We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
How do I prevent domain admins from acquiring enforced group policy settings on a entire domain?
Posted on 2009-07-03
I have an active directory domain that has a Standard Domain Policy which is set to "enforced".
Recently, changes were made to the USER configuration of the policy (Do not permit changing proxy settings) and this seemed to work well, however, domain admins have advised that the policy has also applied to them.
Two things I should point out;
-It's not really necessary for domain admins to have the "Standard Domain Options" apply to them at all.
-The domain policy needs to remain "enforced".
I have toyed with security filtering and cannot seem to get around this.
Any thoughts?
Thanks!
Lab_Tech
Recently, changes were made to the USER configuration of the policy (Do not permit changing proxy settings) and this seemed to work well, however, domain admins have advised that the policy has also applied to them.
Two things I should point out;
-It's not really necessary for domain admins to have the "Standard Domain Options" apply to them at all.
-The domain policy needs to remain "enforced".
I have toyed with security filtering and cannot seem to get around this.
Any thoughts?
Thanks!
Lab_Tech
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4 Comments
You could create an OU in Active Directory and block inheritance on this OU but link the Domain Policy to the new OU so that it remains enforced.
Since the policy is set to enforced it will win over block inheritance. What happened when you tried the security filtering route
http://adisfun.blogspot.co
I'm guessing your users are spread across multiple OUs and that is why the policy is linked at the domain level.
Thanks
Mike
http://adisfun.blogspot.co
I'm guessing your users are spread across multiple OUs and that is why the policy is linked at the domain level.
Thanks
Mike
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008.
Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.
Log onto the new domain controller with a user account t…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month7 days, 1 hour left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
623 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.