snoopaloop
asked on
Group Policy Objects: Default Domain GPO and Default Domain Controller GPO
http://searchwindowsserver.techtarget.com/tip/0,289483,sid68_gci960369_mem1,00.html
http://searchwinit.techtarget.com/tip/0,289483,sid1_gci959361_mem1,00.html
I read up on improving the two GPOs due to RIM (Blackberry) requesting that I establish the BES account as a service and allow log on locally for the BES account too. They mention not to have the BES account as a Domain Admin but I digress. Anyway, I was about to place at the "Default Domain Policy" as the guy was encouraging me to do so then I thought wtf I'm doing. So I have a time out of sorts to research where do I place the GPO and who should it apply to. Also, what accounts should be included. Anyway, I just opened pandora's so all this is a bit too overwhelming and I would appreciate some baby steps in resolving this issue of what exactly goes into the "log on as a service" and "log on locally" and where should it be applied? I guess I'm worried of breaking something if the accounts are applied and the servers require some other account. Attached are some pics as I am very much a visual person.
EE1.jpg
EE2.jpg
http://searchwinit.techtarget.com/tip/0,289483,sid1_gci959361_mem1,00.html
I read up on improving the two GPOs due to RIM (Blackberry) requesting that I establish the BES account as a service and allow log on locally for the BES account too. They mention not to have the BES account as a Domain Admin but I digress. Anyway, I was about to place at the "Default Domain Policy" as the guy was encouraging me to do so then I thought wtf I'm doing. So I have a time out of sorts to research where do I place the GPO and who should it apply to. Also, what accounts should be included. Anyway, I just opened pandora's so all this is a bit too overwhelming and I would appreciate some baby steps in resolving this issue of what exactly goes into the "log on as a service" and "log on locally" and where should it be applied? I guess I'm worried of breaking something if the accounts are applied and the servers require some other account. Attached are some pics as I am very much a visual person.
EE1.jpg
EE2.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks! I just applied the settings log on locally and log on as a service on the BES member server itself. I will start re-evaluating though how we apply these GPO in the future.
ASKER
nope
ASKER