Sign in with
Sign up | Sign in
Your question

Domain level policy settings precedence

Last response: in Windows 2000/NT
Share
Anonymous
April 20, 2004 9:07:31 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi again,
I wanted to set the following policy on the domain level:

Network security: Do not store LAN Manager hash value on next password
change
Send NTLMv2 response only\refuse LM & NTLM: Clients use NTLMv2
authentication only and use NTLMv2 session security if the server supports
it; domain controllers refuse LM and NTLM (accept only NTLMv2
authentication).

I know that the account policies of the domain take precedence over
everything but is that also true for other settings within the domain wide
policy. I want to be able to override the second setting in a sub OU. Will
I be able to do that??

-SA.
Anonymous
April 21, 2004 5:02:42 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

GPO precedence is a matter of Group Policy processing, and should affect all
extensions and settings equally. Technically the implementation of a
particular extension could break this, but that's probably not an issue.

Regards,

Eric Voskuil
Policy Maker
http://www.autoprof.com/policy


"SA" <nospam@nospam.nospam> wrote in message
news:eCno8txJEHA.628@TK2MSFTNGP11.phx.gbl...
> Hi again,
> I wanted to set the following policy on the domain level:
>
> Network security: Do not store LAN Manager hash value on next password
> change
> Send NTLMv2 response only\refuse LM & NTLM: Clients use NTLMv2
> authentication only and use NTLMv2 session security if the server supports
> it; domain controllers refuse LM and NTLM (accept only NTLMv2
> authentication).
>
> I know that the account policies of the domain take precedence over
> everything but is that also true for other settings within the domain wide
> policy. I want to be able to override the second setting in a sub OU.
Will
> I be able to do that??
>
> -SA.
>
>
!