Is default domain policy applied to domain controllers?

Posted on 2005-05-10
Last Modified: 2010-04-14
Is the default domain policy applied to domain controllers? or do domain controllers simply take there settings from the default domain controller policy?
Question by:machealth

    Expert Comment

    Domain controllers take there settings from the default domain controller policy unless you have specified another group policy that takes precedence over the default domain controller policy. If you change the settings on one domain controller, it will automatically be changed on all domain controllers no matter where a domain controller is placed, under any OU.
    LVL 35

    Expert Comment

    by:Nick Sui
    >>>Is the default domain policy applied to domain controllers? or do domain controllers simply take there settings from the default domain controller policy?

    First of all there is nothing to apply for computer accounts from Default Domain Policy because by default, no settings are configured in Computer Configuration in Default Domain Policy. Yes default domain policy applies to all objects because according to the policy rule Parent policy applies to all child objects and child ous.

    Generally domain controller's policy is defined in the Domain Controllers OU itself (Is already created when you promote your server to domain controller). Domain Controller's setting is applied for all objects in this ou and by default, Domain Controller's  Computer Account is created and moved in this OU so policy configured at Domain Controllers OU is applied to all domain controller's computer account and not user and ordinary computer account.

    LVL 14

    Accepted Solution

    As I recall, the Domain Controllers policy may have Block Inheritance applied by default.  Check that to make sure.  If it does, any policies you configure in the Default Domain Policy under Computer Config will *not* be applied by DCs, unless you check No Override on the Default Domain Policy.

    Excepting, of course, Account Policies, which are applied by the highest priority GPO at the domain level (top in the list), and are applied everywhere regardless of any Block Inheritance settings or conflicting Account Policy policies at other GPO levels.
    LVL 14

    Expert Comment

    I'm glad I worded that the way I did.  I've gotten home and checked, and no, the Domain Controllers OU does not have Block Inheritance checked.

    I think SystmProg deserves those points more than I do.
    LVL 35

    Expert Comment

    by:Nick Sui
    That was just a basic concept. Nice work ckratsch.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now