?
Solved

Overriding Default Domain Policy for special cases

Posted on 2008-10-30
2
Medium Priority
?
778 Views
Last Modified: 2013-12-04
In a Windows 2003 AD Environment, I'd like to understand relationship between default domain Policy, and User Account Settings. The perfect example would be : I establish a Default Domain Policy restricting logons for office hours, but on specific cases Maybe I'd need to override this policy for a certain user. What if I go to his account properties and give him afterhours logon permission ? would it override Default Domain Policy ?
0
Comment
Question by:jsonnenvzla2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 22847010
Logon hours are defined on a per-user basis, not via GPO. The only GPO setting that relates to logon hours is "forcibly disconnect users when logon hours expire".

Password and account lockout policy are set at the domain level and cannot be overridden. All other GPO settings in the Default Domain Policy adhere to normal Group Policy processing rules, as described here: http://technet.microsoft.com/en-us/library/cc785665.aspx
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 22904258
Or if you want to (in future) something not to apply to a group of users, create a separate container and move the users there. Have a separate domain policy for that group and all other can have the default domain policy.

Cheers,
Rajesh

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I discuss my selections of the Top Four free Outlook OST File Viewers available. Open, view and read even damaged OST files by using these tools. They all provide a clear preview of all data such as emails, notes, tasks, calendars, e…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month7 days, 21 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question