• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 370
  • Last Modified:

Is default domain policy applied to domain controllers?

Is the default domain policy applied to domain controllers? or do domain controllers simply take there settings from the default domain controller policy?
0
machealth
Asked:
machealth
  • 2
  • 2
1 Solution
 
truluCommented:
Domain controllers take there settings from the default domain controller policy unless you have specified another group policy that takes precedence over the default domain controller policy. If you change the settings on one domain controller, it will automatically be changed on all domain controllers no matter where a domain controller is placed, under any OU.
0
 
Nirmal SharmaSolution ArchitectCommented:
>>>Is the default domain policy applied to domain controllers? or do domain controllers simply take there settings from the default domain controller policy?

First of all there is nothing to apply for computer accounts from Default Domain Policy because by default, no settings are configured in Computer Configuration in Default Domain Policy. Yes default domain policy applies to all objects because according to the policy rule Parent policy applies to all child objects and child ous.

Generally domain controller's policy is defined in the Domain Controllers OU itself (Is already created when you promote your server to domain controller). Domain Controller's setting is applied for all objects in this ou and by default, Domain Controller's  Computer Account is created and moved in this OU so policy configured at Domain Controllers OU is applied to all domain controller's computer account and not user and ordinary computer account.

SystmProg
0
 
ckratschCommented:
As I recall, the Domain Controllers policy may have Block Inheritance applied by default.  Check that to make sure.  If it does, any policies you configure in the Default Domain Policy under Computer Config will *not* be applied by DCs, unless you check No Override on the Default Domain Policy.

Excepting, of course, Account Policies, which are applied by the highest priority GPO at the domain level (top in the list), and are applied everywhere regardless of any Block Inheritance settings or conflicting Account Policy policies at other GPO levels.
0
 
ckratschCommented:
I'm glad I worded that the way I did.  I've gotten home and checked, and no, the Domain Controllers OU does not have Block Inheritance checked.

I think SystmProg deserves those points more than I do.
0
 
Nirmal SharmaSolution ArchitectCommented:
That was just a basic concept. Nice work ckratsch.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now