Security Basics mailing list archives
RE: Group Policy Inheritance
From: "Jeff Gercken" <JeffG () kizan com>
Date: Tue, 28 Feb 2006 16:07:13 -0500
I've implemented an app called Anixis that provides for more granular password policy creation. The policies are replicated in GP and you can have multiple assigned to different users, groups or OUs. Overall I'm quite satisfied with it. If you need multiple password policies, you might consider it. -----Original Message----- From: Ramsdell, Scott [mailto:sramsdell () stinsonmoheck com] Sent: Monday, February 27, 2006 12:37 PM To: ssgill () gilltechnologies com; security-basics () securityfocus com Subject: RE: Group Policy Inheritance Peter, Domain password policy is domain wide and cannot be blocked. As stated by others, the inheritance works as you would expect except for the default domain policy's password settings (at least). I don't know about other settings within the default policy, as I've always only implemented the password and account policies in this policy. Any other policy I want to implement is implemented in other GPOs. Per Microsoft: "There can be only a single password policy for each account database. An Active Directory domain is considered a single account database, as is the local account database on stand-alone computers."
From here:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog ies/directory/activedirectory/stepbystep/strngpw.mspx If you want to set a different password policy for a group of users, administrators for instance, you will unfortunately have to have another domain. You would set the policy in the second domain how you want, then form a trust, and drop the security group from the second domain into the administrators built in security group in the first domain. Note, the administrators built in security group is different from the domain admins group. Regards, Scott -----Original Message----- From: Sarbjit Singh Gill [mailto:ssgill () gilltechnologies com] Sent: Saturday, February 25, 2006 1:15 AM To: security-basics () securityfocus com Subject: RE: Group Policy Inheritance You are right. Domain Policy still applies. -----Original Message----- From: Peter Rodger [mailto:prodger2008 () yahoo com] Sent: Saturday, February 25, 2006 12:43 AM To: security-basics () securityfocus com Subject: Group Policy Inheritance Hi all, If we set block policy inheritance on the child OU, will the domain policy be blocked too (esp. domain password policy)? My understanding is that it only blocks the parent OU policy, not domain policy. Can anyone confirm? Thanks, Peter __________________________________________________ ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- This communication is from a law firm and may contain confidential and/or privileged information. If it has been sent to you in error, please contact the sender for instructions concerning return or destruction, and do not use or disclose the contents to others. ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: Group Policy Inheritance Jeff Gercken (Mar 01)