Local setting vs. Effective setting w/ GP??

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a Password GP setup at the domain level to test on a few users. I
have it setup for passwords to expire every 8 days (for testing purposes).
Well we get a popup screen that states password will expire in 14 days. How
is that, if the domain GP is set to 8 days? I have taken a look at the local
computer policy on my workstation and it states 14 days for the local setting
and 14 days for the effective setting (which should be the GP I applied to
the domain). Now why hasnt the GP at the domain overridden the local policy?
I see that other settings have taken effect. Any suggestions as to why this
is happening? Thanks!
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

local policy affects local account meanwhile domain policy affects domain
accounts.

--
Regards

Matjaz Ladava, ladava.com
MCSA, MCSE, MCT
Microsoft MVP Windows Server - Directory Services
e-mail: matjaz@ladava.com, matjazl@mvps.org

"WetBehindEars" <WetBehindEars@discussions.microsoft.com> wrote in message
news:14545F5B-10F1-425D-9815-4267B91322C8@microsoft.com...
>I have a Password GP setup at the domain level to test on a few users. I
> have it setup for passwords to expire every 8 days (for testing purposes).
> Well we get a popup screen that states password will expire in 14 days.
> How
> is that, if the domain GP is set to 8 days? I have taken a look at the
> local
> computer policy on my workstation and it states 14 days for the local
> setting
> and 14 days for the effective setting (which should be the GP I applied to
> the domain). Now why hasnt the GP at the domain overridden the local
> policy?
> I see that other settings have taken effect. Any suggestions as to why
> this
> is happening? Thanks!
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I understand that, but shouldnt the domain policy override the local?

"Matjaz Ladava [MVP]" wrote:

> local policy affects local account meanwhile domain policy affects domain
> accounts.
>
> --
> Regards
>
> Matjaz Ladava, ladava.com
> MCSA, MCSE, MCT
> Microsoft MVP Windows Server - Directory Services
> e-mail: matjaz@ladava.com, matjazl@mvps.org
>
> "WetBehindEars" <WetBehindEars@discussions.microsoft.com> wrote in message
> news:14545F5B-10F1-425D-9815-4267B91322C8@microsoft.com...
> >I have a Password GP setup at the domain level to test on a few users. I
> > have it setup for passwords to expire every 8 days (for testing purposes).
> > Well we get a popup screen that states password will expire in 14 days.
> > How
> > is that, if the domain GP is set to 8 days? I have taken a look at the
> > local
> > computer policy on my workstation and it states 14 days for the local
> > setting
> > and 14 days for the effective setting (which should be the GP I applied to
> > the domain). Now why hasnt the GP at the domain overridden the local
> > policy?
> > I see that other settings have taken effect. Any suggestions as to why
> > this
> > is happening? Thanks!
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Password policies do not override local policies. They behave differently.
If you want to control local password policies, then create a GPO for
passwords at OU level holding your computer accounts



--
Regards

Matjaz Ladava, ladava.com
MCSA, MCSE, MCT
Microsoft MVP Windows Server - Directory Services
e-mail: matjaz@ladava.com, matjazl@mvps.org



"WetBehindEars" <WetBehindEars@discussions.microsoft.com> wrote in message
news:FB91636A-B444-4E65-96B8-5CDAAE8FB6FD@microsoft.com...
>I understand that, but shouldnt the domain policy override the local?
>
> "Matjaz Ladava [MVP]" wrote:
>
>> local policy affects local account meanwhile domain policy affects domain
>> accounts.
>>
>> --
>> Regards
>>
>> Matjaz Ladava, ladava.com
>> MCSA, MCSE, MCT
>> Microsoft MVP Windows Server - Directory Services
>> e-mail: matjaz@ladava.com, matjazl@mvps.org
>>
>> "WetBehindEars" <WetBehindEars@discussions.microsoft.com> wrote in
>> message
>> news:14545F5B-10F1-425D-9815-4267B91322C8@microsoft.com...
>> >I have a Password GP setup at the domain level to test on a few users.
>> >I
>> > have it setup for passwords to expire every 8 days (for testing
>> > purposes).
>> > Well we get a popup screen that states password will expire in 14 days.
>> > How
>> > is that, if the domain GP is set to 8 days? I have taken a look at the
>> > local
>> > computer policy on my workstation and it states 14 days for the local
>> > setting
>> > and 14 days for the effective setting (which should be the GP I applied
>> > to
>> > the domain). Now why hasnt the GP at the domain overridden the local
>> > policy?
>> > I see that other settings have taken effect. Any suggestions as to why
>> > this
>> > is happening? Thanks!
>>
>>
>>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Local policy, and any other level of GPO policy in *this* specific case,
only affects computers. The domain policy is different -you're logging onto
the domain not your local PC, hence where it can only be set.

What does this mean? Basically, for domain passwords set the policy at the
domain level. Set it anywhere else and it will only apply to the local
machines, that is, local logons on to member servers or domain computers.

Hopefully this can explain things a bit:
-- http://www.msresource.net/content/view/36/46/


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"WetBehindEars" <WetBehindEars@discussions.microsoft.com> wrote in message
news:FB91636A-B444-4E65-96B8-5CDAAE8FB6FD@microsoft.com...
I understand that, but shouldnt the domain policy override the local?

"Matjaz Ladava [MVP]" wrote:

> local policy affects local account meanwhile domain policy affects domain
> accounts.
>
> --
> Regards
>
> Matjaz Ladava, ladava.com
> MCSA, MCSE, MCT
> Microsoft MVP Windows Server - Directory Services
> e-mail: matjaz@ladava.com, matjazl@mvps.org
>
> "WetBehindEars" <WetBehindEars@discussions.microsoft.com> wrote in message
> news:14545F5B-10F1-425D-9815-4267B91322C8@microsoft.com...
> >I have a Password GP setup at the domain level to test on a few users. I
> > have it setup for passwords to expire every 8 days (for testing
> > purposes).
> > Well we get a popup screen that states password will expire in 14 days.
> > How
> > is that, if the domain GP is set to 8 days? I have taken a look at the
> > local
> > computer policy on my workstation and it states 14 days for the local
> > setting
> > and 14 days for the effective setting (which should be the GP I applied
> > to
> > the domain). Now why hasnt the GP at the domain overridden the local
> > policy?
> > I see that other settings have taken effect. Any suggestions as to why
> > this
> > is happening? Thanks!
>
>
>