DCs get their Account Policy, and a couple of other security settings, from any GPO linked to the domain, not necessarily just the Default Domain Policy. If you have no domain-linked policy, then the DCs will just use the local policy they have by default, out of the box. A quick test with my VMWare-2003 DC shows this to be true. The question I would have is, if you set, for example, account policy on one DC to be different than another DC, and there is no domain-linked GPO or its disabled, what happens? Who wins? If I had more than one test DC at the moment, it would be an interesting test. Anyone interested in the experiment?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, March 14, 2004 9:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Group Policy Yes they do. The default domain policy is where your domain security policy is located at. What implications are there for blocking it... I am not sure, never tried... Let us know. :o) ------------- http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shukovsky Jr Sent: Thursday, February 26, 2004 12:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Group Policy Do W2k domain controllers need to process default domain policy as well as default dc policy? If so and the DC's OU is set to block default domain policy what implications will/can this have? thanks in advance. This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
