J
Josh
All,
Does anyone know what the effects are of disabling the
default domain policy at the domain level?
Thanks.
Does anyone know what the effects are of disabling the
default domain policy at the domain level?
Thanks.
Mark Renoden said:Hi Josh
Effect is that Domain wide policy doesn't apply. It's not a good thing to
do. Why the question?
Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)
Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
Josh said:All,
Does anyone know what the effects are of disabling the
default domain policy at the domain level?
Thanks.
-----Original Message-----
Josh-
That's assuming of course, that there isn't another GPO linked to the
domain. I've had this conversation with some other folks before and there is
this "fear" that there is something magical about the Def. Domain Policy and
Def. DC Policy and that disabling them is bad. I haven't found that to be
the case. You just need to be aware of what the effects are, as Mark
indicates. If you set account policy, for example, through the Default
Domain Policy, and then you disable the DDP, that account policy won't be
undone--it just won't be change-able until you have another domain-linked
GPO available.
--
Darren Mar-Elia
MS-MVP-Windows Management
http://www.gpoguy.com
and confers noHi Josh
Effect is that Domain wide policy doesn't apply. It's not a good thing to
do. Why the question?
Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)
Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties,
rights.
.
Josh said:Well the reason I asked is because I have a domain were
the default domain policy is disabled and no policy is
linked to the domain. But there are still account lockout
after a certain amount of bad tries. Where is this policy
coming from?-----Original Message-----
Josh-
That's assuming of course, that there isn't another GPO linked to the
domain. I've had this conversation with some other folks before and there is
this "fear" that there is something magical about the Def. Domain Policy and
Def. DC Policy and that disabling them is bad. I haven't found that to be
the case. You just need to be aware of what the effects are, as Mark
indicates. If you set account policy, for example, through the Default
Domain Policy, and then you disable the DDP, that account policy won't be
undone--it just won't be change-able until you have another domain-linked
GPO available.
--
Darren Mar-Elia
MS-MVP-Windows Management
http://www.gpoguy.com
and confers noHi Josh
Effect is that Domain wide policy doesn't apply. It's not a good thing to
do. Why the question?
Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)
Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties,
rights.All,
Does anyone know what the effects are of disabling the
default domain policy at the domain level?
Thanks.
.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.