Default Domain Policy 2003

  • Thread starter Chip pellegrino
  • Start date

Chip pellegrino

I have a 2003 domain server two an OU for my servers and an OU for
Recently an external auditor suggested we use the logon message (Default
Domain Policy\computer configuration\windows settings\security settings\local
policies\security options\Interactive Logon\Message text for all users
attempting to log on). The problem is that when this setting is turned on in
the default domain policy it applies to my sever OU, and we have a server we
reboot every night and automatically logs on because it has to run a
communication program for our users. With that setting in the domain policy
the server reboots and waits for an OK on the message and the communication
program doesn't run because it runs from the startup folder. If i make a
policy for the message text in the workstation OU the default domain police
overrides it and none of our workstations sho the message.

How can i set the message logon text only for workstations and not

Danny Sanders

Move the group policy from the default domain to the OU with the
workstations in it.


Chip pellegrino

I can't move the default domain policy to the workstations OU because the
default domain policy has security settings that need to be applied to all
computers ie:password length,password history etc. The Logon Message is not
set in the default domain policy so i don't know why the workstation OU
policy is getting overriden by the default domain policy.

Should i block the policy inheritance at the workstation OU and then
link the default policy to the workstations OU and change the order of the
policies, but leave it in the default domain OU too?

Danny Sanders

What I meant was remove the settings for the logon message from the default
domain GPO, create a new group policy on the workstation OU with the logon
message setting .


Meinolf Weber [MVP-DS]

Hello Chip,

Create a new GPO with that settings and link it to the OU where the workstations
are located, so only them are effected. Also you should not change the Default
domain and Default domain controllers policy, if you need other configuration
settings better create your own policy and linkit also to the domain or DC's
OU. So in case of failures you can easy go back to that both default settings
with just unlinking the new created policies.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!

Chip pellegrino

This is how I set it up, but it doesn't seem to be working and I can't
understand why. The logon message is not set anywhere else other than the
policy for the workstation OU.

Chip pellegrino

Thanks for your help guys. I wasn't creating a new policy i was editing an
existing policy and it wasn't working. I created a new policy and it works
fine now.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question