Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Group Policy Inheritance

from [Ramsdell, Scott] Network Security [Permanent Link]
Subject: RE: Group Policy Inheritance
Date: Mon, 27 Feb 2006 11:37:23 -0600 
Peter,

Domain password policy is domain wide and cannot be blocked.  As stated
by others, the inheritance works as you would expect except for the
default domain policy's password settings (at least).  I don't know
about other settings within the default policy, as I've always only
implemented the password and account policies in this policy.  Any other
policy I want to implement is implemented in other GPOs.

Per Microsoft: "There can be only a single password policy for each
account database. An Active Directory domain is considered a single
account database, as is the local account database on stand-alone
computers."


From here:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog
ies/directory/activedirectory/stepbystep/strngpw.mspx

If you want to set a different password policy for a group of users,
administrators for instance, you will unfortunately have to have another
domain.

You would set the policy in the second domain how you want, then form a
trust, and drop the security group from the second domain into the
administrators built in security group in the first domain.  Note, the
administrators built in security group is different from the domain
admins group.

Regards,
Scott



-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill@gilltechnologies.com] 
Sent: Saturday, February 25, 2006 1:15 AM
To: security-basics@securityfocus.com
Subject: RE: Group Policy Inheritance

You are right. Domain Policy still applies. 

-----Original Message-----
From: Peter Rodger [mailto:prodger2008@yahoo.com] 
Sent: Saturday, February 25, 2006 12:43 AM
To: security-basics@securityfocus.com
Subject: Group Policy Inheritance

Hi all,

If we set block policy inheritance on the child OU, will the domain
policy
be blocked too (esp. domain password policy)?  My understanding is that
it
only blocks the parent OU policy, not domain policy.  Can anyone
confirm?

Thanks,

Peter

__________________________________________________

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---
 
 
This communication is from a law firm and may contain confidential and/or 
privileged information. If it has been sent to you in error, please contact the 
sender for instructions concerning return or destruction, and do not use or 
disclose the contents to others.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SF new interview announcement: Spreading security awareness for OS X, Kelly Martin
Next by Date:  Re: AD Aware Firewall/Proxy device, William Starling
Previous by Thread:  RE: Group Policy Inheritance, Sarbjit Singh Gill
Next by Thread:  ditscap, Brian Loe
Indexes:  [Date] [Thread] [Top] [All Lists]