Solved

Overriding Default Domain Policy for special cases

Posted on 2008-10-30
2
777 Views
Last Modified: 2013-12-04
In a Windows 2003 AD Environment, I'd like to understand relationship between default domain Policy, and User Account Settings. The perfect example would be : I establish a Default Domain Policy restricting logons for office hours, but on specific cases Maybe I'd need to override this policy for a certain user. What if I go to his account properties and give him afterhours logon permission ? would it override Default Domain Policy ?
0
Comment
Question by:jsonnenvzla2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 22847010
Logon hours are defined on a per-user basis, not via GPO. The only GPO setting that relates to logon hours is "forcibly disconnect users when logon hours expire".

Password and account lockout policy are set at the domain level and cannot be overridden. All other GPO settings in the Default Domain Policy adhere to normal Group Policy processing rules, as described here: http://technet.microsoft.com/en-us/library/cc785665.aspx
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 125 total points
ID: 22904258
Or if you want to (in future) something not to apply to a group of users, create a separate container and move the users there. Have a separate domain policy for that group and all other can have the default domain policy.

Cheers,
Rajesh

0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question