Domain controller vs domain security policy

It appears as though the 'Domain security policy' takes precedence over 'Domain Controller security policy' when I rename my administrator account.  I put a different username in each, and the 'Domain security policy' wins out.  This seems counter intuitive.  If I'm logging on to the Domain Controller with the admin account, shouldn't the 'Domain Controller security policy' have precedence?  If anyone can explain this, it would be appreciated.  
LVL 2
bleujaegelAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WeHeCommented:
is "enforce" deactivated for the "Default Domain Policy"?
is "block policy inheritance" activated on the Servers container?
try gpmc to analyse, which gpo does where what and why.
0
bleujaegelAuthor Commented:
I just tried everything that you mentioned.  I even rebooted to make sure it refreshed.  Still no luck.  I've tried everything, yet the 'Default Domain policy' always wins out.
0
Netman66Commented:
The Domain Controller Policy should be thought of as a local policy is to a worstation.  That being said, the Domain Policy should (and does) override all Account-based settings you make.  This is by design and cannot be blocked.

The only thing to keep in mind about what you have experienced is that ALL (no exceptions) Account Settings are controlled strictly by the Default Domain Policy as log as you are using Domain credentials to log in.  

Almost every other setting unrelated to Accounts can be blocked, overridden or changed further into the OU structure by different policies.  The closest Policy to the object (with repect to logical structure) applies unless a higher policy is set to, "No Override".

Hope this helps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

WeHeCommented:
@Netman66: you can block all policies, including the Defaults one. the only settings in "default domain policy" which are not blockable are the  account settings for the domain, like pwd complexity, lenght and how long till pwd change.
0
Netman66Commented:
WeHe,  

If you read my post again you'll see that's what I said.  

0
WeHeCommented:
than sorry, it reads wrong for me.
i think "rename administrator" is overrideable by other policies.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.