Tuesday, February 9, 2010

Applying Selected Domain and Domain Controller Policy Settings

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The changed security policy settings that are recommended in this chapter apply to either the Default Domain Policy or the Default Domain Controllers Policy. After you have selected the list of settings that you want to update for your deployment, based on business considerations and the requirements for your environment, the method that you use to make the necessary changes depends on the specific policy or settings that you want to update.

To accommodate APIs from previous versions of the operating system that make changes directly to default GPOs, changes to the following security policy settings must be made directly in the Default Domain Policy GPO or in the Default Domain Controllers Policy GPO:

  • Default Domain Security Policy Settings:

    • Password Policy

    • Domain Account Lockout Policy

    • Domain Kerberos Policy

  • Default Domain Controller Security Policy Settings:

    • User Rights Assignment Policy

    • Audit Policy

Table 22 lists the Active Directory locations where the default policies are applied, the type of settings in each default policy, and the method for applying the recommended changes to the Group Policy settings. Read more

No comments:

Post a Comment