clear my doubts regarding group policy fundamentals?
Thanks