Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.security,microsoft.public.windows.group_policy (
More info?)
In a default installation the domain policy is linked only to the domain container
and the domain controller policy to only the domain controller. --- Steve
"ajay" <jgrace@digitelusa.net> wrote in message
news:uaSqa0KXEHA.644@tk2msftngp13.phx.gbl...
> ok thanks well tell me this..... im in AD and we have at the domain level
> ...default domain gp and default dc gp linked... Is this default DC gp
> supose to be linked there or only under the OU for DC's could this be my
> problem
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:xvHDc.126337$0y.46952@attbi_s03...
> > No. Never remove your default policies. The domain policy applies to the
> domain while
> > the domain controller policy applies only to the domain controller
> container where
> > all the domain controllers are by default. However any policy setting
> "defined" at
> > the domain level will also apply to the domain controller container if the
> same
> > setting is not defined in the domain controller policy. Note that mostly
> that will
> > only be computer configuration as users by default do not exists in the
> domain
> > controller container, nor should they be moved into it. --- Steve
> >
> >
> > "ajay" <jgrace@digitelusa.net> wrote in message
> > news:u9$yzGHXEHA.556@tk2msftngp13.phx.gbl...
> > > thank you so much for the reply
> > >
> > > i have the default dc policy and the default domain policy added to my
> AD
> > > should i delete or remove the default domain policy and just leave the
> one
> > > for DC
> > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > > news:%gjDc.97952$2i5.69247@attbi_s52...
> > > > By default there are no user configuration settings defined on Group
> > > Policy when you
> > > > set up a domain. Computer/security policy settings are defined mostly
> in
> > > Local
> > > > Security Policy and Domain Controller Security Policy [mainly user
> rights
> > > > assignments] for domain controllers , while domain policy defining
> > > account/password
> > > > policies. What you are talking about seems to be mostly an issue with
> user
> > > group
> > > > membership in that users need to be administrators on their local
> > > computers to do all
> > > > that you mention [in W2K]. If it suits your needs you can add the
> users
> > > domain
> > > > account to their local administrators or power users group on their
> > > computer. You can
> > > > use "restricted groups" in security policy at the OU level to modify
> the
> > > membership
> > > > of the local administrators/power users groups of computers in the OU.
> > > First I would
> > > > try adding users to the Network Configuration Operators group on their
> > > local
> > > > computers to allow them to manage networking properties and consider
> using
> > > Group
> > > > Policy to publish or assign .msi applications to them before letting
> them
> > > all be
> > > > local administrators. Users usually do cry when they can't clutter up
> > > their computers
> > > > with unathorized applications, file swapping programs, chat programs,
> > > spyware,
> > > > etc. --- Steve
> > > >
> > > >
> > > > "ajay" <jgrace@digitelusa.net> wrote in message
> > > > news:O1f%233O6WEHA.1888@TK2MSFTNGP11.phx.gbl...
> > > > > i want to know is there a way to import a default gp for 2000sever
> into
> > > my
> > > > > new 2003 domain ...reason is that with the default domain gp all my
> wks
> > > are
> > > > > lock down (limited access and right ) and i can not seem to raised
> the
> > > > > level example no permisson to manage netowrk settings, make vpn
> > > > > connections, install applications .......this is what i want in the
> > > future
> > > > > but for now im locking laptops down with the 2003 gp and all my
> users a
> > > > > crying .....please help
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Facebook
Twitter
Instagram