Group Policies

S

Skip

Can someone please tell me the difference between "Domain
Controller Security Policies" and "Domain Security
Policies". Also, why do I have to give a user
permissions to log on locally with both the "Local
Security Policy" and the "Domain Security Policy" before
a user can logon to the domain controller? Doesn't the
domain policy override the local policy?
 
S

Steven L Umbach

Domain Controller Security Policy is just for objects [domain controllers]
in the domain controller container which is essentially an OU though not
called one. Domain Security Policy is the default policy that will apply to
all machines in the domain other than those that have an overriding defined
setting at the OU level. Keep in mind that policy is applied in this order
local>site>domain>OU.

Any setting defined in the domain controller cotainer will override domain
settings which is why you are the setting you define at the domain level
will not allow the user to logon to a dc since Domain Controller Security
Policy has user rights defined.

There are a couple of notable exceptions in that domain password/account
policy for domain users can only be defined at the domain level and the user
right for add workstations to the domain will only be effective at the
domain controller container level. -- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Controller Security Policy vs. Domain Security Policy? 1
Local Setting vs Effective Setting 2
AD Security 1
Security Policy Is not opening. 9
Object Access Audit Policy for a Domain 4
Domain vs Domain Controller Security Policy 2
Changing process priorities of normal users 3
Domain Security Policy 2

Top