Domain Security Policy Versus Domain Controller Security P..

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Can someone please give me a clear definition of the difference between
Domain Security Policy Versus Domain Controller Security Policy. I'm setting
up Audit Policy's and I've set up the same Audit Policy's in Domain Security
Policy and Domain Controller Security Policy. Do I need to setup Audit
Policy's in both the Domain Security Policy and Domain Controller Security
Policy? Am I duplicating event id's?

Thanks,
2 answers Last reply
More about domain security policy versus domain controller security
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Shane wrote:

    > Can someone please give me a clear definition of the difference between
    > Domain Security Policy Versus Domain Controller Security Policy. I'm setting
    > up Audit Policy's and I've set up the same Audit Policy's in Domain Security
    > Policy and Domain Controller Security Policy. Do I need to setup Audit
    > Policy's in both the Domain Security Policy and Domain Controller Security
    > Policy? Am I duplicating event id's?
    >
    > Thanks,

    Domain policies are applied before individual OU policies. An OU policy is the
    last one to be applied (but you can have multiple OUs and multiple policies per
    OU). You aren't duplicating events messages because (among other reasons) the
    policy settings are additive and the last policy that modifies a setting is the
    one that sticks so defining a setting to have a certain value more than once just
    means it takes longer to process the settings.

    The Domain Controller policy exists to allow you to give special policy settings
    to your domain controllers that are independent of the rest of your servers and
    workstations. If you don't really need anythign special defined for your domain
    controllers then the domain policy will suffice however most people at least want
    certain services not needed on th domain controllers to be turned off but the
    same ones left on for workstations so the settings for those services in teh
    domain policy would need to be overridden by settings in the domain controller
    policy.


    hope that helps
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Shane22" wrote:
    > Can someone please give me a clear definition of the
    > difference between
    > Domain Security Policy Versus Domain Controller Security
    > Policy. I'm setting
    > up Audit Policy's and I've set up the same Audit Policy's in
    > Domain Security
    > Policy and Domain Controller Security Policy. Do I need to
    > setup Audit
    > Policy's in both the Domain Security Policy and Domain
    > Controller Security
    > Policy? Am I duplicating event id's?
    >
    > Thanks,

    what do you want to audit specifically?

    Cheers,

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/Active-Directory-Domain-Security-Policy-Versus-Domain-Controller-Security-Pol-ftopict549436.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1739578
Ask a new question

Read More

Policy Domain Security Domain Controller Windows