local polcy does not get effective

  • Thread starter Thread starter hashmisn
  • Start date Start date
H

hashmisn

when i changes either in domain controller policy or in
domain policy in log on locally or manage auditing
security log policy , local policy of the same domain
controller machine does not get effective.
can any one help
hashmi
 
when i changes either in domain controller policy or in
domain policy in log on locally or manage auditing
security log policy , local policy of the same domain
controller machine does not get effective.
can any one help
hashmi
Click to expand...
This is expected behaviour, that is the whole idea of *Group* policy -
to not go and tamper with each machine's local policy but rather
configure a bunch of machines with a single action. Policies are applied
in the order:
1) Local
2) Site
3) Domain
4) OU
5) Child OU
....
The next policy applied overwrites the settings made by the previous (in
the common case) and local policy is *always* overwritten. You should
not user local policy on DCs - it complicates the setup and there are
some specific issues that will cause you lots of headaches.

What are you trying to accomplish?
--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
Thanks of reply. now even if change through group policy
it is not being effective on local policy. what has gone
wrong and what to do next please.
hashmi
 
Thanks of reply. now even if change through group policy
it is not being effective on local policy. what has gone
wrong and what to do next please.
hashmi
Click to expand...
<snip>
Sorry for the delayed answer, Hashmi. Could you please explain in more
detail what specifically you are trying to accomplish? I'll give it a
shot anyway ;) I can speculate that you want to give the "Log on
locally" security right to users on a certain server. Keep in mind that
the computer account must be in an OU above (or directly to) which the
GPO where the setting is configured is linked. Also, make sure group
policy inheritance is not blocked at this or parent OU. If the GPO
doesn't "hit" the computer object then the issue you describe will
arise. Check these two first and if you confirm that the GPO should
apply, use gpresult.exe on the client (or RSOP.msc on WinXP and Win2K3)
to see more information on applied GPs.

--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
Back
Top