Throwing around a few ideas on how to migrate to Active Directory. We have a lot of different organizations that need different levels of security. Should I start off defining the Domain Security Policy. Then hit each OU with a GPO from there?
1.We are going to have about 20 OUs, all needing differnet security. I can define basic things in the "domain security policy" then over ride it (WHEN NEEDED) with a GPO on the respective OU? Can I do this with the password policy as well? Some OUs wont need strict password policies.
2. Is it true, that if a policy is NOT defined in the Domain Security Policy(or any other GPO) then any local setting will be applied? I know local settings are applied last and that domain policy over rides local. However, if things arent defined on the domain level, but ARE defined at the local level, then the local policy will take effect correct?
3. Is it true that the default domain policy GPO that comes installed by default (called default domain policy), is the same as the DOMAIN SECURITY POLICY snap in. Editing either will change both?