GPO Replication to DMZ

D

David

Hello all,

I have a machine in my DMZ that has been joined to the
company domain. This will allow internal users to log in
to the system and also allow non-domain users access to
services and files as needed.

The local Policy has 2 settings. One is Current setting,
the other is effective setting. It seems that MS rules
state that the local policy object will only become
effecttive if it syncs with the domian policy at least
once. Then those settings will stay current until you need
to do another update. Is there a way to force the server
to only accept Local Policy Objects so those become
effective settings and not look at the domain policy?

Any help is greatly appreciated.
 
S

Steven L Umbach

I don't think that will work. From what I know, machine must be able to
communicate with the domain controller in order for any Local Security
Policy changes to be effective to make sure that no domain/OU settings will
override. That has been my experience with my laptops anyhow, and it makes
sense from a security standpoint.--- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Comments? - DMZ and Domain Security 1
Changing process priorities of normal users 3
Applying GPO on Active directory 1
Group permissions 4
local security policy does not get applied 2
bug with efs on server 2003 5
Local Security Policy on a DC 6
Cant disable password complexity 3

Top