dissolved
asked on
Active Directory questions (3)
Throwing around a few ideas on how to migrate to Active Directory. We have a lot of different organizations that need different levels of security. Should I start off defining the Domain Security Policy. Then hit each OU with a GPO from there?
1.We are going to have about 20 OUs, all needing differnet security. I can define basic things in the "domain security policy" then over ride it (WHEN NEEDED) with a GPO on the respective OU? Can I do this with the password policy as well? Some OUs wont need strict password policies.
2. Is it true, that if a policy is NOT defined in the Domain Security Policy(or any other GPO) then any local setting will be applied? I know local settings are applied last and that domain policy over rides local. However, if things arent defined on the domain level, but ARE defined at the local level, then the local policy will take effect correct?
3. Is it true that the default domain policy GPO that comes installed by default (called default domain policy), is the same as the DOMAIN SECURITY POLICY snap in. Editing either will change both?
Thank you
1.We are going to have about 20 OUs, all needing differnet security. I can define basic things in the "domain security policy" then over ride it (WHEN NEEDED) with a GPO on the respective OU? Can I do this with the password policy as well? Some OUs wont need strict password policies.
2. Is it true, that if a policy is NOT defined in the Domain Security Policy(or any other GPO) then any local setting will be applied? I know local settings are applied last and that domain policy over rides local. However, if things arent defined on the domain level, but ARE defined at the local level, then the local policy will take effect correct?
3. Is it true that the default domain policy GPO that comes installed by default (called default domain policy), is the same as the DOMAIN SECURITY POLICY snap in. Editing either will change both?
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
They are the same. Defining one should reflect changes on the other. (BTW, points should go to snakebyte as he answered most of the questions here).
ASKER
The snap in "Domain Security Policy" is the same as the Default Domain Policy (when you right click on your Domain name and go to the GPO tab). Defining a policy in one, will make it defined in the other? In other words, they are/do the same thing? Kind of confused on this.
Thanks!