roy_batty
asked on
Help with ADSI edit
I am working my way through a UK government document that details various recommended group policy settings to ensure our system meets their guidelines.
I have reached a section that I am not familiar with. I think I need to use ADSIedit here.
It says :
CN=System > CN=Password Settings Container > CN=Granular Password Settings Users
It then details various settings.
I found the first two CNs and then manually created the "Granular Password Settings Users" object.
I then added the settings it suggested but at the bottom it says that I need to apply this to Domain Users.
How do I apply these settings to domain users? I then have a similar selection of settings that should apply to Domain Admins.
I have reached a section that I am not familiar with. I think I need to use ADSIedit here.
It says :
CN=System > CN=Password Settings Container > CN=Granular Password Settings Users
It then details various settings.
I found the first two CNs and then manually created the "Granular Password Settings Users" object.
I then added the settings it suggested but at the bottom it says that I need to apply this to Domain Users.
How do I apply these settings to domain users? I then have a similar selection of settings that should apply to Domain Admins.
ASKER
I appreciate that I can do this with GPOs but how does this apply the settings I created in ADSIedit?
I'm sorry, I misinterpreted what you stated. In ADsiedit Right-click the "Granular Password Settings Users" object you created>Properties>Securit y tab. Add Domain Admins if they are not there. Highlight Domain Admins, at the bottom Permissions for Domain Admins(scroll down until you see "Apply group Policy" put a tick inside Allow
ASKER
OK. I cant see "Apply group Policy" in the security tab or in advanced either.
In ADsiedit, the new policy you created, right-click that and click properties. The next box will have a security tab. You are not able to see any of that?
ASKER
I can see the security tab and Domain Admins is already in there but when I scroll down I cant see a check box marked "Apply group policy"
Highlight Domain Admins then click edit
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Roy,
I was able to do it where I mentioned to you because I have Enterprise and Schema admin rights. If you don't have those rights you may have to reference the document David posted to get your end result.
I was able to do it where I mentioned to you because I have Enterprise and Schema admin rights. If you don't have those rights you may have to reference the document David posted to get your end result.
ASKER
Great thanks for the help
In Group Policy Management double click on the policy >delegation tab>Add Domain Admins(if they are not there) click the advanced button and highlight Domain admins again. In the bottom pain click Apply group policy on the "Allow" side