Good Evening. Reciently I've just taken on a new Sysadmin job with a local company that has a small active active directy network which needs to be 'hardened' with the latest security policy's I've just received. The network consists of a few Windows XP machines and a Windows 2003 server which has been setup as a DC with AD activated. After locking down a stand-alone system, I exported the security script via the MMC and used this script to analyze the local computer policy on one of the local machines that is attached to the domain. After analyzing the workstation through the MMC, I found some settings that needed to be changed, so I went into the Local Security policy through the Admin tools and was not able to change any of the settings. It seems that all of the settings where 'grayed' out and I could not change them. Ex: Enforce Password History - Wanted to change the default to 5 but the password remembered box was grayed out. I've tried logging into the machine as the local administrator account/local computer name and even the domain admin account but I am still unable to change the settings.
After some research, it seems this might be a Group Policy problem, so I opened up the group policy tab in the AD gui on the DC and it was set to the default. Because the machine builds are not the same (some have different software loads then others) I was wondering if there was a way to disable the security policys being pushed down (if this is the case) to the workstations so I can modify the individual workstations without the fear of them being reverted back once I restart the workstations. I'm not very savy in AD as this was what was handed down to me without any passdown so any help would be most appreciated. Thanks..