GPO's and Security

E

ExAdmin

Are there any good low-level documents out there as far as how GPO's are
applied?

What accounts need local admin rights to modify the registry remotely
through administrative templates?

I'm focusing on security aspects & GPO administration.

Thanks,
Daniel
 
B

Buz [MSFT]

The first question seemed pretty open ended so here is a bunch of Group
Policy info that you may find helpful.

As far as your second question goes:
What accounts need local admin rights to modify the registry remotely
through administrative templates?
Click to expand...

This is done by the local system account when the computer applies the
security template.


221930 Domain Security Policy in Windows 2000
http://support.microsoft.com/?id=221930

823862 User Policies Are Not Applied When You Log On to a Computer That Is
http://support.microsoft.com/?id=823862

302104 The Logon Script Does Not Run During the Initial Logon Process
http://support.microsoft.com/?id=302104

250842 Troubleshooting Group Policy Application Problems
http://support.microsoft.com/?id=250842

247811 How Domain Controllers Are Located in Windows
http://support.microsoft.com/?id=247811

315418 HOW TO: Optimize Group Policy for Logon Performance in Windows 2000
http://support.microsoft.com/?id=315418

308194 HOW TO: How to Create Organizational Units in a Windows 2000 Domain
http://support.microsoft.com/?id=308194

220019 HOW TO: Set User Rights in Windows 2000
http://support.microsoft.com/?id=220019

307882 HOW TO: Use the Group Policy Editor to Manage Local Computer Policy
in
http://support.microsoft.com/?id=307882

320187 HOW TO: Manage Computer Accounts in Active Directory in Windows 2000
http://support.microsoft.com/?id=320187

322176 HOW TO: Administer GPO Properties in Windows 2000
http://support.microsoft.com/?id=322176

227448 Using Secedit.exe to Force Group Policy to Be Applied Again
http://support.microsoft.com/?id=227448



The interval at which a group policy is refreshed is defined by a refresh
interval value and an offset interval value. The refresh interval is an
amount of time between 0 (zero) and 64800 minutes (45 days), which is used
to determine when the group policy should be applied next. By default, if
the administrator does not modify the default setting, Windows 2000-based
computers use 90-minute intervals. For domain controllers, the default is 5
minutes. This default for domain controllers is used because when a change
to domain policy or rights is made, this reduces the latency in applying the
change to domain controllers as replication occurs. If 0 (zero) is specified
for the refresh interval, the refresh occurs in 7-second intervals.

How to Modify the Default Group Policy Refresh Interval:
http://support.microsoft.com/default.aspx?scid=kb;it;203607

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Admin rights for intellimirror? 2
gPO won't take effect 2
Programs that need admin rights, but user shouldn't have them 5
Active Directory GPO's for IE 1
Default domain permissions 4
your current security settings do not allow this file to be downlo 1
Applying GPO to an OU 1
can't modify local security settings 2

Top