jsonnenvzla2
asked on
Overriding Default Domain Policy for special cases
In a Windows 2003 AD Environment, I'd like to understand relationship between default domain Policy, and User Account Settings. The perfect example would be : I establish a Default Domain Policy restricting logons for office hours, but on specific cases Maybe I'd need to override this policy for a certain user. What if I go to his account properties and give him afterhours logon permission ? would it override Default Domain Policy ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Password and account lockout policy are set at the domain level and cannot be overridden. All other GPO settings in the Default Domain Policy adhere to normal Group Policy processing rules, as described here: http://technet.microsoft.com/en-us/library/cc785665.aspx