[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Default Domain Controller Security Settings

Posted on 2009-02-19
6
Medium Priority
?
694 Views
Last Modified: 2012-05-06
If you create a IP security Policy within the Default Domain Controller Security Settings I noticed it becomes available as a GPO that can be applied to OU's
but
I'm scared that if I activate the IP security Policy that it will effect the local server.. So I guess my question is this.. if I create a IP Security Policy within the Default Domain Controller Security Settings does it effect the local machine when activated? If so... how can I create a IP security policy and assign it to an OU and not have it effect the domain controller (local machine)
Thanks
0
Comment
Question by:gevansmdes
  • 2
  • 2
  • 2
6 Comments
 
LVL 15

Expert Comment

by:wantabe2
ID: 23685995
Just don't put the server (DC) in question in the OU the GPO is applied to.
0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 23686063
You can separate your domain controllers into their own OU and not apply the policy there.
Or you can use the GPO DENY function to prohibit the domain controller from applying that policy.
0
 
LVL 13

Accepted Solution

by:
dhoffman_98 earned 2000 total points
ID: 23686070
Also, you can run the RSOP tool in modeling mode to determine whether the policy would apply to your machine even before you link and apply it.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 15

Expert Comment

by:wantabe2
ID: 23686171
Yes, putting DC's in their own OU is very good practice especially if you implament Windows Update Services. Then you can keep all your workstations patched & do the servers manually if needed.
0
 

Author Comment

by:gevansmdes
ID: 23686289
I used the RSOP tool in modeling mode.. results are good and the GPO is applied to the OU I want.. not the entire domain or the domain controller itself. But the IP security policy is not getting applied to the clients in that OU.. I get the following when doing a gpresults -v

        ACL for Public PCs
            Filtering:  Not Applied (Empty)

***** verbos below *****


USER SETTINGS
--------------
    CN=testingpublic,OU=test,DC=mdesad,DC=mdesnet,DC=ms,DC=gov
    Last time Group Policy was applied: 2/19/2009 at 2:20:14 PM
    Group Policy was applied from:      hqsoad001.mdesad.mdesnet.ms.gov
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Workstation Policies - Common
        Digital_Persona
        Workstation Policies - Common
        Domain Workstations - PowerCfg & Admin
        Default Domain Policy
        Domain Workstations - PowerCfg & Admin
        Workstation Policies - Common
        Default Domain Policy
        Domain Workstations - PowerCfg & Admin

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

        ACL for Public PCs
            Filtering:  Not Applied (Empty)
0
 

Author Closing Comment

by:gevansmdes
ID: 31548975
Thank you.. we will move forward on the other post now.. you're seem to be versed in this subject and can fully assist me there.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question