Group Policy vs Domain Controller Security Policy


Tammy Mathews

We wish to rename the administrator account on our
production servers and Q320053 indicates that you can
create a new group policy from the Active Directory Users
and Computers mmc. Once you have named the new group
policy you click on edit and then Windows Settings\Local
Polices\Security Options and define the Rename
Administrator policy.

However, the very same options are available if I run the
Domain Controller Security Policy mmc. Which one wins? ie
the setting made in the Group Policy mmc or the settings
made in the Domain Controller Security mmc?


Salamo Alakom

Domain Controller GPO for domain Controllers only,

Regarding any other computer objects (Workstations,

1. Place your operation servers into OU.
2. Create new group policy to rename the administrator
3. that is all (done)

Ibrahim El-Zawawy

Steven L Umbach

Polices are applied in the order of local>site>domain>OU. The domain
controller policy is basically an OU policy. The last policy applied is the
effective setting. So if the policy is applied at the domain level and not
the dc level, then the domain policy applies. If it is applied at both
levels, then the dc policy applies. Keep in mind that for domain members,
password/account policy can only be applied at the domain level. Be sure to
view your administrator accounts after the policy is applied. There are two
logon names in a W2K account the upn name [with @domainname] and the more
traditional pre W2K name. It may not change both names. --- Steve

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question