Archived from groups: microsoft.public.win2000.group_policy (
More info?)
Thanks!
"Ken B" <none@microsoft.com> wrote in message
news:ep4U%23ulpEHA.1576@TK2MSFTNGP12.phx.gbl...
> If it applied, it should always apply until changed, or the computer is
> dis-joined from the domain.
>
> Ken
>
>
> "djc" <noone@nowhere.com> wrote in message
> news:O7KbUblpEHA.2948@TK2MSFTNGP11.phx.gbl...
> > Thanks Kevin... I'll check out the links you provided as well. I have a
> > related question though:
> > When policy is applied to a computer account and effects the machines
> local
> > policy when logged on to locally as you stated before in your
> > clarification... does this local policy still take effect when the
machine
> > is not connected (physically unplugged) to the network?
> >
> > thanks agian.
> >
> > "Kevin Sullivan" <ksullivan@autoprof.com> wrote in message
> > news:Oj$KLBkpEHA.536@TK2MSFTNGP11.phx.gbl...
> > > 1) you are correct with your first statement. One piece of
> clarification.
> > > Account policy configuration applied at any level (OU) below the
domain
> > > level will configure the 'local account policy settings'. This means
if
> a
> > > computer account is the recipient of the account policy applied at a
> level
> > > other than the Default Domain Policy the settings will take affect
when
> > > logging on locally.
> > >
> >
>
(http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-u
> > >
> >
>
s/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prdp_
> > > log_csiq.asp)
> > > 2) Block policy inheritance should not block the domain level account
> > > policies. I have not tested this but believe this to be true. I am
> curious
> > > if anyone finds different information.
> > > (http://support.microsoft.com/default.aspx?scid=kb;en-us;255550) I
think
> > one
> > > main point here is that Domain Controllers behave a bit differently
than
> > > other systems on the network. Since they share the NTDS.dit and there
> > needs
> > > to be a mechanism to ensure consistency across these replicas.
> > >
> > > HTH
> > >
> > > Kevin
> > > AutoProf
> > >
http://www.autoprof.com/policy
> > >
> > > "djc" <noone@nowhere.com> wrote in message
> > > news:ukthXzipEHA.3668@TK2MSFTNGP15.phx.gbl...
> > > > I understand that account options like password policies, and
account
> > > > lockouts, etc... configured at the domain level are the only user
> > account
> > > > policies actually applied... meaning if a lower level container had
a
> > > > conflicting policy configured it would not change the domain level
> > one...
> > > >
> > > > 1) please correct me if I'm wrong with my statement above
> > > > 2) if a lower level container has the Block Policy Inheritance
option
> > set
> > > > will the domain level user account policies still be applied? or
would
> > the
> > > > Block Policy Inheritance actually block them?
> > > >
> > > > any info is appreciated... thanks.
> > > >
> > > >
> > >
> > >
> >
> >
>
>