local polcy does not get effective

H

hashmisn

when i changes either in domain controller policy or in
domain policy in log on locally or manage auditing
security log policy , local policy of the same domain
controller machine does not get effective.
can any one help
hashmi
 
M

Marin Marinov

when i changes either in domain controller policy or in
domain policy in log on locally or manage auditing
security log policy , local policy of the same domain
controller machine does not get effective.
can any one help
hashmi
Click to expand...
This is expected behaviour, that is the whole idea of *Group* policy -
to not go and tamper with each machine's local policy but rather
configure a bunch of machines with a single action. Policies are applied
in the order:
1) Local
2) Site
3) Domain
4) OU
5) Child OU
....
The next policy applied overwrites the settings made by the previous (in
the common case) and local policy is *always* overwritten. You should
not user local policy on DCs - it complicates the setup and there are
some specific issues that will cause you lots of headaches.

What are you trying to accomplish?
--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
H

hashmisn

Thanks of reply. now even if change through group policy
it is not being effective on local policy. what has gone
wrong and what to do next please.
hashmi
 
M

Marin Marinov

Thanks of reply. now even if change through group policy
it is not being effective on local policy. what has gone
wrong and what to do next please.
hashmi
Click to expand...
<snip>
Sorry for the delayed answer, Hashmi. Could you please explain in more
detail what specifically you are trying to accomplish? I'll give it a
shot anyway ;) I can speculate that you want to give the "Log on
locally" security right to users on a certain server. Keep in mind that
the computer account must be in an OU above (or directly to) which the
GPO where the setting is configured is linked. Also, make sure group
policy inheritance is not blocked at this or parent OU. If the GPO
doesn't "hit" the computer object then the issue you describe will
arise. Check these two first and if you confirm that the GPO should
apply, use gpresult.exe on the client (or RSOP.msc on WinXP and Win2K3)
to see more information on applied GPs.

--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LOCAL POLICY IS NOT EFFECTIVE BY DOMAIN & DOMAIN CONTROLLER POLICY 2
local policy does not get effective by domain policy 1
Domain policy vs local policy 4
child domain logging to parent domain 1
Audit Settings changed Automatically 1
Deny logon locally 1
Domain Controller Security Policy not overriding the Local Security Policy 3
how to allow non-administrators to log on to Domain controllers 7

Top