GPO and Audit

[CA]

I will be applying a GPO to an OU to enforce password
changes every 60 days. Our Domain policy is setup
without any password restrictions.

1) If I enable auditing to this GPO, I will be only
auding the users inside this GPO, right?
2) How much network trafic(logs)Auditing creates? There
will be about 15 users in this OU.
3) These users are members of the Domain Admin group. I
need to know what changes they are doing to accounts.
Would "Audit Account Managment" do the job?
4) The domain policy was setup to unlock accounts after
45 minutes. This policy will remain in affect for the OU
since I am not applying anything different for it, right?

Thank you.

 

[Chriss3]

1) it will only auditing at computers the particular GPO applies to
2) it doesn't create any network traffic since auditing only effects local
event at computers the particular GPO applies to
3) Setup this policy in Domain Security Policy
4) Yes, since such setting within a GPO only applies to local accounts

Password restrictions define in a GPO are applied to local accounts only.

 

[Guest]

Thank you for your help. So, I won't be able to use the
audits properly since I need to monitor these users on
the whole domain. If I apply audits to the Domain
Security Policy, how much traffic does it create for
about 1200 users?

 

[Cary Shultz [A.D. MVP]]

Correct.

The password policy must be set at the domain level. Typically, you would
create a separate GPO at the domain level to make sure that what you are
doing is correct and what you really want. Once you have confirmed / tested
everything you could then incorporate this GPO into your Default Domain
Policy ( if you so choose ).

As Chris stated, any GPO for passwords that you create at the OU level will
be applied to the local computer accounts located in that OU.

HTH,

Cary