?
Solved

Domain Controller Account Policy

Posted on 2011-02-17
6
Medium Priority
?
946 Views
Last Modified: 2012-05-11
We have applied Password Policy on Domain Level. But when we log into (as domain administrator) Domain Controller and run RSOP on that Domain Controller we are unable to see the Account Policies which has been configured. But if we run "Net Accounts" the information comes up fine.Please explain.
0
Comment
Question by:Neo_78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Expert Comment

by:nipponsoul
ID: 34914213
RSOP results against the PCs showing local settings only even though the PCs are logging into the domain. That's why you see different results with Net Accounts.
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 34914487
@NipponSoul: Not quite - the whole point of RSOP is to show the end result of policies applied to a machine, user, or machine/user combination. It will show both local and AD policies.
The RSOP may not show the GPO settings under your test conditions as the GPO may not apply to either the domain admin or DC.
At what level is this policy?
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 34914535
Hi,

In the group policy setting make sure the "domain admin" not applied with deny permission in "Apply group policy"

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html

Check this link for GP security ffiltering..!

Regards,
Prem
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 

Author Comment

by:Neo_78
ID: 34914538
Password Policy has been applied at Domain Level.
0
 

Accepted Solution

by:
Neo_78 earned 0 total points
ID: 35753588
As there is no reply since a long time please close
0
 

Author Closing Comment

by:Neo_78
ID: 35783727
As no reply we are closing
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question